文本处理数据备份 系统辅助服 务 器 系统优化电脑常识 电脑安全资源共享 通信网路网上冲浪 反毒杀毒菜鸟进阶 互 联 网
网络安全 网络营销网络安全 I T 趣 谈操作系统 工具软件电脑医院 网上赚钱经典教程 网页制作反毒杀毒 实用技术数据结构
局域网技术快活林学院 Flashasp CssaspNet HtmlPhp JspC# JsExcel WordVba access
  当前位置:IT快活林→网上冲浪实用技术

MSN中毒了,收了一个压缩文件夹。

作者:本站整理   发布时间:2008-9-8 10:10:51

今天[{$WriteTime}]收了一个同事msn的压缩包,
打开以后才反应过来,有可能是msn病毒,果然,电脑当机,开始自动发送压缩包,用毒霸查不出病毒,用清理专家查后发现安全模式禁用,任务管理器,注册表(Regedit)Editor禁用,已经修复.而不能是且最奇怪的,BaiDu上不了了,一打www.baidu.com就跑到这一个链接http://bjdnsVII.cncmax.cn:8080/?HOST=auto.search.msn.com&R=/response.asp&MT=www.baidu.com&srch=5&prov=gogl&utf8.以下是清理专家导出的报告,由于是第一次用,不知道导出的对不对,请帮忙看一下
==============================================================
  金山清理专家操作操作系统诊断报告
该诊断报告由金山清理专家提供 http://www.duba.net
==============================================================
诊断时间:2008-08-18, 11:57
诊断平台:Windows XP [V.I.2600] Service Pack 2
IE版本:  Internet Explorer VVI.0.2180.2900
电脑物理计算机内存:503(MB)
当前可以用计算机内存:  123(MB)
计算机硬盘(Hard)总大小:    69(GB)
计算机硬盘(Hard)可以用空间:  37(GB)
清理专家版本:  2008.0VII.1VI.472
恶意软件(soft)库版本:2008.08.0VI.1
漏洞库版本:    2008.08.1IV.1
==============================================================
  常规启动操作系统项
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  [Symantec Debug Client] <symdebugs.exe>
  文件路径: C:\WINDOWS\system32\symdebugs.exe [分析中]==============================================================
  登陆加载项
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    [crypt]   <crypts.dll>==============================================================
  启动操作系统文件夹位置
==============================================================
Common Startup:C:\Documents and Settings\All Users\「开始」菜单\程序(Procedures)(Procedures)\启动操作系统
Startup: C:\Documents and Settings\user\「开始」菜单\程序(Procedures)(Procedures)\启动操作系统
Common Startup:%ALLUSERSPROFILE%\「开始」菜单\程序(Procedures)(Procedures)\启动操作系统
==============================================================
  Host File
==============================================================
12VII.0.0.1 msnfix.changelog.fr
12VII.0.0.1 www.incodesolutions.com
12VII.0.0.1 baike.360.cn
12VII.0.0.1 virusinfo.prevx.com
12VII.0.0.1 download.bleepingcomputer.com
12VII.0.0.1 www.dazhizhu.cn
12VII.0.0.1 www.nabble.com
12VII.0.0.1 lurker.clamav.net
12VII.0.0.1 lexikon.ikarus.at
12VII.0.0.1 research.sunbelt-software.com
12VII.0.0.1 www.virusdoctor.jp
12VII.0.0.1 www.elitepvpers.de
12VII.0.0.1 www.superuser.co.kr
12VII.0.0.1 ntfaq.co.kr
12VII.0.0.1 v.dreamwiz.com
12VII.0.0.1 cit.kookmin.ac.kr
12VII.0.0.1 forums.whatthetech.com
12VII.0.0.1 forum.hijackthis.de
12VII.0.0.1 www.huaifai.go.th
12VII.0.0.1 www.mostz.com
12VII.0.0.1 www.krupunmai.com
12VII.0.0.1 www.cddchiangmai.net
12VII.0.0.1 forum.malekal.com
12VII.0.0.1 tech.pantip.com
12VII.0.0.1 www.247fixes.com
12VII.0.0.1 forum.sysinternals.com
12VII.0.0.1 forum.telecharger.01net.com
12VII.0.0.1 sophos.com
12VII.0.0.1 www.f-secure.com
12VII.0.0.1 www.chkrootkit.org
12VII.0.0.1 diamondcs.com.au
12VII.0.0.1 www.rootkit.nl
12VII.0.0.1 www.sysinternals.com
12VII.0.0.1 www.castlecrops.com
12VII.0.0.1 www.misec.net
12VII.0.0.1 safecomputing.umn.edu
12VII.0.0.1 www.antirootkit.com
12VII.0.0.1 www.greatis.com
12VII.0.0.1 www.rootkit.com
12VII.0.0.1 www.pctools.com
12VII.0.0.1 www.pcsupportadvisor.com
12VII.0.0.1 www.resplendence.com
12VII.0.0.1 www.personal.psu.edu
12VII.0.0.1 vil.nail.comm
12VII.0.0.1 search.mcafee.com
12VII.0.0.1 wwww.mcafee.com
12VII.0.0.1 download.nai.com
12VII.0.0.1 wwww.experts-exchange.com
12VII.0.0.1 www.Merijn.org
12VII.0.0.1 www.spywareinfo.com
12VII.0.0.1 www.spybot.info
12VII.0.0.1 www.viruslist.com
12VII.0.0.1 www.hijackthis.de
12VII.0.0.1 www.f-secure.com
12VII.0.0.1 majorgeeks.com
12VII.0.0.1 www.avp.com
12VII.0.0.1 www.virustotal.com
12VII.0.0.1 www.sophos.com
12VII.0.0.1 www.avg-antivirus.net
12VII.0.0.1 www.kaspersky-labs.com
12VII.0.0.1 www.kaspersky.com
12VII.0.0.1 www.bleepingcomputer.com
12VII.0.0.1 www.free.grisoft.com
12VII.0.0.1 securityresponse.symantec.com
12VII.0.0.1 www.analysis.seclab.tuwien.ac.at
12VII.0.0.1 www.symantec.com
12VII.0.0.1 www.kztechs.com
12VII.0.0.1 liveupdate.symantecliveupdate.com
12VII.0.0.1 liveupdate.symantec.com
12VII.0.0.1 customer.symantec.com
12VII.0.0.1 update.symantec.com
12VII.0.0.1 www.mcafee.com
12VII.0.0.1 www.free.avg.com
12VII.0.0.1 download.mcafee.com
12VII.0.0.1 mast.mcafee.com
12VII.0.0.1 guru0.grisoft.cz
12VII.0.0.1 guruI.grisoft.cz
12VII.0.0.1 guruII.grisoft.cz
12VII.0.0.1 guruIII.grisoft.cz
12VII.0.0.1 guruIV.grisoft.cz
12VII.0.0.1 guruV.grisoft.cz
12VII.0.0.1 www.virusspy.com
12VII.0.0.1 www.download.f-secure.com
12VII.0.0.1 www.housecall.trendmicro.com
12VII.0.0.1 www.avast.com
12VII.0.0.1 www.free.avg.com
12VII.0.0.1 www.onlinescan.avast.com
12VII.0.0.1 www.futurenow.bitdefender.com
12VII.0.0.1 www.bitdefender.com
12VII.0.0.1 www.f-prot.com
12VII.0.0.1 www.trendsecure.com
12VII.0.0.1 www.avira.com
12VII.0.0.1 www.eset.com
12VII.0.0.1 www.free.avg.com
12VII.0.0.1 www.free-av.com
12VII.0.0.1 www.2-spyware.com
12VII.0.0.1 www.antivir.es
12VII.0.0.1 www.prevx.com
12VII.0.0.1 www.ikarus.net
12VII.0.0.1 www.forums.majorgeeks.com
12VII.0.0.1 www.castlecops.com
12VII.0.0.1 www.virusspy.com
12VII.0.0.1 andymanchesta.com
12VII.0.0.1 www.trendmicro.com
12VII.0.0.1 www.fortinet.com
12VII.0.0.1 www.safer-networking.org
12VII.0.0.1 www.fortiguardcenter.com
12VII.0.0.1 www.firewallguide.com
12VII.0.0.1 www.auditmypc.com
12VII.0.0.1 www.spywaredb.com
12VII.0.0.1 www.mxttchina.com
12VII.0.0.1 www.antivirus.comodo.com
12VII.0.0.1 www.spywareterminator.com
12VII.0.0.1 www.eradicatespyware.net
12VII.0.0.1 www.freespywareremoval.info
12VII.0.0.1 www.clamav.net
12VII.0.0.1 www.antivirus.about.com
12VII.0.0.1 www.pandasecurity.com
12VII.0.0.1 www.webphand.com
12VII.0.0.1 www.sandboxie.com
12VII.0.0.1 www.clamwin.com
12VII.0.0.1 www.cwsandbox.org
12VII.0.0.1 www.ca.com
12VII.0.0.1 www.networkworld.com
12VII.0.0.1 www.cddchiangmai.net
12VII.0.0.1 www.threatexpert.com
12VII.0.0.1 www.norman.com
12VII.0.0.1 virscan.org
12VII.0.0.1 www.viruschief.com
12VII.0.0.1 scanner.virus.org
12VII.0.0.1 www.hijackthis.de
12VII.0.0.1 hjt.networktechs.com
12VII.0.0.1 www.techsupportforum.com
12VII.0.0.1 www.whatthetech.com
12VII.0.0.1 www.soccersuck.com
12VII.0.0.1 forum.piriform.com
12VII.0.0.1 www.tweaksforgeeks.com
12VII.0.0.1 www.daniweb.com
12VII.0.0.1 www.geekstogo.com
12VII.0.0.1 www.pchell.com
12VII.0.0.1 www.spyany.com
12VII.0.0.1 forums.techguy.org
12VII.0.0.1 www.experts-exchange.com
12VII.0.0.1 forum.tweaks.com
12VII.0.0.1 www.wilderssecurity.com
12VII.0.0.1 www.techspot.com
12VII.0.0.1 www.thecomputerpitstop.com
12VII.0.0.1 www.computing.net
12VII.0.0.1 discussions.virtualdr.com
12VII.0.0.1 forum.securitycadets.com
12VII.0.0.1 www.techimo.com
12VII.0.0.1 www.infosecpodcast.com
12VII.0.0.1 www.usbcleaner.cn
12VII.0.0.1 www.net-security.org
12VII.0.0.1 www.bleedingthreats.net
12VII.0.0.1 zhidao.baidu.com
12VII.0.0.1 bbs.360safe.com
12VII.0.0.1 hjt-data.trend-braintree.com
12VII.0.0.1 www.360.cn
12VII.0.0.1 www.baidu.com
12VII.0.0.1 www.360safe.com
12VII.0.0.1 www.lavasoft.com
12VII.0.0.1 www.virscan.org
12VII.0.0.1 file.ikaka.com
12VII.0.0.1 www.pantip.com
12VII.0.0.1 secubox.aldria.com
12VII.0.0.1 www.forospyware.com
12VII.0.0.1 www.siteadvisor.com
12VII.0.0.1 blog.threatfire.com
12VII.0.0.1 www.threatexpert.com
12VII.0.0.1 blog.hispasec.com
12VII.0.0.1 bbs.ikaka.com
12VII.0.0.1 www.ikaka.com
12VII.0.0.1 bbs.cfan.com.cn
12VII.0.0.1 www.cfan.com.cn
12VII.0.0.1 mailcenter.rising.com.cn
12VII.0.0.1 mailcenter.rising.com
12VII.0.0.1 www.rising.com.cn
12VII.0.0.1 www.rising.com
12VII.0.0.1 sosvirus.changelog.fr
12VII.0.0.1 upload.changelog.fr
12VII.0.0.1 www.raymond.cc
12VII.0.0.1 changelog.fr
12VII.0.0.1 www.final4ever.com
12VII.0.0.1 files.filefont.com
12VII.0.0.1 www.infos-du-net.com
12VII.0.0.1 www.trendsecure.com
12VII.0.0.1 www.spychecker.com
12VII.0.0.1 www.geekstogo.com
12VII.0.0.1 forums.maddoktorII.com
12VII.0.0.1 www.smokey-services.eu
12VII.0.0.1 download.sysinternals.com
12VII.0.0.1 www.pcguide.com
12VII.0.0.1 www.thetechguide.com
12VII.0.0.1 www.ozzu.com
12VII.0.0.1 down.360safe.com
12VII.0.0.1 baike.360.cn
12VII.0.0.1 kaba.360.cn
12VII.0.0.1 hi.baidu.com
12VII.0.0.1 bbs.kafan.cn
12VII.0.0.1 bbs.kpfans.com
12VII.0.0.1 bbs.taisha.org
12VII.0.0.1 www.baidu.cn
12VII.0.0.1 dl.360safe.cn
12VII.0.0.1 updatem.360safe.com
12VII.0.0.1 update.360safe.com
12VII.0.0.1 dl.360safe.com
12VII.0.0.1 community.thaiware.com
12VII.0.0.1 x.360safe.com
12VII.0.0.1 x.360safe.cn
12VII.0.0.1 www.avpclub.ddns.info
12VII.0.0.1 www.msnvirusremoval.com
12VII.0.0.1 www.cisrt.org
12VII.0.0.1 fixmyim.com
12VII.0.0.1 samroeng.hiV.com
12VII.0.0.1 forums.techguy.org
12VII.0.0.1 www.incodesolutions.com
12VII.0.0.1 hijackthis.download3000.com
12VII.0.0.1 www.cybertechhelp.com
12VII.0.0.1 downloads.andymanchesta.com
12VII.0.0.1 andymanchesta.com
12VII.0.0.1 info.prevx.com
12VII.0.0.1 aknow.prevx.com
12VII.0.0.1 www.offensivecomputing.net
12VII.0.0.1 www.grisoft.com
==============================================================
  驱动程序(Procedures)(Procedures)
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers
  [VIDC.CVID] [已启用] <ICCVID.DRV>
  [VIDC.MSVC] [已启用] <MSVIDC.DRV>
  [VIDC.IV32] [已启用] <IR3II.DLL>
  [VIDC.IV31] [已启用] <IR3II.DLL>
  [VIDC.MRLE] [已启用] <MSRLE.DRV>
  [VIDC.RT21] [已启用] <IR21-R.dll>
  [VIDC.YVU9] [已启用] <IR21-R.dll>
----------------------------------------------------
该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  [Bgk40] [已启用]   <System32\Drivers\Bgk40.sys>
  [Sxc27] [已启用]   <System32\Drivers\Sxc2VII.sys>

[ By the end of this article 一把锈剑 于 2008-8-18 14:54 Editor ]-------
没人帮忙吗?很急-------
下载彻底删除工具(无敌彻底删除器)
(DelayDelFile.rar)或者是参考http://bbs.duba.net/thread-21914617-1-I.html
说明:解压并打开DelayDelFile,复制以下待彻底删除文件列表-->粘贴进(Ctrl+V)第一个空白框中-->按"添加"-->单击"彻底删除"按钮
彻底删除以下文件,再把该工具彻底删除时备份的_Backup_文件夹打包传上来引用:
C:\WINDOWS\system32\symdebugs.exe
C:\WINDOWS\System32\Drivers\Bgk40.sys
C:\WINDOWS\System32\Drivers\Sxc2VII.sys使用 清理专家 修复以下项
清理专家-->在线操作操作系统诊断-->单击这里隐藏(Hide)所有已知安全的项-->点"全面诊断"按钮-->
看右边窗口-->找到要修复的项,勾选-->"修复选中项"引用:
==============================================================
  常规启动操作系统项
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  [Symantec Debug Client] <symdebugs.exe>
  文件路径: C:\WINDOWS\system32\symdebugs.exe [分析中]==============================================================
  登陆加载项
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    [crypt]   <crypts.dll>
驱动程序(Procedures)(Procedures)
==============================================================
该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers
  [VIDC.CVID] [已启用] <ICCVID.DRV>
  [VIDC.MSVC] [已启用] <MSVIDC.DRV>
  [VIDC.IV32] [已启用] <IR3II.DLL>
  [VIDC.IV31] [已启用] <IR3II.DLL>
  [VIDC.MRLE] [已启用] <MSRLE.DRV>
  [VIDC.RT21] [已启用] <IR21-R.dll>
  [VIDC.YVU9] [已启用] <IR21-R.dll>
----------------------------------------------------
该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  [Bgk40] [已启用]   <System32\Drivers\Bgk40.sys>
  [Sxc27] [已启用]   <System32\Drivers\Sxc2VII.sys>用记事本打开里面的C:\WINDOWS\system32\drivers\etc的hosts文件,然后就保留"12VII.0.0.1 localhost",其他全部彻底删除-------
_BackUp_Auto_.7z (38.31 KB)_BackUp_Auto_.7z (38.31 KB)
下载次数: 9
2008-8-18 13:21
这是彻底删除以后的打包,谢-------
对不起,找不到“用记事本打开里面的C:\WINDOWS\system32\drivers\etc的hosts文件,然后就保留"12VII.0.0.1 localhost",其他全部彻底删除”里面的12VII.0.0.1 localhost选项,能不能指导一下-------
C:\WINDOWS\system32\drivers\etc的hosts文件用记事本打开
里面内容就保留保留"12VII.0.0.1 localhost",其他全部彻底删除-------
真的很笨的我,里面打开以后找不到  localhost  字样,sorry-------
http://www.eeload.com/chinese/view/o/39VII.html到这里下载 然后运行文件 就可以修复了-------
引用:原帖由 KSDB1330365 于 2008-8-18 13:39 发表
真的很笨的我,里面打开以后找不到  localhost  字样,sorry 您把其他文字都删了
只留
12VII.0.0.1 localhost-------
THANK YOU-------
传说中的病毒压缩包文件呢?-------
也是今天[{$WriteTime}]中的这一个毒,按步骤解决了,太谢了.-------
非常感谢经验的分享!~另:杀了毒之后腾讯的TTtraveler开不出了..只支持IE了- -# 不知道怎么回事呢呵~
》热 点 关 注