2008-11-17 22:05
niefeng1995
电脑中马了,还会回写的那种
各位大侠们,小弟的电脑昨天好像中招了,说我的系统文件被替换,要求我插入安装盘恢复文件,但是我没有安装盘,就点取消了。昨天一直没出问题
等到今天早上开机的时候,我的电脑 打开后,就一直那小手电 晃啊晃的, 而且网页上 地址连键入 回车搜索不管用了, 我只能从收藏夹里边找网址 然后连接。 而且所有的 杀毒软件, 360啊 什么的都打不开
这是最明显的几个问题
今天我用清理助手 查到了8个木马,显示的是 特洛伊木马,以前都可以清理掉的,这里进入安全模式都搞不定,他们一直回写,刚清除 再重新搜索的话又 出现了
用 sreng2 查看启动项目 有184个镜像劫持 ,下载了镜像劫持清理器 没有一点作用,不停的回写
现将 sreng 扫描的文件 献上,希望大侠们能帮小弟解决了这个问题,小弟在此谢谢了!!!
我整了一天,还是无功而返,郁闷啊
2008-11-17 22:22
niefeng1995
55555 有没有高手在啊
帮帮忙,谢谢了 各位大侠
2008-11-18 09:13
shoo
[b]1.建议使用XDelBox删除以下文件[/b]:([url=http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0][color=#2f5fa1]XDelBox最新版[/color][/url])
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板[b]“不检查路径”[/b]导入,勾选“抑制再生”,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
c:\windows\system32\acdess.dll
c:\windows\system32\vcript32.dll
c:\windows\temp\zpwgamerecord.dll
c:\windows\system32\winsysdwn.dll
c:\windows\system32\mspmsnsv.dll
[b]2.删除重启后使用SREng修复下面各项:[/b]
启动项目 -- 注册表之如下项删除:
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe]] <IFEO[rescue32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfw.exe]] <IFEO[Rfw.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rn.exe]] <IFEO[rn.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]] <IFEO[safeboxTray.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe]] <IFEO[safeweb.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe]] <IFEO[scam32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan.exe]] <IFEO[scan.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe]] <IFEO[SCAN32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.exe]] <IFEO[SCANPM.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scon.exe]] <IFEO[scon.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.exe]] <IFEO[SCRSCAN.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]] <IFEO[seccenter.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secu.exe]] <IFEO[secu.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.exe]] <IFEO[SERV95.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sirc32.exe]] <IFEO[sirc32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.exe]] <IFEO[SMC.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smtpsvc.exe]] <IFEO[smtpsvc.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.exe]] <IFEO[SPHINX.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spy.exe]] <IFEO[spy.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.exe]] <IFEO[SWEEP95.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe]] <IFEO[symproxysvc.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.exe]] <IFEO[TBSCAN.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.exe]] <IFEO[TCA.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.exe]] <IFEO[TDS2-98.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.exe]] <IFEO[TDS2-NT.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tmntsrv.exe]] <IFEO[Tmntsrv.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMOAgent.exe]] <IFEO[TMOAgent.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmproxy.exe]] <IFEO[tmproxy.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmupdito.exe]] <IFEO[tmupdito.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe]] <IFEO[TSC.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UlibCfg.exe]] <IFEO[UlibCfg.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vavrunr.exe]] <IFEO[vavrunr.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.exe]] <IFEO[VET95.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.exe]] <IFEO[VETTRAY.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir.exe]] <IFEO[vir.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe]] <IFEO[VPC32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.exe]] <IFEO[VSECOMR.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe]] <IFEO[vshwin32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSCAN40]] <IFEO[VSSCAN40]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]] <IFEO[vsstat.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCAN.exe]] <IFEO[WEBSCAN.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.exe]] <IFEO[WEBSCANX.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe]] <IFEO[webtrap.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.exe]] <IFEO[WFINDV32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows优化大师.exe]] <IFEO[windows优化大师.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe]] <IFEO[wink.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe]] <IFEO[zonealarm.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.exe]] <IFEO[_AVP32.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.exe]] <IFEO[_AVPCC.exe]>
[[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.exe]] <IFEO[_AVPM.exe]>
[IFEO[ACKWIN32.exe]] <svchost.exe>
[IFEO[ANTI-TROJAN.exe]] <svchost.exe>
[IFEO[anti.exe]] <svchost.exe>
[IFEO[antivir.exe]] <svchost.exe>
[IFEO[APVXDWIN.exe]] <svchost.exe>
[IFEO[atrack.exe]] <svchost.exe>
[IFEO[AVCONSOL.exe]] <svchost.exe>
[IFEO[AVE32.exe]] <svchost.exe>
[IFEO[AVGCTRL.exe]] <svchost.exe>
[IFEO[avk.exe]] <svchost.exe>
[IFEO[AVKSERV.exe]] <svchost.exe>
[IFEO[avp.exe]] <svchost.exe>
[IFEO[avp32.exe]] <svchost.exe>
[IFEO[AVPCC.exe]] <svchost.exe>
[IFEO[avpdos32.exe]] <svchost.exe>
[IFEO[AVPM.exe]] <svchost.exe>
[IFEO[AVPMON.exe]] <svchost.exe>
[IFEO[AVPNT.exe]] <svchost.exe>
[IFEO[AVPTC32.exe]] <svchost.exe>
[IFEO[AVPUPD.exe]] <svchost.exe>
[IFEO[AVSCHED32.exe]] <svchost.exe>
[IFEO[avsynmgr.exe]] <svchost.exe>
[IFEO[AVWIN95.exe]] <svchost.exe>
[IFEO[avxonsol.exe]] <svchost.exe>
[IFEO[bdagent.exe]] <svchost.exe>
[IFEO[BLACKD.exe]] <svchost.exe>
[IFEO[BLACKICE.exe]] <svchost.exe>
[IFEO[CCenter.exe]] <svchost.exe>
[IFEO[CFIADMIN.exe]] <svchost.exe>
[IFEO[CFIAUDIT.exe]] <svchost.exe>
[IFEO[CFIND.exe]] <svchost.exe>
[IFEO[cfinet.exe]] <svchost.exe>
[IFEO[cfinet32.exe]] <svchost.exe>
[IFEO[CLAW95.exe]] <svchost.exe>
[IFEO[CLAW95CT.exe]] <svchost.exe>
[IFEO[CLEANER.exe]] <svchost.exe>
[IFEO[CLEANER3.exe]] <svchost.exe>
[IFEO[DAVPFW.exe]] <svchost.exe>
[IFEO[debu.exe]] <svchost.exe>
[IFEO[DV95.exe]] <svchost.exe>
[IFEO[DV95_O.exe]] <svchost.exe>
[IFEO[DVP95.exe]] <svchost.exe>
[IFEO[ECENGINE.exe]] <svchost.exe>
[IFEO[EFINET32.exe]] <svchost.exe>
[IFEO[egui.exe]] <svchost.exe>
[IFEO[ESAFE.exe]] <svchost.exe>
[IFEO[ESPWATCH.exe]] <svchost.exe>
[IFEO[explorewclass.exe]] <svchost.exe>
[IFEO[F-AGNT95.exe]] <svchost.exe>
[IFEO[F-PROT.exe]] <svchost.exe>
[IFEO[f-prot95.exe]] <svchost.exe>
[IFEO[F-STOPW.exe]] <svchost.exe>
[IFEO[FINDVIRU.exe]] <svchost.exe>
[IFEO[fir.exe]] <svchost.exe>
[IFEO[fp-win.exe]] <svchost.exe>
[IFEO[IAMAPP.exe]] <svchost.exe>
[IFEO[IAMSERV.exe]] <svchost.exe>
[IFEO[IBMASN.exe]] <svchost.exe>
[IFEO[IBMAVSP.exe]] <svchost.exe>
[IFEO[ice.exe]] <svchost.exe>
[IFEO[IceSword.exe]] <svchost.exe>
[IFEO[ICLOAD95.exe]] <svchost.exe>
[IFEO[ICLOADNT.exe]] <svchost.exe>
[IFEO[ICMOON.exe]] <svchost.exe>
[IFEO[ICSSUPPNT.exe]] <svchost.exe>
[IFEO[iom.exe]] <svchost.exe>
[IFEO[iomon98.exe]] <svchost.exe>
[IFEO[JED.exe]] <svchost.exe>
[IFEO[Kabackreport.exe]] <svchost.exe>
[IFEO[Kasmain.exe]] <svchost.exe>
[IFEO[kav32.exe]] <svchost.exe>
[IFEO[kavstart.exe]] <svchost.exe>
[IFEO[kissvc.exe]] <svchost.exe>
[IFEO[KPFW32.exe]] <svchost.exe>
[IFEO[kpfwsvc.exe]] <svchost.exe>
[IFEO[KPPMain.exe]] <svchost.exe>
[IFEO[KRF.exe]] <svchost.exe>
[IFEO[KVMonXP.exe]] <svchost.exe>
[IFEO[KVPreScan.exe]] <svchost.exe>
[IFEO[kwatch.exe]] <svchost.exe>
[IFEO[lamapp.exe]] <svchost.exe>
[IFEO[lockdown2000.exe]] <svchost.exe>
[IFEO[LOOKOUT.exe]] <svchost.exe>
[IFEO[luall.exe]] <svchost.exe>
[IFEO[LUCOMSERVER.exe]] <svchost.exe>
[IFEO[mcafee.exe]] <svchost.exe>
[IFEO[mon.exe]] <svchost.exe>
[IFEO[moniker.exe]] <svchost.exe>
[IFEO[MOOLIVE.exe]] <svchost.exe>
[IFEO[MPFTRAY.exe]] <svchost.exe>
[IFEO[N32ACAN.exe]] <svchost.exe>
[IFEO[navapsvc.exe]] <svchost.exe>
[IFEO[navapw32.exe]] <svchost.exe>
[IFEO[NAVLU32.exe]] <svchost.exe>
[IFEO[NAVNT.exe]] <svchost.exe>
[IFEO[navrunr.exe]] <svchost.exe>
[IFEO[NAVSCHED.exe]] <svchost.exe>
[IFEO[NAVW.exe]] <svchost.exe>
[IFEO[NAVW32.exe]] <svchost.exe>
[IFEO[navwnt.exe]] <svchost.exe>
[IFEO[nisserv.exe]] <svchost.exe>
[IFEO[nisum.exe]] <svchost.exe>
[IFEO[NMAIN.exe]] <svchost.exe>
[IFEO[NORMIST.exe]] <svchost.exe>
[IFEO[norton.exe]] <svchost.exe>
[IFEO[NUPGRADE.exe]] <svchost.exe>
[IFEO[NVC95.exe]] <svchost.exe>
[IFEO[office.exe]] <svchost.exe>
[IFEO[OUTPOST.exe]] <svchost.exe>
[IFEO[PADMIN.exe]] <svchost.exe>
[IFEO[PAVCL.exe]] <svchost.exe>
[IFEO[pcc.exe]] <svchost.exe>
[IFEO[PCCClient.exe]] <svchost.exe>
[IFEO[pccguide.exe]] <svchost.exe>
[IFEO[pcciomon.exe]] <svchost.exe>
[IFEO[pccmain.exe]] <svchost.exe>
[IFEO[pccwin98.exe]] <svchost.exe>
[IFEO[PCFWALLICON.exe]] <svchost.exe>
[IFEO[PERSFW.exe]] <svchost.exe>
[IFEO[pop3trap.exe]] <svchost.exe>
[IFEO[PpPpWallRun.exe]] <svchost.exe>
[IFEO[program.exe]] <svchost.exe>
[IFEO[prot.exe]] <svchost.exe>
[IFEO[pview95.exe]] <svchost.exe>
[IFEO[ras.exe]] <svchost.exe>
[IFEO[RAV7.exe]] <svchost.exe>
[IFEO[rav7win.exe]] <svchost.exe>
[IFEO[RavMon.exe]] <svchost.exe>
[IFEO[RavMonD.exe]] <svchost.exe>
[IFEO[RavStub.exe]] <svchost.exe>
[IFEO[RavTask.exe]] <svchost.exe>
[IFEO[rescue32.exe]] <svchost.exe>
[IFEO[Rfw.exe]] <svchost.exe>
[IFEO[rn.exe]] <svchost.exe>
[IFEO[safeboxTray.exe]] <svchost.exe>
[IFEO[safeweb.exe]] <svchost.exe>
[IFEO[scam32.exe]] <svchost.exe>
[IFEO[scan.exe]] <svchost.exe>
[IFEO[SCAN32.exe]] <svchost.exe>
[IFEO[SCANPM.exe]] <svchost.exe>
[IFEO[scon.exe]] <svchost.exe>
[IFEO[SCRSCAN.exe]] <svchost.exe>
[IFEO[seccenter.exe]] <svchost.exe>
[IFEO[secu.exe]] <svchost.exe>
[IFEO[SERV95.exe]] <svchost.exe>
[IFEO[sirc32.exe]] <svchost.exe>
[IFEO[SMC.exe]] <svchost.exe>
[IFEO[smtpsvc.exe]] <svchost.exe>
[IFEO[SPHINX.exe]] <svchost.exe>
[IFEO[spy.exe]] <svchost.exe>
[IFEO[SWEEP95.exe]] <svchost.exe>
[IFEO[symproxysvc.exe]] <svchost.exe>
[IFEO[TBSCAN.exe]] <svchost.exe>
[IFEO[TCA.exe]] <svchost.exe>
[IFEO[TDS2-98.exe]] <svchost.exe>
[IFEO[TDS2-NT.exe]] <svchost.exe>
[IFEO[Tmntsrv.exe]] <svchost.exe>
[IFEO[TMOAgent.exe]] <svchost.exe>
[IFEO[tmproxy.exe]] <svchost.exe>
[IFEO[tmupdito.exe]] <svchost.exe>
[IFEO[TSC.exe]] <svchost.exe>
[IFEO[UlibCfg.exe]] <svchost.exe>
[IFEO[vavrunr.exe]] <svchost.exe>
[IFEO[VET95.exe]] <svchost.exe>
[IFEO[VETTRAY.exe]] <svchost.exe>
[IFEO[vir.exe]] <svchost.exe>
[IFEO[VPC32.exe]] <svchost.exe>
[IFEO[VSECOMR.exe]] <svchost.exe>
[IFEO[vshwin32.exe]] <svchost.exe>
[IFEO[VSSCAN40]] <svchost.exe>
[IFEO[vsstat.exe]] <svchost.exe>
[IFEO[WEBSCAN.exe]] <svchost.exe>
[IFEO[WEBSCANX.exe]] <svchost.exe>
[IFEO[webtrap.exe]] <svchost.exe>
[IFEO[WFINDV32.exe]] <svchost.exe>
[IFEO[windows优化大师.exe]] <svchost.exe>
[IFEO[wink.exe]] <svchost.exe>
[IFEO[zonealarm.exe]] <svchost.exe>
[IFEO[_AVP32.exe]] <svchost.exe>
[IFEO[_AVPCC.exe]] <svchost.exe>
[IFEO[_AVPM.exe]] <svchost.exe>
启动项目 -- 服务 -- Win32服务应用程序之如下项删除:
[Windows Image Acquisition (WIA) / stisvc] <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%systemroot%\system32\winsysdwn.dll>
[System Restore Service / srservice] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%systemroot%\system32\winsysdwn.dll>
[Task Scheduler / Schedule] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%systemroot%\system32\winsysdwn.dll>
[Application Management / AppMgmt] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%systemroot%\system32\winsysdwn.dll>
[Portable Media Serial Number Service / WmdmPmSN] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll>
启动项目 -- 服务-- 驱动程序之如下项删除:
[NsReSDev1 / NsReSDev1] <>
[NsReSDev1 / NsReSDev1] <>
系统修复-- HOSTS文件--重置
[b]3.完成清理[/b]
下载windows清理助手清理恶意软件
[url]http://www.arswp.com/download.html[/url]
下载临时文件清理工具
[url]http://www.dodudou.com/down/download.php?fname=./02.[/url]常用工具/ATF-Cleaner-cn.exe
※※※※※※
Powered by Discuz! Archiver 5.5.0
© 2001-2006 Comsenz Inc.