现在这木马 还是病毒 还是恶意软件 的..我也说不清楚了..恶意破坏程序
现在我系统瑞星2008防火墙废了
瑞星开也没用 垃圾程序自动执行还设置了脚本 瑞星检测到了也没用 自动给你点确定!!!
靠靠靠!!!!智能实验室－杀马(Defendio)也杀不出什么东西
求强人帮忙
现在只要是反恶意软件 反病毒 反木马 80%失灵 还有15%直接出错  能用的也检测不出什么

[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

http://down5.kekewg.com/kekewg/20070801/mxdsg33.exe
下载地址

其中一个DLL任何杀软都查不出来

引用:

【格式化病毒中的贴子】http://down5.kekewg.com/kekewg/20070801/mxdsg33.exe 下载地址 ………………

那个自解压包里有马。挺垃圾的马。
SRENG日志所见异常如下：




启动项目
注册表

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A372ADBE-1327-415B-C424-CDF1247C1326}><cifnom.DLL>  []
    <{13B917BC-1B9D-1F8E-2377-27662B472F0D}><C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll>  []

==================================
驱动程序

[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><N/A>


==================================
正在运行的进程


[PID: 3004 / baohelin][C:\Program Files\Lenovo\Client Security Solution\cssauth.exe]  [Lenovo Group Limited, 7.00.0052.00]
 

    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 3812 / baohelin][C:\windows\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
 
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 256 / baohelin][C:\windows\system32\TpShocks.exe]  [Lenovo, Ltd. and IBM Corporation., 1, 4, 1, 0]
   

    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
[PID: 764 / baohelin][C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe]  [Lenovo Group Limited, 1, 0, 0, 1]
   

    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]

[PID: 2860 / baohelin][C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe]  [N/A, ]
   

    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 2464 / baohelin][C:\Program Files\Picasa2\PicasaMediaDetector.exe]  [Google Inc., 2.1.0]
   

    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 2968 / baohelin][C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe]  [Utimaco Safeware AG, 1.19.0.1]
   

    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]


[PID: 3880 / baohelin][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]


    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
[PID: 3488 / baohelin][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6, 0, 0, 20]
 

    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 4004 / baohelin][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
   

    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
[PID: 284 / baohelin][C:\Program Files\Tiny Firewall Pro\amon.exe]  [Computer Associates International, Inc., 6.5.3.2]
 
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
[PID: 3080 / baohelin][C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe]  [Adobe Systems Inc., 6.0.0.2003040700]
 
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 3096 / baohelin][C:\Program Files\Digital Line Detect\DLG.exe]  [BVRP Software, 1, 0, 0, 1]
 
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 3220 / baohelin][C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe]  [Lenovo Group Limited, 2.0.0]
 
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
[PID: 1860 / baohelin][C:\Program Files\SRENG\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
 
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
[PID: 3768 / baohelin][C:\WINDOWS\system32\shadow\ShadowTip.exe]  [PowerShadow, 1, 0, 0, 1]
   
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
[PID: 2644 / baohelin][C:\DOCUME~1\baohelin\LOCALS~1\Temp\sysnan.exe]  [, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\NPPTools.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
 
[PID: 3308 / baohelin][C:\windows\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
   
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
   
[PID: 2828 / baohelin][C:\Program Files\Tiny Firewall Pro\tralogan.exe]  [Computer Associates International, Inc., 6.0.0.17]
   
    [C:\DOCUME~1\baohelin\LOCALS~1\Temp\wmsjxx1kml.dll]  [N/A, ]
    [C:\windows\system32\cifnom.DLL]  [N/A, ]
 

==================================
进程特权扫描

特殊特权被允许： SeLoadDriverPrivilege [PID = 2644, C:\DOCUME~1\BAOHELIN\LOCALS~1\TEMP\SYSNAN.EXE]

禁止进程创建。清理干净被插进程后，即可删除那些木马文件（图）。
这马的垃圾之处在于：那个npf.sys要现装，很容易被用户发现。禁止它装，就没戏了。汗！

提醒楼主一句：外挂一般都是“脏”的。

可以在进程里禁止创建，再找到这个病毒文件手动删除它！