瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手快来帮帮我啊。急!!!!!!!!!!!!!!!!

1   1  /  1  页   跳转

高手快来帮帮我啊。急!!!!!!!!!!!!!!!!

收藏
xiaoqianghaha
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-11-02
  • 来自:
发表于: 2007-11-02 13:48 | 只看楼主 短消息 资料
字号: 1楼

高手快来帮帮我啊。急!!!!!!!!!!!!!!!!

我的电脑中毒了,有两个进程umqhool.exe \  mavlatna.exe.听说那个是AV的变种,电脑用AV 终结者杀过了,还是不行,不知道为什么杀不了。而且所有的进程都打不开,打开时是以文档的方式,我该怎么做?
比如说我要玩游戏的话,快捷方式打开的都是文档。开机时运行的卡巴显示的也是文档方式。
有机会我上穿样本!

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
最后编辑2007-11-02 14:34:53
分享到:
gototop
 
千寻旅
头像
社区嘉宾
  • 帖子:2910
  • 注册: 2007-08-17
  • 来自:
发表于: 2007-11-02 13:49 | 短消息 资料
字号: 2楼

下载 System Repair Engineer系统扫描工具软件,下载地址如下:
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法:
1、解压缩所下载的sreng2.zip压缩包;
2、打开已经解压缩的SRENG文件夹,双击运行其中的SREngPS.exe;
3、依次按“智能扫描”、“扫描”、“保存报告”,将日志保存到硬盘上;
4、找到并打开日志,把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上,不要修改地传上来(日志很长,一个帖子搞不完,请手动将全部内容在同一个主题帖下分多个回复帖子传上来)。
友情提示:
1、扫描日志前请先关闭所有打开的软件(如QQ、迅雷等下载程序什么的程序)和IE窗口(请注意,是关闭而不是最小化窗口)
2、注意在没有进一步提示前,请勿用SRENG工具胡乱修复,否则系统可能变的情况更糟。
3、SRENG操作图文详解:http://forum.ikaka.com/topic.asp?board=201&artid=8343881
gototop
 
xiaoqianghaha
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2007-11-02
  • 来自:
发表于: 2007-11-02 13:52 | 只看楼主 短消息 资料
字号: 3楼

C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe

C:\Program Files\Common Files\System\umqhool.exe
<rosftpm><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
        <jbrrjmm><C:\Program Files\Common Files\System\umqhool.exe>      []
        <avpms><C:\Program Files\NetMeeting\avpms.exe>      []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
        <AppInit_DLLs><kvmxfma.dll>      []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
        <IFEO[360rpt.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
        <IFEO[360Safe.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
        <IFEO[360tray.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
        <IFEO[adam.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
        <IFEO[AgentSvr.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
        <IFEO[AppSvc32.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe]
        <IFEO[ArSwp.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
        <IFEO[AST.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
        <IFEO[autoruns.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe]
        <IFEO[AvastU3.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
        <IFEO[avconsol.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
        <IFEO[avgrssvc.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
        <IFEO[AvMonitor.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
        <IFEO[avp.com]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
        <IFEO[avp.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
        <IFEO[CCenter.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
        <IFEO[ccSvcHst.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
        <IFEO[EGHOST.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
        <IFEO[FileDsty.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
        <IFEO[FTCleanerShell.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
        <IFEO[FYFireWall.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe]
        <IFEO[ghost.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
        <IFEO[HijackThis.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
        <IFEO[IceSword.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
        <IFEO[iparmo.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
        <IFEO[Iparmor.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe]
        <IFEO[irsetup.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
还有很多很多啊。
gototop
 
日不懂啊
头像
叱咤花甲狮
  • 帖子:14337
  • 注册: 2007-03-08
  • 来自:江苏南京
发表于: 2007-11-02 14:45 | 短消息 资料
字号: 4楼

LZ,找到C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe
压缩加密发送到我的邮箱,我测试下~~
地址在签名,谢谢
弄出来了,给你回复
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT