一个奇怪的病毒，无法下载最新病毒库查杀不了 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛一个奇怪的病毒，无法下载最新病毒库查杀不了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

一个奇怪的病毒，无法下载最新病毒库查杀不了

900711 初生襁褓狮帖子:3 注册: 2008-04-22 来自:	发表于： 2008-04-22 23:19 \| 只看楼主短消息资料字号：小中大 1楼一个奇怪的病毒，无法下载最新病毒库查杀不了不知道怎么了。好象就中了一个奇怪的病毒，在msconfig下只有正常的启动，利用冰刃却发现了一个怪异的启动，注意。是地址怪异。下载任意文件都是ie闪一下，然后整个ie消失,! 也就是卡掉! 重起电脑后准备还原，是深度v11还原，无法还原，启动后提示找不到Autochk.exe。然后在在日志中发现以下信息. 发生应用程序意外错误: 应用程序: C:\Program Files\Internet Explorer\iexplore.exe (pid=3828) 时间: 2008-4-22 @ 22:47:17.812 意外情况编号: c0000005 (访问侵犯) ----> 系统信息 <---- 计算机名: 7598FD89E50A4F7 用户名: Administrator 终端会话 Id: 0 处理器数量: 2 处理器类型: x86 Family 6 Model 15 Stepping 13 Windows 版本: 5.1 当前内部版本号: 2600 Service Pack: 2 当前类型: Multiprocessor Free 注册的单位: 微软中国注册的所有者: 微软用户 ----> 任务列表 <---- 0 System Process 4 System 572 smss.exe 628 csrss.exe 652 winlogon.exe 696 services.exe 708 lsass.exe 876 svchost.exe 944 svchost.exe 1040 svchost.exe 1120 svchost.exe 1180 svchost.exe 1420 spoolsv.exe 1624 Explorer.EXE 1688 AntiU.exe 1712 AST.exe 848 stormliv.exe 996 nvsvc32.exe 1016 sessmgr.exe 1812 alg.exe 3828 iexplore.exe 2528 drwtsn32.exe ----> 模块清单 <---- (0000000000400000 - 0000000000419000: C:\Program Files\Internet Explorer\iexplore.exe (0000000000f40000 - 0000000000f9f000: C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll (0000000000ff0000 - 0000000001019000: C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll (0000000001100000 - 000000000117c000: C:\WINDOWS\system32\shdoclc.dll (00000000018c0000 - 0000000001a57000: F:\ast\ast\SecAddons.dll (0000000001a60000 - 0000000001fa9000: C:\WINDOWS\system32\xpsp2res.dll (00000000036b0000 - 00000000036c7000: C:\WINDOWS\system32\odbcint.dll (00000000070d0000 - 000000000710b000: C:\WINDOWS\system32\WMASF.DLL (00000000086d0000 - 0000000008917000: C:\WINDOWS\system32\WMVCore.DLL (00000000096c0000 - 000000000973a000: C:\WINDOWS\system32\Audiodev.dll (0000000010000000 - 0000000010040000: F:\ast\ast\AST.dll (0000000020000000 - 000000002000f000: C:\WINDOWS\system32\browselc.dll (0000000022e20000 - 0000000022e2d000: C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll (0000000022e50000 - 0000000022e5d000: C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll (00000000325c0000 - 00000000325d2000: C:\Program Files\Microsoft Office\OFFICE11\msohev.dll (000000005adc0000 - 000000005adf7000: C:\WINDOWS\system32\uxtheme.dll (000000005d170000 - 000000005d20a000: C:\WINDOWS\system32\comctl32.dll (000000005fdd0000 - 000000005fe24000: C:\WINDOWS\system32\NETAPI32.dll (0000000060fd0000 - 0000000061025000: C:\WINDOWS\system32\hnetcfg.dll (0000000062c20000 - 0000000062c29000: C:\WINDOWS\system32\LPK.DLL (00000000719c0000 - 00000000719fe000: C:\WINDOWS\system32\mswsock.dll (0000000071a00000 - 0000000071a08000: C:\WINDOWS\System32\wshtcpip.dll (0000000071a10000 - 0000000071a18000: C:\WINDOWS\system32\WS2HELP.dll (0000000071a20000 - 0000000071a37000: C:\WINDOWS\system32\WS2_32.dll (0000000071a40000 - 0000000071a4b000: C:\WINDOWS\system32\wsock32.dll (0000000071a90000 - 0000000071aa2000: C:\WINDOWS\system32\MPR.dll (0000000071b70000 - 0000000071b83000: C:\WINDOWS\System32\SAMLIB.dll (0000000071b90000 - 0000000071b9e000: C:\WINDOWS\System32\ntlanman.dll (0000000071c00000 - 0000000071c07000: C:\WINDOWS\System32\NETRAP.dll (0000000071c10000 - 0000000071c50000: C:\WINDOWS\System32\NETUI1.dll (0000000071c50000 - 0000000071c65000: C:\WINDOWS\System32\NETUI0.dll (0000000071cc0000 - 0000000071cdc000: C:\WINDOWS\system32\actxprxy.dll (0000000072c80000 - 0000000072c88000: C:\WINDOWS\system32\msacm32.drv (0000000072c90000 - 0000000072c99000: C:\WINDOWS\system32\wdmaud.drv (0000000072f70000 - 0000000072f96000: C:\WINDOWS\system32\WINSPOOL.DRV (0000000073540000 - 000000007357d000: C:\WINDOWS\system32\ODBC32.dll (0000000073640000 - 000000007366e000: C:\WINDOWS\system32\msctfime.ime (0000000073ce0000 - 0000000073cf3000: C:\WINDOWS\system32\shgina.dll (0000000073fa0000 - 000000007400b000: C:\WINDOWS\system32\USP10.dll (0000000074620000 - 0000000074647000: C:\WINDOWS\system32\msls31.dll (0000000074650000 - 000000007467a000: C:\WINDOWS\system32\msimtf.dll (0000000074680000 - 00000000746cb000: C:\WINDOWS\system32\MSCTF.dll (0000000074cf0000 - 0000000074d81000: C:\WINDOWS\system32\mlang.dll (0000000074d90000 - 0000000074dfc000: C:\WINDOWS\system32\RICHED20.DLL (00000000753b0000 - 0000000075421000: C:\WINDOWS\system32\mshtmled.dll (0000000075430000 - 00000000754a1000: C:\WINDOWS\system32\CRYPTUI.dll (00000000758d0000 - 00000000759c0000: C:\WINDOWS\system32\MSGINA.dll (00000000759d0000 - 0000000075a7e000: C:\WINDOWS\system32\USERENV.dll (0000000075bc0000 - 0000000075c2f000: C:\WINDOWS\system32\jscript.dll (0000000075c60000 - 0000000075cff000: C:\WINDOWS\system32\urlmon.dll (0000000075e00000 - 0000000075eae000: C:\WINDOWS\system32\SXS.DLL (0000000075ed0000 - 0000000075ed7000: C:\WINDOWS\System32\drprov.dll (0000000075ee0000 - 0000000075ee9000: C:\WINDOWS\System32\davclnt.dll (0000000075ef0000 - 0000000075fed000: C:\WINDOWS\system32\BROWSEUI.dll (0000000075ff0000 - 0000000076055000: C:\WINDOWS\system32\MSVCP60.dll (0000000076060000 - 00000000761b6000: C:\WINDOWS\system32\SETUPAPI.dll (00000000762d0000 - 00000000762e0000: C:\WINDOWS\system32\WINSTA.dll (0000000076300000 - 000000007631d000: C:\WINDOWS\system32\IMM32.DLL (0000000076320000 - 0000000076367000: C:\WINDOWS\system32\comdlg32.dll (0000000076570000 - 000000007658c000: C:\WINDOWS\System32\CSCDLL.dll (0000000076590000 - 00000000765de000: C:\WINDOWS\System32\cscui.dll (00000000765e0000 - 0000000076672000: C:\WINDOWS\system32\CRYPT32.dll (0000000076680000 - 0000000076722000: C:\WINDOWS\system32\WININET.dll (0000000076990000 - 0000000076acd000: C:\WINDOWS\system32\ole32.dll (0000000076b10000 - 0000000076b3a000: C:\WINDOWS\system32\WINMM.dll (0000000076bc0000 - 0000000076bcb000: C:\WINDOWS\system32\PSAPI.DLL (0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\WINTRUST.dll (0000000076c60000 - 0000000076c88000: C:\WINDOWS\system32\IMAGEHLP.dll (000 [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ) 附件: 文件名:10436992008422230737.jpg 下载次数:485 文件类型:image/pjpeg 文件大小: 上传时间:2008-4-22 23:19:55 描述: 2008-04-23 11:38:58
900711 初生襁褓狮帖子:3 注册: 2008-04-22 来自:	分享到：

900711 初生襁褓狮帖子:3 注册: 2008-04-22 来自:	发表于： 2008-04-22 23:23 \| 只看楼主短消息资料字号：小中大 2楼 ----> 线程 ID 0x7b0 的状态转储 <---- eax=00000000 ebx=001f1dd0 ecx=00000002 edx=00000002 esi=00000104 edi=0405d9c4 eip=79004c44 esp=0405d54c ebp=0405d5d8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mscoree.dll - 函数: mscoree!CreateConfigStream 79004c2b 00538b add [ebx-0x75],dl 79004c2e 9d popfd 79004c2f a801 test al,0x1 79004c31 0000 add [eax],al 79004c33 56 push esi 79004c34 57 push edi 79004c35 8bbdac010000 mov edi,[ebp+0x1ac] 79004c3b 894580 mov [ebp-0x80],eax 79004c3e 895d88 mov [ebp-0x78],ebx 79004c41 8d4802 lea ecx,[eax+0x2] 错误 ->79004c44 668b10 mov dx,[eax] ds:0023:00000000=???? 79004c47 40 inc eax 79004c48 40 inc eax 79004c49 6685d2 test dx,dx 79004c4c 75f6 jnz mscoree!CreateConfigStream+0x5f3 (79004c44) 79004c4e 2bc1 sub eax,ecx 79004c50 d1f8 sar eax,1 79004c52 8bf0 mov esi,eax 79004c54 8bc3 mov eax,ebx 79004c56 8d4802 lea ecx,[eax+0x2] 79004c59 668b10 mov dx,[eax] ----> 堆栈反向跟踪 <--- WARNING: Stack unwind information not available. Following frames may be wrong. ChildEBP RetAddr Args to Child 0405d5d8 77da6fbf 0405d6f0 000006ce 0405d6e8 mscoree!CreateConfigStream+0x5f3 00000000 00000000 00000000 00000000 00000000 ADVAPI32!RegCloseKey+0x3cf ----> 原始堆栈转储 <---- 000000000405d54c d0 1d 1f 00 04 01 00 00 - 00 00 00 00 00 00 00 00 ................ 000000000405d55c 00 00 00 00 d0 1d 1f 00 - a2 3b 00 79 34 00 46 00 .........;.y4.F. 000000000405d56c 37 00 39 00 45 00 44 00 - 30 00 44 00 7d 00 5c 00 7.9.E.D.0.D.}.\. 000000000405d57c 49 00 6e 00 70 00 72 00 - 6f 00 63 00 53 00 65 00 I.n.p.r.o.c.S.e. 000000000405d58c cc d6 05 04 fe e1 92 7c - 0c d6 05 04 c8 d5 05 04 .......\|........ 000000000405d59c 6c fb 92 7c 71 fb 92 7c - 0c d6 05 04 fe e1 92 7c l..\|q..\|.......\| 000000000405d5ac cc d6 05 04 a4 d5 05 04 - 0a e2 92 7c a8 dc 05 04 ...........\|.... 000000000405d5bc 18 ee 92 7c 78 fb 92 7c - ff ff ff ff 71 fb 92 7c ...\|x..\|....q..\| 000000000405d5cc b4 6f da 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .o.w............ 000000000405d5dc bf 6f da 77 f0 d6 05 04 - ce 06 00 00 e8 d6 05 04 .o.w............ 000000000405d5ec e0 d6 05 04 ce 06 00 00 - 00 00 00 00 0c d6 05 04 ................ 000000000405d5fc 0e 00 00 00 ce 06 00 00 - 14 d6 05 04 00 00 00 00 ................ 000000000405d60c c8 05 93 7c c0 1e 1c 00 - e0 d6 05 04 51 05 93 7c ...\|........Q..\| 000000000405d61c e8 15 14 00 6d 05 93 7c - 04 61 e1 77 00 61 e1 77 ....m..\|.a.w.a.w 000000000405d62c 00 00 00 00 60 d6 05 04 - 3d fb 92 7c f0 d6 05 04 ....`...=..\|.... 000000000405d63c 00 00 00 00 08 00 00 00 - 6c fb 92 7c 71 fb 92 7c ........l..\|q..\| 000000000405d64c 00 00 00 00 f0 d6 05 04 - 3d fb 92 7c 4c d6 05 04 ........=..\|L... 000000000405d65c 10 40 19 00 b8 d6 05 04 - 00 00 00 00 00 00 00 00 .@.............. 000000000405d66c 10 40 19 00 40 00 00 00 - da ed c6 26 bc d6 05 04 .@..@......&.... 000000000405d67c 7d d7 02 79 90 02 00 00 - d4 57 02 79 00 00 00 00 }..y.....W.y....
900711 初生襁褓狮帖子:3 注册: 2008-04-22 来自:

900711 初生襁褓狮帖子:3 注册: 2008-04-22 来自:	发表于： 2008-04-22 23:31 \| 只看楼主短消息资料字号：小中大 3楼 ----> 线程 ID 0x900 的状态转储 <---- eax=00160000 ebx=00000000 ecx=00000064 edx=00000064 esi=7c99c380 edi=7c99c3a0 eip=7c92eb94 esp=03eaff70 ebp=03eaffb4 iopl=0 nv up ei ng nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286 函数: ntdll!KiFastSystemCallRet 7c92eb89 90 nop 7c92eb8a 90 nop ntdll!KiFastSystemCall: 7c92eb8b 8bd4 mov edx,esp 7c92eb8d 0f34 sysenter 7c92eb8f 90 nop 7c92eb90 90 nop 7c92eb91 90 nop 7c92eb92 90 nop 7c92eb93 90 nop ntdll!KiFastSystemCallRet: 7c92eb94 c3 ret 7c92eb95 8da42400000000 lea esp,[esp] 7c92eb9c 8d642400 lea esp,[esp] 7c92eba0 90 nop 7c92eba1 90 nop 7c92eba2 90 nop 7c92eba3 90 nop 7c92eba4 90 nop ntdll!KiIntSystemCall: 7c92eba5 8d542408 lea edx,[esp+0x8] 7c92eba9 cd2e int 2e ----> 堆栈反向跟踪 <--- WARNING: Stack unwind information not available. Following frames may be wrong. ChildEBP RetAddr Args to Child 03eaffb4 7c80b683 00000000 000000f8 00182b08 ntdll!KiFastSystemCallRet 03eaffec 00000000 7c930760 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4 ----> 原始堆栈转储 <---- 0000000003eaff70 1b e3 92 7c 9d 07 93 7c - c8 02 00 00 ac ff ea 03 ...\|...\|........ 0000000003eaff80 b0 ff ea 03 98 ff ea 03 - a0 ff ea 03 f8 00 00 00 ................ 0000000003eaff90 08 2b 18 00 00 00 00 00 - 00 00 00 00 80 85 18 00 .+.............. 0000000003eaffa0 00 7c 28 e8 ff ff ff ff - a0 5c 25 f2 69 75 94 7c .\|(......\%.iu.\| 0000000003eaffb0 e8 fc 1a 00 ec ff ea 03 - 83 b6 80 7c 00 00 00 00 ...........\|.... 0000000003eaffc0 f8 00 00 00 08 2b 18 00 - 00 00 00 00 00 d0 f9 7f .....+.......... 0000000003eaffd0 00 e6 7a 86 c0 ff ea 03 - 48 94 06 86 ff ff ff ff ..z.....H....... 0000000003eaffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...\|...\|........ 0000000003eafff0 00 00 00 00 60 07 93 7c - 00 00 00 00 00 00 00 00 ....`..\|........ 0000000003eb0000 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0010 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0020 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0030 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0040 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0050 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0060 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0070 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 06 06 ................ 0000000003eb0080 06 06 06 06 06 28 0c 73 - 06 06 06 06 06 06 06 06 .....(.s........ 0000000003eb0090 06 06 06 06 06 06 06 06 - 06 06 06 06 06 06 5a 7b ..............Z{ 0000000003eb00a0 5a 06 5a 7b 5a 7b 7b 7b - 7b 7b 5a 5a 7b 5a 7b 5a Z.Z{Z{{{{{ZZ{Z{Z ----> 线程 ID 0x7b0 的状态转储 <---- eax=00000000 ebx=001f1dd0 ecx=00000002 edx=00000002 esi=00000104 edi=0405d9c4 eip=79004c44 esp=0405d54c ebp=0405d5d8 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mscoree.dll - 函数: mscoree!CreateConfigStream 79004c2b 00538b add [ebx-0x75],dl 79004c2e 9d popfd 79004c2f a801 test al,0x1 79004c31 0000 add [eax],al 79004c33 56 push esi 79004c34 57 push edi 79004c35 8bbdac010000 mov edi,[ebp+0x1ac] 79004c3b 894580 mov [ebp-0x80],eax 79004c3e 895d88 mov [ebp-0x78],ebx 79004c41 8d4802 lea ecx,[eax+0x2] 错误 ->79004c44 668b10 mov dx,[eax] ds:0023:00000000=???? 79004c47 40 inc eax 79004c48 40 inc eax 79004c49 6685d2 test dx,dx 79004c4c 75f6 jnz mscoree!CreateConfigStream+0x5f3 (79004c44) 79004c4e 2bc1 sub eax,ecx 79004c50 d1f8 sar eax,1 79004c52 8bf0 mov esi,eax 79004c54 8bc3 mov eax,ebx 79004c56 8d4802 lea ecx,[eax+0x2] 79004c59 668b10 mov dx,[eax]
900711 初生襁褓狮帖子:3 注册: 2008-04-22 来自:

千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:	发表于： 2008-04-23 11:51 \| 短消息资料字号：小中大 4楼用windows清理助手清理一下系统。 windows清理助手下载页面：http://www.arswp.com/download.html 然后使用System Repair Engineer扫描日志，将日志作为附件上传上来。下载页面：http://www.kztechs.com/sreng/download.html 操作方法： 1、下载后解压缩，运行SREngPS.EXE； 2、如果无法打开尝试把SREngPS.EXE改名为123.com，并复制到c:\windows目录下运行； 3、依次点击【智能扫描】-【扫描】，耐心等待，扫描结束后点击【保存报告】； 4、选择保存路径，文件名保持默认，直接点击【保存】； 5、打开保存的日志文件SREngLOG.log，完整复制全部内容，新建一个文本文档，将日志中的全部内容粘贴到“新建文本文档.txt”中； 6、将“新建文本文档.txt”作为附件上传，同时务必详细描述问题现象，如果有查杀不净的病毒务必提供病毒名和路径。注意：扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。
千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT