.Tcs357
木马克星说:C:\WINNT\system32\winhelp.dll
C:\WINNT\system32\ALSNDMGR.CPL
C:\WINNT\system32\igfxcpl.cpl
这3个有可疑
木马杀客说:
系统事件:启动项目中发现木马!
木马启动项:winhelp
木马从启动项目中清除成功!
rundll32.exe c:\windows\system32\winhelp.dll autorun
启动项目木马所指定主程序已经不存在!
rundll32.exe c:\windows\system32\winhelp.dll autorun
杀了以后又会出……卡巴不识这个病毒
文件位于 system32\winhelp.dll
兔子说是恶意代码,删除又出
我倒安全模式杀了一遍,说是没有了
重启又复活了
开机还得拔了网线在插上才能防的住不然启动的程序全被关了。。
还一直弹出这个错误被关闭 那个错误被关闭的 浏览器也是一会错误重新启动 反反复复的
重新GHOST了还是老样子。。。。。。。。。。
我真跪了……帮帮我吧
病毒信息还有专杀最好,什么病毒?
[ 本帖最后由 qimeng 于 2006-9-21 02:26 编辑 ]
我也是一样!!还有一个trojan.win32.patched.c 我只要是打开一个程序,我在网上下的一个外国的杀毒软件就提示已经感染,我都快疯了,Logfile of HijackThis v1.99.1
Scan saved at 0:38:29, on 2006-9-21
Platform: Windows XP SP2 (WinNT 5.01.2600) dngz.net您的电脑医生
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows 流氓软件清理大师\clean.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Ashampoo AntiSpyWare1.5\Ashampoo AntiSpyWare\AntiSpyWare.exe
D:\Ashampoo AntiSpyWare1.5\Ashampoo AntiSpyWare\AntiSpyWareControl.exe
D:\Ashampoo AntiSpyWare1.5\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
dngz.net版权所有
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PLAYBO~1\LOCALS~1\Temp\Rar$EX00.903\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_013.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: assist - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll dngz.net版权所有
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Sandai Technologies Inc\ThunderMini\ThunderMini.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [winhelp] rundll32.exe C:\WINDOWS\system32\winhelp.dll autorun
O4 - HKLM\..\RunOnce: [ YaAutoRepair] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll,Rundll32
O4 - HKCU\..\Run: [winhelp] rundll32.exe C:\WINDOWS\system32\winhelp.dll autorun 本文来自(www.dngz.net)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Sandai Technologies Inc\ThunderMini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/203 欢迎来到(www.dngz.net)
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - (no file)
O9 - Extra button: (no name) - {59BC54A2-56B3-44a0-93E5-432D58746E26} - (no file)
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll ,
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{484DBC64-1B5F-4074-8264-75DF4B9A6BA9}: NameServer = 219.150.32.132 219.146.0.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{484DBC64-1B5F-4074-8264-75DF4B9A6BA9}: NameServer = 219.150.32.132 219.146.0.130
O21 - SSODL: internet - {4E9CE6D6-6D73-490f-8D9C-5265A771CDF1} - C:\Documents and Settings\PLAY BOY\Local Settings\Temp\~BackupFiles\\177f8a3a2da7ebe555af02f6288dfa32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
这是我用hijackthis扫描的!请高手指点,进程里面结束不了,删除了就出来,一下出来2个!
我GHOST时好象没拔网线 跟那个有点关系么?? 再找不到办法小弟就要分区了 愁死了 这病毒太狠了。。 。。。
楼主: (www.dngz.net)
C:\WINNT\system32\winhelp.dll
到安全模式下删除文件,并搜索注册表;
建议装卡巴6;
二楼:
存在同样的问题;
取消启动项:O4 - HKCU\..\Run: [winhelp] rundll32.exe C:\WINDOWS\system32\winhelp.dll autorun并删除文件;
修复R3、02、、03、O6、08(保留迅雷)、09、021项;
清空临时文件夹;
再用兔子清理哑虎所有相关;