中招了 Infostealer.Lemir.Gen [谢谢各位!]

中招了 Infostealer.Lemir.Gen [谢谢各位!] - 故障解答 - 电脑教程网

中招了 Infostealer.Lemir.Gen [谢谢各位!]

日期:2007-10-24   荐:
.Gvi349 日文win2000下诺顿企业版,查出 Infostealer.Lemir.Gen 病毒 扫描结果如下 Scan type: Realtime Protection Scan Event: Virus Found! Virus name: Infostealer.Lemir.Gen File: C:\WINNT\system32\drivers\KSRK.sys Location: Quarantine Action taken: Quarantine succeeded : Access denied Date found: 2006年12月19日 10:38:51 可是找不到C:\WINNT\system32\drivers\KSRK.sys这个文件呢,不知道怎么才能杀掉 每半个小时,病毒窗口弹出一次。郁闷ing 请高手帮忙!

恩,谢谢 注册表里面包含“KSRK.sys”的项目都已经删掉了,硬盘上本来就找不到那个文件,所以没法删 然后还是每隔半个小时弹出病毒警告窗口 不知道是怎么启动的 总之。。还是删不掉

我的和做参考的那个帖子的现象不太一样呢,我再试试

客户公司的机器,不能随便格掉重装。。 发愁阿 注册表删掉了,还会自动还原那些项目的 等警告窗口弹出以后,就又找到那些项目了

2006-12-20,10:35:10

System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed:     All Boot Items (Including Registry, Startup Folders, Services and so on)     Browser Add-ons     Runing Processes (Including process model information)     File Associations Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]     <Internat.exe><Internat.exe> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]     <load><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]     <Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]     <SoundMan><SOUNDMAN.EXE> [Avance Logic, Inc.]

本文来自 www.dngz.net

    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]     <vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]     <Ver><2006.07.20> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]     <shell><Explorer.exe> [Microsoft Corporation]     <Userinit><C:\WINNT\system32\Userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]     <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]     <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll> [] ================================== Startup Folders [Adobe Reader Speed Launch]  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk><N> [EPSONプリンタウインドウ!3 環境設定(3)]  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\EPSONプリンタウインドウ!3 環境設定(3).lnk><N> [Microsoft Office]  <C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Microsoft Office.lnk><N> ================================== Services [ASTERIA Server 3 / AsteriaServer3]  <C:\PROGRA~1\asteria3\bin\asjs.exe><N/A> [DefWatch / DefWatch]  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation> [Logical Disk Manager Administrative Service / dmadmin]  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [navapsvc / navapsvc]  <><N/A> [Symantec AntiVirus Client / Norton AntiVirus Server]  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation> (www.dngz.net)为您排除一切电脑故障 [Oracle Forms Server [Forms60Server-OraHome81] / OracleFormsServer-Forms60Server-OraHome81]  <C:\frm6\bin\ifsrv60.exe -start_service><Oracle Corporation> [OracleMTSRecoveryService / OracleMTSRecoveryService]  <D:\oracle\ora92\bin\omtsreco.exe "OracleMTSRecoveryService"><Oracle Corporation> [OracleOraHome81ClientCache80 / OracleOraHome81ClientCache80]  <C:\frm6\BIN\ONRSD80.EXE><N/A> [OracleOraHome8ClientCache / OracleOraHome8ClientCache]  <C:\oracle\ora81\BIN\ONRSD.EXE><N/A> [OracleOraHome92ClientCache / OracleOraHome92ClientCache]  <D:\oracle\ora92\BIN\ONRSD.EXE><N/A> [Oracle Reports Server [Rep60_GO-OraHome81] / OracleReportServer-Rep60_GO-OraHome81]  <C:\frm6\bin\rwmts60.exe><Oracle Corp> [ScriptBlocking Service / SBService]  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation> ================================== Browser Add-ons [CNavExtBho Class]  {BDF3E430-B101-42AD-A544-FADC6B084872} <, N/A> [Web Browser Applet Control]  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINNT\system32\msjava.dll, Microsoft Corporation> [@shdoclc.dll,-866]  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [QQ]  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A> [ラジオ(&R)]  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation> []  {7d0314a8-7851-11d4-a3e1-00c04fa32518} <C:\Program Files\Oracle\JInitiator 1.1.7.31\bin\beans.ocx, Oracle Corporation> [雅虎搜索]  <res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A> ================================== Running Processes [PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601> [PID: 168][\?\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>

www.dngz.net

[PID: 164][\?\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6898>     [C:\WINNT\system32\NavLogon.dll] <N/A><N/A> [PID: 216][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>     [C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3> [PID: 228][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902> [PID: 412][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 436][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659> [PID: 528][C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe] <Microsoft Corporation><2.0.50727.42 (RTM.050727-4200)> [PID: 512][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821> [PID: 532][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 572][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] <Microsoft Corporation><7.10.3077>

[PID: 336][C:\WINNT\system32\MRTServ.exe] <Microsoft Corporation><1.18.1507.0> [PID: 768][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>     [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>     [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821>     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>     [C:\Program Files\UltraEdit\ue32ctmn.dll] <><1, 0, 0, 1> [PID: 788][C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe] <Microsoft Corporation><2005.090.2047.00> [PID: 844][C:\WINNT\system32\imejpmgr.exe] <Microsoft Corporation><7.0.1.4326> [PID: 860][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>     [C:\WINNT\system32\CBA.DLL] <IntelR Corporation><6.12.0.105 E> dngz.net     [C:\WINNT\system32\MsgSys.dll] <IntelR Corporation><6.12.0.105 E>     [C:\WINNT\system32\NTS.dll] <IntelR Corporation><6.12.0.105 E>     [C:\WINNT\system32\PDS.DLL] <IntelR Corporation><6.12.0.105 E>     [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>     [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>     [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>     [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>     [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061213.022\NAVEX32a.DLL] <Symantec Corporation><20061.3.0.12>     [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061213.022\NAVENG32.DLL] <Symantec Corporation><20061.3.0.12>     [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>

    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.1.0.821> [PID: 912][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.1.0.821>     [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><8.1.0.821>     [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>     [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.1.0.821> [PID: 920][C:\WINNT\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 956][C:\frm6\bin\ifsrv60.exe] <Oracle Corporation><6.0.8.7.3>     [C:\frm6\bin\NLSRTL33.dll] <Oracle Corporation><3.3.3.0.0>     [C:\frm6\bin\CORE40.dll] <Oracle Corporation><4.0.6.0.0> [PID: 1032][C:\frm6\bin\ifweb60.exe] <Oracle Corporation><6.0.8.7.3>     [C:\frm6\bin\NLSRTL33.dll] <Oracle Corporation><3.3.3.0.0> 本文来自 www.dngz.net     [C:\frm6\bin\CORE40.dll] <Oracle Corporation><4.0.6.0.0>     [C:\frm6\bin\UIW60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\UTC60.DLL] <Oracle Corporation><6.0.5.30.0>     [C:\frm6\bin\UTL60.DLL] <Oracle Corporation><6.0.5.30.0>     [C:\frm6\bin\UIIM60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\nnb60.dll] <N/A><N/A>     [C:\frm6\bin\CA60.dll] <Oracle Corporation><6.0.5.32.1>     [C:\frm6\bin\UIREM60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\ROS60.DLL] <Oracle Corporation><6.0.5.0.1>     [C:\frm6\bin\ORA805.dll] <Oracle Corporation><8.0.6.0.0>     [C:\frm6\bin\NL80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\OTRACE80.dll] <N/A><N/A>     [C:\frm6\bin\NS80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\nasns80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\nz80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNFG80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNCI80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNG80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NMP80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NPL80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NR80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NT80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NCR80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NMS80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNFD80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNFN80.dll] <Oracle Corporation><8.0.6.0.0 Production> dngz.net     [C:\frm6\bin\NI80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\mmc60.DLL] <N/A><N/A>     [C:\frm6\bin\DEB60.dll] <Oracle Corporation><6.0.8.11.0>     [C:\frm6\bin\PLS805.dll] <Oracle Corporation><8.0.6.0.0>     [C:\frm6\bin\NDWSI80.DLL] <N/A><N/A>     [C:\frm6\bin\PSTD805.dll] <Oracle Corporation><8.0.6.0.0>     [C:\frm6\bin\ifw60.dll] <Oracle Corporation><6.0.8.7.3>     [C:\frm6\bin\ifwcm60.dll] <Oracle Corporation><6.0.8.7.3>     [C:\frm6\bin\nzbs.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\mma60.dll] <N/A><N/A>     [C:\frm6\bin\UAT60.DLL] <Oracle Corporation><6.0.5.30.0>     [C:\frm6\bin\mmv60.dll] <N/A><N/A>     [C:\frm6\bin\MMI60.dll] <N/A><N/A>     [C:\frm6\bin\mms60.dll] <N/A><N/A>     [C:\frm6\bin\mmw60.dll] <N/A><N/A>     [C:\frm6\bin\sqllib80.dll] <Oracle Corporation><8.0.6.0.0>     [C:\frm6\bin\UIA60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\UIDC60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\VGS60.dll] <N/A><N/A> [PID: 628][C:\Documents and Settings\k220\デスクトップ\IPMSG.EXE] <H.Shirouzu><2.05> [PID: 648][C:\frm6\bin\rwmts60.exe] <Oracle Corp><6.0>     [C:\frm6\bin\CORE40.dll] <Oracle Corporation><4.0.6.0.0>     [C:\frm6\bin\NLSRTL33.dll] <Oracle Corporation><3.3.3.0.0>     [C:\frm6\bin\RWK60.DLL] <N/A><N/A>     [C:\frm6\bin\ORA805.dll] <Oracle Corporation><8.0.6.0.0>     [C:\frm6\bin\NL80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\OTRACE80.dll] <N/A><N/A>     [C:\frm6\bin\NS80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\nasns80.dll] <Oracle Corporation><8.0.6.0.0 Production> dngz.net您的电脑医生     [C:\frm6\bin\nz80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNFG80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNCI80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNG80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NMP80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NPL80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NR80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NT80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NCR80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NMS80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNFD80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\NNFN80.dll] <Oracle Corporation><8.0.6.0.0 Production>

    [C:\frm6\bin\NI80.dll] <Oracle Corporation><8.0.6.0.0 Production>     [C:\frm6\bin\CA60.dll] <Oracle Corporation><6.0.5.32.1>     [C:\frm6\bin\UIREM60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\ROS60.DLL] <Oracle Corporation><6.0.5.0.1>     [C:\frm6\bin\UTL60.DLL] <Oracle Corporation><6.0.5.30.0>     [C:\frm6\bin\UTC60.DLL] <Oracle Corporation><6.0.5.30.0>     [C:\frm6\bin\UIW60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\UIIM60.DLL] <Oracle Corporation><6.0.5.35.0>     [C:\frm6\bin\mmc60.DLL] <N/A><N/A>     [C:\frm6\bin\ZRC60.dll] <N/A><N/A>     [C:\frm6\bin\ntt80.DLL] <Oracle Corporation><8.0.6.0.0 Production> [PID: 1072][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701> [PID: 1100][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704> ~

[PID: 1180][C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe] <Microsoft Corporation><2005.090.2047.00> [PID: 1236][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100> [PID: 1272][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1> [PID: 1300][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984> [PID: 1500][C:\WINNT\system32\taskmgr.exe] <Microsoft Corporation><5.00.2195.6620> [PID: 1196][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>     [C:\WINNT\System32\devenum.dll] <N/A><N/A> [PID: 356][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0> [PID: 1720][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106> [PID: 1856][C:\Program Files\Microsoft Office\Office\WINWORD.EXE] <Microsoft Corporation><9.0.2823>     [C:\WINNT\system32\spool\DRIVERS\W32X86\3\fxlsrjiu.dll] <Fuji Xerox Co., Ltd.><2.6.8.1>     [C:\WINNT\system32\spool\DRIVERS\W32X86\3\fxlsrjdm.dll] <Fuji Xerox Co., Ltd.><2.6.3.1>     [C:\WINNT\system32\spool\DRIVERS\W32X86\3\fxlsrjir.xrs] <Fuji Xerox Co., Ltd.><2.6.8.1>     [C:\WINNT\system32\spool\DRIVERS\W32X86\3\fxlsrjim.dll] <Fuji Xerox Co., Ltd.><2.6.8.1>     [C:\WINNT\system32\spool\DRIVERS\W32X86\3\fxlsrj.xrs] <Fuji Xerox Co.,Ltd.><1, 0, 0, 1> [PID: 1732][D:\陳\Tools\SREng1\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"]

本文来自(www.dngz.net)

.BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP Error. [WINHLP32.EXE %1] .INI Error. [UltraEdit.ini] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS Error. [UltraEdit.js] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider ==================================

感谢~~~~~~~~~~~~~~~~~~~:kiss:

非常感谢大家的帮助 试过了各种杀毒软件,最后在木马防线的提示下,发现有个MRTServ.exe的进程 把它删掉了,就好了 安心:lol :lol :lol

标签: