Backdoor.Gpigeon.2006.aiv　　中此病毒已经有好长时间　在打开中国绿色基地论坛时　瑞星都会自动检查出此病毒　
在正常模式下　和安全模式下　都杀不出来　急　　！！！！！
另　中此病毒后　首此打开网络　就会出现斑马网的广告　　
帮我解决下　谢谢谢谢谢谢　请客吃大餐

瑞星所查出的病毒:
C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\GTEJ49E3 
c:\DOCUME~1\new\LOCALS~1\Temp        (２个)
C:\Documents and Settings\new\Local Settings\Temporary Internet Files\Content.IE5\WIE3CIUZ
文件:ray[1]exe    ray.com

Logfile of HijackThis v1.99.1
Scan saved at 17:56:45, on 2006-10-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\木马杀客\mmsk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\RsLogVw.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX00.718\HijackThis.exe

O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: SearchCar - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\SearchCar\SearchCar.dll (file missing)
O3 - Toolbar: TT33定向搜索 - {D940F380-49C7-4A05-9E33-53930AF5768F} - C:\DOCUME~1\new\LOCALS~1\Temp\tbu4\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{724A277C-6BA6-4FD8-BADA-469D3FF7EFE2}: NameServer = 219.150.150.150 222.88.88.88
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

求救!!!!

C:\Documents and Settings\new\Local Settings\Temporary Internet Files\
安全模式下 删不掉
c:\DOCUME~1\new\LOCALS~1\Temp
这个找不到 
我是新手

反病毒论坛 快来帮我看看啊

引用:

【newcenturymoon的贴子】双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统 C:\Documents and Settings\new\Local Settings\Temporary Internet Files\ c:\DOCUME~1\new\LOCALS~1\Temp 我没让你删这两个文件夹 我让你删这两个文件夹下的文件 注意在安全模式下 ………………

谢谢楼上的 c:\DOCUME~1\new\LOCALS~1\Temp 已完全清楚
C:\Documents and Settings\new\Local Settings\Temporary Internet Files\删不掉 有8个对象删不掉  好像是受保护了 如下
ad.htm
dudu.js
style.css
header.js
1010-21966.jpg
UserTrack.aspx
logo3.gip
head6.gif

引用:

【newcenturymoon的贴子】C:\Documents and Settings\new\Local Settings\Temporary Internet Files\ 安全模式下 清除 ………………

我保证是在安全模式下删的 可就是删不掉  点击删除没反映啊
还是要谢谢你  请在帮我想个办法

安全模式下打开 C:\Documents and Settings\new\Local Settings\Temporary Internet Files\这个文件夹 然后把里面的 文件都选中 删除 已经实验过 不行
安全模式下 打开IE浏览器 工具 Internet选项 Internet临时文件 删除文件 把删除所有脱机内容的钩挑上 然后确定 马上实验

安全模式下 打开IE浏览器 工具 Internet选项 Internet临时文件 删除文件 把删除所有脱机内容的钩挑上
确实管用  顽固对象已经清楚
非常感谢你  好人
帮我看看我的日志 昨天我也中Backdoor.Gpigeon.2006.re 看杀掉没 感谢
Logfile of HijackThis v1.99.1
Scan saved at 11:56:14, on 2006-10-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe
C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX01.265\HijackThis.exe

O3 - Toolbar: (no name) - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD}? - (no file)
O3 - Toolbar: (no name) - {D940F380-49C7-4A05-9E33-53930AF5768F}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{724A277C-6BA6-4FD8-BADA-469D3FF7EFE2}: NameServer = 219.150.150.150 222.88.88.88
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe