|
PCDVD數位科技討論區
(https://www.pcdvd.com.tw/index.php)
- 疑難雜症區
(https://www.pcdvd.com.tw/forumdisplay.php?f=34)
- - [求救]電腦中怪毒了
(https://www.pcdvd.com.tw/showthread.php?t=450334)
|
|---|
[求救]電腦中怪毒了
這個病毒會一直狂寄郵件,notorn根本就掃不到,而且還會幫忙透過notorn掃瞄後寄出
,他會在system32下產生大量的K****,或Q****的文件..第一個字母是變數後四碼是數字 電腦開機後不久就開始狂寄,而且會透過區網感染,我家三台電腦都中了..HElp |
這是其中一個檔名的內容
散步在windows跟system32下 [KB833998.log] *** 2004/9/5 15:29:12.140 *** Exe = update.exe, Version = 5.4.1.0 *** ================== Update.exe started at 9/ 5/2004 at 15:29:12 ================== *** Service Pack 用以下指令行啟動: /u /z /n /q *** ---- Old Information In The Registry ------ *** Source:h:\3\$shtdwn$.req Version: *** Destination: Version: *** Source:h:\3\symbols\exe Version: *** Destination: Version: *** Source:h:\3\symbols Version: *** Destination: Version: *** Source:h:\3\update\update.exe Version: *** Destination: Version: *** Source:h:\3\update Version: *** Destination: Version: *** Source:h:\3 Version: *** Destination: Version: *** Source:h:\3 Version: *** Destination: Version: *** Source:h:\c8636db\$shtdwn$.req Version: *** Destination: Version: *** Source:h:\c8636db\update\update.exe Version: *** Destination: Version: *** Source:h:\c8636db\update Version: *** Destination: Version: *** Source:h:\c8636db Version: *** Destination: Version: *** Source:h:\c8636db Version: *** Destination: Version: *** Source:C:\WINDOWS\Help\SET247.tmp Version: *** Destination:C:\WINDOWS\Help\apps.chm Version: *** Source:C:\WINDOWS\AppPatch\SET24D.tmp Version: *** Destination:C:\WINDOWS\AppPatch\sysmain.sdb Version: 0.0.2.0 *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\$shtdwn$.req Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update\update.exe Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31 Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31 Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\SET264.tmp Version: 5.1.2600.1240 *** Destination:C:\WINDOWS\System32\iphlpapi.dll Version: 5.0.1.0 *** Source:C:\WINDOWS\System32\SET26C.tmp Version: 5.1.2600.1240 *** Destination:C:\WINDOWS\System32\ws2_32.dll Version: 5.0.1.0 *** Source:h:\ccc66885264a60f461130624c4 Version: *** Destination: Version: *** Source:C:\WINDOWS\SET286.tmp Version: 6.0.2800.1221 *** Destination:C:\WINDOWS\explorer.exe Version: 6.0.0.0 *** Source:h:\117b61f7a409d007d2f3 Version: *** Destination: Version: *** Source:h:\bf8ec5be18d724fcde393fbb1e0529a2 Version: *** Destination: Version: *** Source:h:\a431d00c630a0b59e0807c7a86 Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\SET2A9.tmp Version: 5.131.2600.1243 *** Destination:C:\WINDOWS\System32\cryptui.dll Version: 5.0.131.0 *** Source:h:\f70aef1659d3faaa0af296f6b45c2a54 Version: *** Destination: Version: *** Source:h:\3ce81de768eee02679e2dbe08d Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\_000002_.tmp Version: 5.1.2600.1134 *** Destination: Version: *** Source:C:\WINDOWS\System32\_000003_.tmp Version: 5.1.2600.1134 *** Destination: Version: *** Source:h:\38046fd26e6ae29a00 Version: *** Destination: Version: *** Source:h:\a9e0b707f45786aadadc Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\_000004_.tmp Version: 5.1.2600.1106 *** Destination: Version: *** Source:C:\WINDOWS\System32\SET2DB.tmp Version: 5.1.2600.1276 *** Destination:C:\WINDOWS\System32\wzcsvc.dll Version: 5.0.1.0 *** Source:h:\001af574ff6ca0dba1 Version: *** Destination: Version: *** Source:h:\14965a9a5663852b9790b07212 Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\_000001_.tmp Version: 5.1.2600.0 *** Destination: Version: *** Source:h:\17f8d70ddfe6c54ff9a2ec001ed67490 Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\SET304.tmp Version: 2001.12.4414.53 *** Destination:C:\WINDOWS\System32\comsvcs.dll Version: 2001.0.12.0 *** Source:C:\WINDOWS\System32\SET308.tmp Version: 2001.12.4414.53 *** Destination:C:\WINDOWS\System32\es.dll Version: 2001.0.12.0 *** Source:C:\WINDOWS\System32\SET310.tmp Version: 2001.12.4414.53 *** Destination:C:\WINDOWS\System32\mtxclu.dll Version: 2001.0.12.0 *** Source:C:\WINDOWS\System32\SET312.tmp Version: 2001.12.4414.53 *** Destination:C:\WINDOWS\System32\mtxoci.dll Version: 2001.0.12.0 *** Source:C:\WINDOWS\System32\SET314.tmp Version: 5.1.2600.1362 *** Destination:C:\WINDOWS\System32\ole32.dll Version: 5.0.1.0 *** Source:C:\WINDOWS\System32\SET316.tmp Version: 5.1.2600.1361 *** Destination:C:\WINDOWS\System32\rpcrt4.dll Version: 5.0.1.0 *** Source:C:\WINDOWS\System32\SET318.tmp Version: 5.1.2600.1361 *** Destination:C:\WINDOWS\System32\rpcss.dll Version: 5.0.1.0 *** Source:C:\WINDOWS\System32\SET31E.tmp Version: 2001.12.4414.53 *** Destination:C:\WINDOWS\System32\clbcatq.dll Version: 2001.0.12.0 *** Source:C:\WINDOWS\System32\SET320.tmp Version: 2001.12.4414.53 *** Destination:C:\WINDOWS\System32\colbact.dll Version: 2001.0.12.0 *** Source:h:\17d31c437234fca13159af55e31c0f39 Version: *** Destination: Version: *** Source:h:\ca74b3fc8568225b38d06d Version: *** Destination: Version: *** ---- New Information In The Registry ------ *** Source:h:\3\$shtdwn$.req Version: *** Destination: Version: *** Source:h:\3\symbols\exe Version: *** Destination: Version: *** Source:h:\3\symbols Version: *** Destination: Version: *** Source:h:\3\update\update.exe Version: *** Destination: Version: *** Source:h:\3\update Version: *** Destination: Version: *** Source:h:\3 Version: *** Destination: Version: *** Source:h:\3 Version: *** Destination: Version: *** Source:h:\c8636db\$shtdwn$.req Version: *** Destination: Version: *** Source:h:\c8636db\update\update.exe Version: *** Destination: Version: *** Source:h:\c8636db\update Version: *** Destination: Version: *** Source:h:\c8636db Version: *** Destination: Version: *** Source:h:\c8636db Version: *** Destination: Version: *** Source:C:\WINDOWS\Help\SET247.tmp Version: *** Destination:C:\WINDOWS\Help\apps.chm Version: *** Source:C:\WINDOWS\AppPatch\SET24D.tmp Version: *** Destination:C:\WINDOWS\AppPatch\sysmain.sdb Version: 0.0.2.0 *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\$shtdwn$.req Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update\update.exe Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31 Version: *** Destination: Version: *** Source:h:\a841ffb4e520f42bc7c3cc986ecbed31 Version: *** Destination: Version: *** Source:C:\WINDOWS\System32\SET264.tmp Version: 5.1.2600.1240 *** Destination:C:\WINDOWS\System32\iphlpapi.dll Version: 5.0.1.0 *** Source:C:\WINDOWS\System32\SET26C.tmp Version: 5.1.2600.1240 *** Destination:C:\WINDOWS\System32\ws2_32.dll Version: 5.0.1.0 *** Source:h:\ccc66885264a60f461130624c4 Version: *** Destination: Version: *** Source:C:\WINDOWS\SET286.tmp Version: 6.0.2800.1221 *** Destination:C:\WINDOWS\explorer.exe Version: 6.0.0.0 *** Source:h:\117b61f7a409d007d2f3 Version: *** Destination: Version: *** Source:h:\bf8ec5be18d724fcde393fbb1e0529a2 Version: *** Destination: Version: *** Source:h:\a431d00c630a0b59e0807c7a86 Version: *** Destination: Version: *** |
中毒唯一的處理就是 : 1.備份 2. Format 3. 重灌 ~~
|
先想辦法下載更新最新的病毒碼(可以在別台下載最新病毒碼在複製過來更新)
然後拔除網路線,進到安全模式下掃毒,知道病毒名稱後會比較好解決 如果清不掉的話,可以利用病毒名稱到NORTON網站找解毒詳細方法 如果Norton都掃不到的話,改用KAV(卡巴斯基)試試看吧~ 如果最後還是不行,建議整個重灌&更新全部的微軟重大更新。 :agree: |
引用:
如果有先前有ghost影像檔的話,那麼加上一個.. GHOST還原 |
| 所有的時間均為GMT +8。 現在的時間是01:04 PM. |
vBulletin Version 3.0.1
powered_by_vbulletin 2025。