广告程序not-a-virus:AdWare.Win32.Ncast.m这是什么木马!怎么杀!已扫日志

广告程序not-a-virus:AdWare.Win32.Ncast.m这是什么木马!怎么杀!已扫日志 - 故障解答 - 电脑教程网

广告程序not-a-virus:AdWare.Win32.Ncast.m这是什么木马!怎么杀!已扫日志

日期:2007-02-17   荐:
.Gby846 已删除: 广告程序 not-a-virus:AdWare.Win32.Ncast.m 文件: C:\WINNT\system32\drivers\amdk5.sys   此木马! 我的卡巴提示有毒,清除不了,我就直接删除了,可是删除了后,我的桌面打开任何文件就提示找不到 提示:        "对指定路径的文件、设备访问被拒绝“    请问这个毒怎么杀! 我昨天在安全模式下杀过,可是没有杀掉!    还有出现这个问题后,重启一下就可以用一会,可是等一会卡巴又会检测出有这个病毒! 下面是我用sreng扫的日志,大家帮我看一下: 这病毒是怎么工作的: [code]2006-12-26,10:00:06 System Repair Engineer 2.3.13.690 Smallfrogs (http://www.KZTechs.com) Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能 以下内容被选中:     所有的启动项目(包括注册表、启动文件夹、服务等)     浏览器加载项     正在运行的进程(包括进程模块信息)

    文件关联     Winsock 提供者     Autorun.inf     HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]     <Internat.exe><internat.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]     <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]     <shell><Explorer.exe> [(Verified)Microsoft Corporation]     <Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]     <WebSecurity><C:\WINNT\system32\PvSec.dll> []

==================================

dngz.net

启动文件夹 N/A ================================== 服务 [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]  <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab> [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start]  <D:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]  <"d:\Program Files\WinPcap\rpcapd.exe" -d -f "d:\Program Files\WinPcap\rpcapd.ini"><NetGroup - Politecnico di Torino> [wins(WINS) / wins][Stopped/Auto Start]  <"C:\WINNT\system32\winscntrl.exe"><N/A> [WMDM PMSP Service / WMDM PMSP Service][Stopped/Disabled]  <C:\WINNT\system32\mspmspsv.exe><Microsoft Corporation> [Network Conning / Netwok][Stopped/Auto Start]  <C:\WINNT\system32\Service.exe><Microsoft Corporation> ================================== 驱动程序 [amdk5 / amdk5][Running/Auto Start]  <\?\C:\WINNT\system32\drivers\amdk5.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [Rising TDI Base Driver / BaseTDI][Running/Auto Start]  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [Kercap3.6 Server / Blcapdrv][Stopped/Manual Start]  <system32\DRIVERS\blcapdrv.sys><N/A> [c12846472 / c12846472][Stopped/Boot Start]  <\SystemRoot\System32\drivers\c12846472.sys><N/A>

[dgdhhafc / dgdhhafc][Stopped/Boot Start] 本文来自(www.dngz.net)  <\SystemRoot\system32\drivers\dgdhhafc.sys><N/A> [dmboot / dmboot][Stopped/Disabled]  <System32\drivers\dmboot.sys><VERITAS Software Corp.> [Logical Disk Manager Driver / dmio][Running/Boot Start]  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.> [dmload / dmload][Running/Boot Start]  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.> [HookUrl / HookUrl][Running/Auto Start]  <\?\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [i81x / i81x][Running/Manual Start]  <system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation> [kl1 / kl1][Running/Boot Start]  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [klif / klif][Running/System Start]  <\?\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab> [LanPort / LanPort][Stopped/Auto Start]  <\?\C:\WINNT\system32\drivers\LanPort.sys><N/A> [mProcRs / mProcRs][Running/Auto Start]  <\?\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [NIC Express Virtual Miniport / NICExpressMP][Stopped/Manual Start]  <system32\DRIVERS\NICXEth.sys><FalconStor Software, Inc.> [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]  <system32\drivers\npf.sys><Politecnico di Torino> [npkcrypt / npkcrypt][Stopped/Auto Start]  <\?\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A> [p2pfilter / p2pfilter][Stopped/Manual Start]  <\?\D:\program files\grabsun\netsense\p2pfilter.sys><N/A> [parcls / parcls][Running/Auto Start]  <\?\C:\WINNT\system32\drivers\parcls.sys><N/A> [PnpWmkDrv / PnpWmkDrv][Running/System Start]  <\?\C:\WINNT\system32\drivers\PnpWmkDrv.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start]  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> dngz.net版权所有 [RsFwDrv / RsFwDrv][Running/Auto Start]  <\?\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Running/Manual Start]  <system32\DRIVERS\RTL8029.SYS><REALTEK Semiconductor Corp.> [SNIFFER Protocol Driver / Sniffer][Running/Auto Start]  <system32\DRIVERS\sniffer.sys><N/A> [TDDI / TDDI][Running/Auto Start]  <\?\C:\WINNT\system32\drivers\tddi.sys><SafeNet China Ltd.> [TSP / TSP][Stopped/Manual Start]  <\?\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab> [WmNdisDrv / WmNdisDrv][Stopped/Manual Start]  <System32\Drivers\WmNdisDrv.sys><N/A> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== 浏览器加载项 N/A ================================== 正在运行的进程 [PID: 184][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 208][\?\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 204][\?\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970]     [C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]     [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 256][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]     [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 268][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902] [PID: 444][D:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]

    [D:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]     [D:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2] ;     [D:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]     [D:\Program Files\Rising\Rfw\MonDrv.dll] [rs, 1, 0, 0, 4]     [D:\Program Files\Rising\Rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]     [D:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 520][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 576][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059] [PID: 628][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 768][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6920] [PID: 820][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100] [PID: 664][C:\WINNT\system32\Service.exe] [Microsoft Corporation, 3.02] [PID: 1000][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]     [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]     [C:\WINNT\system32\PvSec.dll] [, 5, 1, 100, 2500]     [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] 本文来自 www.dngz.net [PID: 1196][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]     [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 1224][D:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]     [D:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]     [D:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]     [D:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]     [D:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]     [D:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 736][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]     [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 1280][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.557\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]     [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 452][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]     [C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}][/code]

www.dngz.net

每次启动后,就有几分钟时间可以打开任何文件,可是等卡巴检测到这个病毒后,把它删除了就又不能打开任何文件了,不过之前打开过的文件是可以继续用的,如果关掉就不能再打开了!提示找不到路径! 怎么办啊!

帮帮忙! 谢谢 每次都是这样! 发现病毒后就不能打开任何文件,我之所以能打开网页,还是在我没有发发现病毒之前打开的, 刚才又发现在这个病毒了,现在又打开了! 我现在先在安全模式下用: AVG杀一下毒,不知道行不行! 麻烦各位告诉一下这病毒的特征,谢谢了!

刚刚杀出来一个! Adware ncast和Adware boran (彩信通)病毒!Adware ncast感染的文件是:   C:\WINDOWS\system32\userinit.dll 我可以直接把userinit文件给删除了吗?!这个文件有什么用! 对了,我在我的日志里面看到了,有驱动程序: C:\WINNT\system32\drivers\amdk5.sys 这个是不是就是那个not-a-virus:AdWare.Win32.Ncast.m的驱动啊!我已经把这个启动给取消了! 其它的我看不出来了!

我倒·Windows 2000 Server Service Pack 4 (Build 2195)!你的2000服务器系统怎么装的卡巴斯基啊?再说卡巴斯基对个人版比较好使!对服务器没使过!感觉nod32对付服务器杀毒方面比较好!建议用nod32!卡巴杀不掉!用专杀看看有没有!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]     <WebSecurity><C:\WINNT\system32\PvSec.dll> [] 以上注册表项目删除,并删除PvSec.dll; 这两个服务也删除,方法参看本版用户写的SREng使用说明: [wins(WINS) / wins][Stopped/Auto Start]  <"C:\WINNT\system32\winscntrl.exe"><N/A> [Network Conning / Netwok][Stopped/Auto Start]  <C:\WINNT\system32\Service.exe><Microsoft Corporation> 以下驱动再仔细查查,估计都不是什么好东西,可用Icesword删除,包括其注册表项目: [c12846472 / c12846472][Stopped/Boot Start]  <\SystemRoot\System32\drivers\c12846472.sys><N/A> [dgdhhafc / dgdhhafc][Stopped/Boot Start]  <\SystemRoot\system32\drivers\dgdhhafc.sys><N/A> [parcls / parcls][Running/Auto Start] www.dngz.net  <\?\C:\WINNT\system32\drivers\parcls.sys><N/A> 结束进程删除文件及其注册表项目[PID: 664][C:\WINNT\system32\Service.exe] [Microsoft Corporation, 3.02]

谢谢,我试试,我明天再来报到哈!

标签: