瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】只要连接到Internet, 就会提示病毒, 并生成相应文件!

1   1  /  1  页   跳转

【求助】只要连接到Internet, 就会提示病毒, 并生成相应文件!

收藏
DavidLu2000
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-03-30
  • 来自:
发表于: 2006-03-30 12:33 | 显示全部 短消息 资料
字号: 1楼

【求助】只要连接到Internet, 就会提示病毒, 并生成相应文件!

各位大侠, 本人的电脑中毒已深, 经过几次测试, 发现了问题来源.

将网线拔掉, 电脑没有任何问题. 一当接上网线上网, Norton马上提示病毒,
并在C:\Windows下产生chk.exe, pj.exe和SimCom.dll等文件; 在
C:\Documents and Settings\Administrator\Local Settings\Temp下生产
mir2.exe和hgz.exe等文件.

将这些文件删除, 重新启动机器, 又出现上述的问题.

各位大侠, 这是什么病毒?? 请帮忙!!!
最后编辑2006-04-01 14:16:48
分享到:
gototop
 
DavidLu2000
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-03-30
  • 来自:
发表于: 2006-04-01 14:15 | 显示全部 短消息 资料
字号: 2楼

从日志上看, 好像没有任何问题哟!

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BMMGAG><; RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BMMLREF><; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <vptray><D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
gototop
 
DavidLu2000
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-03-30
  • 来自:
发表于: 2006-04-01 14:15 | 显示全部 短消息 资料
字号: 3楼

==================================
Startup Folders
Services
[AdminService for PROGRESS 9.1D / AdminService9.1D]
  <"D:\DLC91D\bin\AdmSrvc.exe"><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[DefWatch / DefWatch]
  <D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[IBM PM Service / IBMPMSVC]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Oracle OLAP 9.0.1.0.1 / OLAPServer]
  <D:\Ora90\bin\xsolap.exe><Oracle Corporation>
[Oracle OLAP Agent / Oracle OLAP Agent]
  <D:\Ora90\bin\xsaagent.exe><N/A>
[OracleOraHome90Agent / OracleOraHome90Agent]
  <D:\Ora90\bin\agntsrvc.exe><Oracle Corporation>
[OracleOraHome90ClientCache / OracleOraHome90ClientCache]
  <D:\Ora90\BIN\ONRSD.EXE><N/A>
[OracleOraHome90HTTPServer / OracleOraHome90HTTPServer]
  <D:\Ora90\Apache\Apache\Apache.exe><N/A>
[OracleOraHome90PagingServer / OracleOraHome90PagingServer]
  <D:\Ora90/bin/pagntsrv.exe><N/A>
[OracleOraHome90SNMPPeerEncapsulator / OracleOraHome90SNMPPeerEncapsulator]
  <D:\Ora90\BIN\ENCSVC.EXE><N/A>
[OracleOraHome90SNMPPeerMasterAgent / OracleOraHome90SNMPPeerMasterAgent]
  <D:\Ora90\BIN\AGNTSVC.EXE><N/A>
[OracleOraHome90TNSListener / OracleOraHome90TNSListener]
  <D:\Ora90\BIN\TNSLSNR ><N/A>
[OracleServiceORA9 / OracleServiceORA9]
  <d:\ora90\bin\ORACLE.EXE ORA9><Oracle Corporation>
[ProService for 9.1D / ProService9.1D]
  <D:\DLC91D\bin\ProSrvc.exe><Progress Software>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\WINDOWS\system32\S24EvMon.exe><Intel Corporation >
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[VMware Authorization Service / VMAuthdService]
  <D:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware NAT Service / VMware NAT Service]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
[Visibroker Smart Agent / xsSmartAgent]
  <D:\Ora90\bin\osagent.exe><N/A>
gototop
 
DavidLu2000
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-03-30
  • 来自:
发表于: 2006-04-01 14:15 | 显示全部 短消息 资料
字号: 4楼

Running Processes
[PID: 600][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.1023 (srvr2.030624-1700)>
    [C:\WINDOWS\system32\NavLogon.dll]  <N/A><N/A>
[PID: 716][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.1023 (srvr2.030624-1700)>
[PID: 728][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 888][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 940][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 956][C:\WINDOWS\system32\ibmpmsvc.exe]  <N/A><N/A>
[PID: 980][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4112>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 1096][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1284][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1328][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1748][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.0 (srv03_rtm.030324-2048)>
    [D:\Ora90\bin\oci.dll]  <Oracle Corporation><9.0.1.1.1>
[PID: 1860][D:\DLC91D\bin\AdmSrvc.exe]  <N/A><N/A>
    [D:\DLC91D\bin\EVNTLOG.dll]  <Progress Software Corporation><9.1A>
[PID: 1876][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1916][D:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 1928][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1964][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><6.0.3790.0 (srv03_rtm.030324-2048)>
[PID: 1980][D:\DLC91D\jre\bin\java.exe]  <N/A><N/A>
    [D:\DLC91D\jre\bin\hotspot\jvm.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\hpi.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\verify.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\java.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\zip.dll]  <N/A><N/A>
    [D:\DLC91D\bin\jutil.dll]  <N/A><N/A>
    [D:\DLC91D\bin\jni_util.dll]  <N/A><N/A>
    [D:\DLC91D\bin\auth.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\net.dll]  <N/A><N/A>
    [D:\DLC91D\bin\ntjavamain.dll]  <N/A><N/A>
    [D:\DLC91D\bin\ntadminserver.dll]  <N/A><N/A>
    [D:\DLC91D\bin\versioninfo.dll]  <N/A><N/A>
    [D:\DLC91D\bin\procfg.dll]  <N/A><N/A>
    [D:\DLC91D\bin\environ.dll]  <N/A><N/A>
[PID: 176][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  <Microsoft Corporation><7.10.3077>
[PID: 204][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 528][D:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe]  <Microsoft Corporation><2000.080.0194.00>
[PID: 1224][D:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINDOWS\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINDOWS\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINDOWS\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINDOWS\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060329.009\NAVEX32a.DLL]  <Symantec Corporation><20051.3.1.11>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060329.009\NAVENG32.DLL]  <Symantec Corporation><20051.3.1.11>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  <Symantec Corporation><8.1.0.821>
[PID: 1280][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1308][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1352][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1688][D:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 1716][C:\WINDOWS\system32\vmnat.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 1744][C:\WINDOWS\system32\Dfssvc.exe]  <Microsoft Corporation><5.2.3790.1023 (srvr2.030624-1700)>
[PID: 372][C:\WINDOWS\system32\vmnetdhcp.exe]  <VMware, Inc.><5.0.0 build-13124>
[PID: 420][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 2444][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime]  <N/A><N/A>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  <Symantec Corporation><8.1.0.821>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
[PID: 2592][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  <Analog Devices, Inc.><5, 0, 1, 57>
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  <Analog Devices, Inc.><5, 0, 0, 473>
[PID: 2728][D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
    [D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
[PID: 3036][D:\DLC91D\jre\bin\java.exe]  <N/A><N/A>
    [D:\DLC91D\jre\bin\hotspot\jvm.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\hpi.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\verify.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\java.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\zip.dll]  <N/A><N/A>
    [D:\DLC91D\bin\ntjavamain.dll]  <N/A><N/A>
    [D:\DLC91D\bin\jutil.dll]  <N/A><N/A>
    [D:\DLC91D\bin\jni_util.dll]  <N/A><N/A>
    [D:\DLC91D\jre\bin\net.dll]  <N/A><N/A>
    [D:\DLC91D\bin\environ.dll]  <N/A><N/A>
    [D:\DLC91D\bin\procfg.dll]  <N/A><N/A>
[PID: 4020][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 4028][C:\Program Files\MSN Messenger\msnmsgr.exe]  <Microsoft Corporation><7.5.0306>
    [C:\WINDOWS\system32\devenum.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\WINDOWS\system32\upengine.dll]  <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 3388][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2376][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 3936][D:\Program Files\Skype\Phone\Skype.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\devenum.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 2328][D:\Program Files\Skype\Phone\ContentFilter.exe]  <TOM Online Inc.><1.0.1.0>
[PID: 3348][G:\My Works\Virus\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
gototop
 
DavidLu2000
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-03-30
  • 来自:
发表于: 2006-04-01 14:16 | 显示全部 短消息 资料
字号: 5楼

各位大侠,遇到相同的情况吗?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT