最近看到这么多毒都泛滥,真是怕怕啊.按瑞星网站上说的下补丁,改规则自以为没问题了,可是攻击还是不断,开始还纳闷呢,该做的都做了啊.这是怎么了?我用完美卸载查了一下毒,发现了hh.exe文件,该文件竟然和KB896358融在了一起,注册表里的几个键值都是他Y的.我是服了.删除+卸载,下瑞星的一补没的问题了.
顺便看了看所有补丁的log,不看不知道一看吓一跳,复制其中的一个来叫大家看看,麻烦工程师们给解释解释:Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ

[KB921883.log]
4.079: ================================================================================
4.079: 2006/08/15 15:15:44.671 (local)
4.079: C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\80f61f78b55eed69c94627bbf513f57f\update\update.exe (version 6.2.29.0)
4.094: Hotfix started with following command line: /si /ParentInfo:846998c2f8d16440a815e0684b3d1115
6.438: DoInstallation: CleanPFR failed: 0x2
6.469: SetProductTypes: InfProductBuildType=BuildType.Sel
6.485: SetAltOsLoaderPath: No section uses DirId 65701; done.
6.516: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB921883$
6.516: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
6.532: ref tag c:\windows\system32\sp4.cab does not exist
6.532: ref tag c:\windows\system32\sp3.cab does not exist
6.532: ref tag c:\windows\system32\sp2.cab does not exist
6.532: ref tag c:\windows\system32\sp1.cab does not exist
6.532: ref tag c:\windows\system32\driver.cab does not exist
6.532: ref tag c:\windows\system32\fp40ext.cab does not exist
6.532: ref tag c:\windows\system32\fp40ext1.cab does not exist
6.547: ref tag c:\windows\system32\wms4.cab does not exist
6.547: ref tag c:\windows\system32\wms41.cab does not exist
6.547: ref tag c:\windows\system32\ims.cab does not exist
6.547: ref tag c:\windows\system32\ims1.cab does not exist
6.547: ref tag c:\windows\system32\ins.cab does not exist
6.547: ref tag c:\windows\system32\ins1.cab does not exist
6.547: Starting AnalyzeComponents
6.547: AnalyzePhaseZero used 0 ticks
6.547: No c:\windows\INF\updtblk.inf file.
6.547: OEM file scan used 0 ticks
6.625: AnalyzePhaseOne: used 78 ticks
6.625: AnalyzeComponents: Hotpatch analysis disabled; skipping.
6.625: AnalyzeComponents: Hotpatching is disabled.
6.625: FindFirstFile c:\windows\$hf_mig$\*.*
8.000: AnalyzeForBranching used 15 ticks.
8.000: AnalyzePhaseTwo used 0 ticks
8.000: AnalyzePhaseThree used 0 ticks
8.016: AnalyzePhaseFive used 16 ticks
8.016: AnalyzePhaseSix used 0 ticks
8.016: AnalyzeComponents used 1469 ticks
8.016: Downloading 2 files
8.016: bPatchMode = TRUE
8.016: Inventory complete: ReturnStatus=0, 1500 ticks
8.016: Num Ticks for invent : 1500
8.047: [dumpDownloadTask] Update.exe posting request file to download a total of 42439 bytes (42439 bytes in patches and 0 bytes in fallbacks)
8.047: dumpDownloadTask returned 0xf200 (more files to download)
8.157: KB921883 的安装没有完成。
8.157: Update.exe extended error code = 0xf200
0.953: ================================================================================
0.953: 2006/08/15 15:15:54.390 (local)
0.953: C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\80f61f78b55eed69c94627bbf513f57f\update\update.exe (version 6.2.29.0)
0.953: Hotfix started with following command line: /si /ParentInfo:ec2750bfc7f3bf4aa27160b59c842bb3
1.438: DoInstallation: CleanPFR failed: 0x2
1.438: SetProductTypes: InfProductBuildType=BuildType.Sel
1.438: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.469: Express: 42,439 bytes were downloaded.
1.578: [PatchFilesFromResponseBlob] returning STATUS_READY_TO_INSTALL
1.625: KB921883 的安装没有完成。
1.625: Update.exe extended error code = 0xf201
1.750: ================================================================================
1.750: 2006/08/15 15:25:47.812 (local)
1.750: C:\WINDOWS\SoftwareDistribution\Download\ae990a125f0eff30151a0c79b2920c26\update\update.exe (version 6.2.29.0)
1.750: Failed To Enable SE_SHUTDOWN_PRIVILEGE
1.766: Hotfix started with following command line: -q -z -er /ParentInfo:d78626388271aa4d995e1c64d03515a4
2.422: In Function TestVolatileFlag, line 11873, RegOpenKeyEx failed with error 0x2
2.422: In Function TestVolatileFlag, line 11905, RegOpenKeyEx failed with error 0x2
2.422: ---- Old Information In The Registry ------
2.422: Source:C:\Config.Msi\11dabd0.rbf
2.422: Destination:
2.438: Source:C:\Config.Msi\11dabd1.rbf (1.1.4322.573)
2.438: Destination:
2.438: Source:C:\Config.Msi\11dabdb.rbf (1.1.4322.573)
2.438: Destination:
2.438: Source:C:\Config.Msi\11dac06.rbf (1.1.4322.573)
2.438: Destination:
2.438: ---- New Information In The Registry ------
2.438: Source:C:\Config.Msi\11dabd0.rbf
2.438: Destination:
2.438: Source:C:\Config.Msi\11dabd1.rbf (1.1.4322.573)
2.438: Destination:
2.438: Source:C:\Config.Msi\11dabdb.rbf (1.1.4322.573)
2.438: Destination:
2.438: Source:C:\Config.Msi\11dac06.rbf (1.1.4322.573)
2.438: Destination:
2.438: SetProductTypes: InfProductBuildType=BuildType.Sel
2.438: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.453: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB921883$
2.469: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
2.500: ref tag c:\windows\system32\sp4.cab does not exist
2.500: ref tag c:\windows\system32\sp3.cab does not exist
2.500: ref tag c:\windows\system32\sp2.cab does not exist
2.500: ref tag c:\windows\system32\sp1.cab does not exist
2.500: ref tag c:\windows\system32\driver.cab does not exist
Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ

续上页


2.500: ref tag c:\windows\system32\fp40ext.cab does not exist
2.500: ref tag c:\windows\system32\fp40ext1.cab does not exist
2.516: ref tag c:\windows\system32\wms4.cab does not exist
2.516: ref tag c:\windows\system32\wms41.cab does not exist
2.516: ref tag c:\windows\system32\ims.cab does not exist
2.516: ref tag c:\windows\system32\ims1.cab does not exist
2.516: ref tag c:\windows\system32\ins.cab does not exist
2.516: ref tag c:\windows\system32\ins1.cab does not exist
2.516: Starting AnalyzeComponents
2.516: AnalyzePhaseZero used 0 ticks
2.516: No c:\windows\INF\updtblk.inf file.
2.516: OEM file scan used 0 ticks
2.563: AnalyzePhaseOne: used 47 ticks
2.563: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.563: AnalyzeComponents: Hotpatching is disabled.
2.563: FindFirstFile c:\windows\$hf_mig$\*.*
3.094: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.125: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.125: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.125: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.125: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.125: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.125: KB921883 安装程序遇到了一个错误:  update.ver 文件不正确。
3.141: AnalyzeForBranching used 16 ticks.
3.203: AnalyzePhaseTwo used 62 ticks
3.203: AnalyzePhaseThree used 0 ticks
3.203: AnalyzePhaseFive used 0 ticks
3.203: AnalyzePhaseSix used 0 ticks
3.203: AnalyzeComponents used 687 ticks
3.203: Downloading 0 files
3.203: bPatchMode = TRUE
3.203: Inventory complete: ReturnStatus=0, 750 ticks
3.203: Num Ticks for invent : 750
3.219: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX18D.tmp
3.219: 复制的文件:  c:\windows\inf\branches.inf
11.438: Allocation size of drive C: is 4096 bytes, free space = 6536220672 bytes
11.500: AnalyzeDiskUsage:  Skipping EstimateDiskUsageForUninstall.
11.500: Drive C: free 6233MB req: 10MB w/uninstall: NOT CALCULATED.
11.500: CabinetBuild complete
11.500: Num Ticks for Cabinet build : 8297
11.500: DynamicStrings section not defined or empty.
11.516: FileInUse:: Detection disabled.
12.516: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
12.578: Num Ticks for Backup : 1078
12.688: Num Ticks for creating uninst inf : 110
12.703: Registering Uninstall Program for -> KB921883, KB921883 , 0x0
12.703: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
12.719: System Restore Point set.
12.766: 复制的文件:  C:\WINDOWS\system32\spmsg.dll
13.000: PFE2: Not avoiding Per File Exceptions.
13.031: GetCatVersion:  Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat with error 0x57
13.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\update_SP2QFE.inf -> c:\windows\$hf_mig$\KB921883\update\update_SP2QFE.inf.
13.469: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\spuninst.exe -> c:\windows\$hf_mig$\KB921883\spuninst.exe.
13.469: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\spmsg.dll -> c:\windows\$hf_mig$\KB921883\spmsg.dll.
13.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\spcustom.dll -> c:\windows\$hf_mig$\KB921883\update\spcustom.dll.
13.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\KB921883.CAT -> c:\windows\$hf_mig$\KB921883\update\KB921883.CAT.
13.531: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\update.exe -> c:\windows\$hf_mig$\KB921883\update\update.exe.
13.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\updspapi.dll -> c:\windows\$hf_mig$\KB921883\update\updspapi.dll.
13.594: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\update.ver -> c:\windows\$hf_mig$\KB921883\update\update.ver.
13.703: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\updatebr.inf -> c:\windows\$hf_mig$\KB921883\update\updatebr.inf.
13.719: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\eula.txt -> c:\windows\$hf_mig$\KB921883\update\eula.txt.
13.735: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\update\branches.inf -> c:\windows\$hf_mig$\KB921883\update\branches.inf.
13.750: 复制的文件:  C:\WINDOWS\system32\netapi32.dll
13.953: 复制的文件(延迟):  C:\WINDOWS\system32\SET18E.tmp
13.953: 复制的文件:  C:\WINDOWS\system32\DllCache\netapi32.dll
13.985: 复制的文件:  c:\windows\$hf_mig$\KB921883\SP2QFE\netapi32.dll
14.110: DoInstallation: Installing assemblies with source root path: c:\windows\softwaredistribution\download\ae990a125f0eff30151a0c79b2920c26\
14.110: Num Ticks for Copying files : 1422
14.110: Num Ticks for Reg update and deleting 0 size files : 0
14.125: ---- Old Information In The Registry ------
14.125: Source:C:\Config.Msi\11dabd0.rbf
14.125: Destination:
14.125: Source:C:\Config.Msi\11dabd1.rbf (1.1.4322.573)
14.125: Destination:
14.125: Source:C:\Config.Msi\11dabdb.rbf (1.1.4322.573)
14.125: Destination:
14.125: Source:C:\Config.Msi\11dac06.rbf (1.1.4322.573)
14.125: Destination:
14.141: Source:C:\WINDOWS\system32\SET18E.tmp (5.1.2600.2952)
14.141: Destination:C:\WINDOWS\system32\netapi32.dll (5.1.2600.2180)
14.141: ---- New Information In The Registry ------
14.141: Source:C:\Config.Msi\11dabd0.rbf
14.141: Destination:
14.141: Source:C:\Config.Msi\11dabd1.rbf (1.1.4322.573)
14.141: Destination:
14.141: Source:C:\Config.Msi\11dabdb.rbf (1.1.4322.573)
14.141: Destination:
14.141: Source:C:\Config.Msi\11dac06.rbf (1.1.4322.573)
14.141: Destination:
14.141: Source:C:\WINDOWS\system32\SET18E.tmp (5.1.2600.2952)
14.141: Destination:C:\WINDOWS\system32\netapi32.dll (5.1.2600.2180)
16.031: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
16.031: IsRebootRequiredForFileQueue: At least one file operation was delayed; reboot is required.
                              If none are listed below, check above for delayed deletes.
16.031: IsRebootRequiredForFileQueue: c:\windows\system32\netapi32.dll was delayed; reboot is required.
16.031: DoInstallation: A reboot is required to complete the installation of one or more files.
16.031: In Function SetVolatileFlag, line 11789, RegOpenKeyEx failed with error 0x2
16.031: In Function SetVolatileFlag, line 11806, RegOpenKeyEx failed with error 0x2
16.031: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
16.110: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0
3.906: ================================================================================
3.906: 2006/08/21 20:18:31.609 (local)
3.906: e:\b1055c126f0955ad7b04\update\update.exe (version 6.2.29.0)
3.906: Hotfix started with following command line:
6.297: In Function TestVolatileFlag, line 11873, RegOpenKeyEx failed with error 0x2
6.297: In Function TestVolatileFlag, line 11905, RegOpenKeyEx failed with error 0x2
6.297: DoInstallation: CleanPFR failed: 0x2
6.344: SetProductTypes: InfProductBuildType=BuildType.Sel
6.344: SetAltOsLoaderPath: No section uses DirId 65701; done.
6.375: DoInstallation: FetchSourceURL for e:\b1055c126f0955ad7b04\update\update_SP2GDR.inf failed
6.375: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
6.391: BuildCabinetManifest: update.url absent
6.391: Starting AnalyzeComponents
6.391: AnalyzePhaseZero used 0 ticks
6.406: No c:\windows\INF\updtblk.inf file.
6.406: OEM file scan used 0 ticks
6.547: AnalyzePhaseOne: used 156 ticks
6.547: AnalyzeComponents: Hotpatch analysis disabled; skipping.
6.547: AnalyzeComponents: Hotpatching is disabled.
6.547: FindFirstFile c:\windows\$hf_mig$\*.*
8.266: AnalyzeForBranching used 0 ticks.
8.266: AnalyzePhaseTwo used 0 ticks
8.266: AnalyzePhaseThree used 0 ticks
8.266: AnalyzePhaseFive used 0 ticks
8.266: AnalyzePhaseSix used 0 ticks
96.438: Message displayed to the user: 是否确认要取消操作?
96.438: User Input: YES
98.281: AnalyzeComponents: Cancelled
98.281: Inventory complete: ReturnStatus=1223, 91906 ticks
99.453: KB921883 安装程序被取消。
101.063: Message displayed to the user: KB921883 安装程序被取消。
101.063: User Input: OK
101.063: Update.exe extended error code = 0xf00d
101.063: Update.exe return code was masked to 0x643 for MSI custom action compliance.
Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ

十之八九的补丁就这么没打上,最可怕的是Microsoft Update和瑞星的漏洞工具貌似都以为打好了.

哪位老大知道怎么回事!!!Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ

-_-竟然没人理........................

新贴蛮多的么Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ

我的也补出问题了Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ

我的也是补问题了 重装系统后问题还在 恶意软件还在 瑞星不能彻底查杀和清除病毒 什么垃圾瑞星啊 郁闷哦Ú‚À.(_Aêbbs.ikaka.comÐQåO‚ÈißÅ