服务器最近总是别人入侵，修改网页，加入传播木马的代码（<iframe src="木马地址"></iframe>),我在网上查了不少文章，把改关的都关了，该停的都停了。还是没办法，我把文件改为只读，他也能改为可写，然后继续修改。也不知道是中了木马还是系统漏洞，难道就真的没办法了吗？黑客门，能停手吗，大家做点事不容易！下面是扫描的进程度。大家都来帮帮我吧。非常感谢。

Logfile of HijackThis v1.99.1
Scan saved at 17:32:30, on 2006-7-28
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
e:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
D:\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\WINNT\system32\logon.scr
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
E:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\temp\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF5D05ED-D697-4AF4-A3CC-2ADF34C0D6A9}: NameServer = 211.155.27.88,211.155.23.88,61.144.56.101,202.96.128.110,202.96.128.68
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: COM+ Event Sytsem (Event System) - Unknown owner - C:\WINNT\dwunl_16.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - e:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

有两个这个进程winlogon
C:\WINNT\system32\winlogon.exe

我接下来应该怎么办。他三天两头就来一次。我现在连FTP的端口都停。还是一样。没用。

重装系统有用吗？还是系统的漏洞？

我在网上查了，也有和我一样遭遇的。但是都没有人知道怎么解决？希望有高人指点。或者有同样经历的朋友告诉我你的处理方法。再次谢谢了。心力交瘁~！

用ewido查到有这个木马：
Hijacker.Linker.e

和他传播的木马是一样的。