应该是病毒,高手请进,谢谢

raiky 2003-10-19 07:34:00
域网里的机子(Win2000系统)感染上一种病毒,不能复制、粘贴文件,打网页后不能打开下一层链接,而且打开F盘和WINNT时在状态栏显示有多少个文件,但显示什么都没有,有的文件夹显示的图标在左边。而且有时候声卡突然会不工作,没法听MP3。每次机器重新启动后就好了,但是过会儿就不对了,我用了很多专杀工具,也用毒霸2003(最新病毒库)全面杀毒,都没用。wins目录下没有程序,附hijackthis的LOG,高手请分析一下!谢谢了,一周内两次了都!!!
StartupList report, 2004-10-19, 18:43:40
StartupList version: 1.52
Started from : D:\Documents and Settings\Administrator\桌面\HijackThis.EXE
Detected: Windows 2000 SP3 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\System32\svchost.exe
D:\KAV2003\KAVSvc.EXE
D:\WINNT\System32\llssrv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
D:\WINNT\System32\nutsrv4.exe
D:\WINNT\system32\Dfssvc.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\svchost.exe
D:\Program Files\SkyNet\FireWall\PFW.exe
D:\WINNT\SOUNDMAN.EXE
D:\WINNT\system32\internat.exe
D:\KAV2003\KAVSvcUI.EXE
E:\Program Files\广州城市热点资讯有限公司\Dr.COM 客户端软件\ishare_user.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\桌面\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SKYNET Personal FireWall = D:\Program Files\SkyNet\FireWall\PFW.exe
SoundMan = SOUNDMAN.EXE
KAVRun = D:\KAV2003\KAVRun.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Internat.exe = internat.exe

--------------------------------------------------

Shell & screensaver key from D:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=D:\WINNT\DUBA2003.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - D:\Program Files\Xi\Net Transport\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

--------------------------------------------------

Enumerating Download Program Files:

[DNLCertificate Control]
InProcServer32 = D:\WINNT\DOWNLO~1\DNLCER~1.OCX
CODEBASE = http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx

[{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}]
CODEBASE = http://bar.baidu.com/update/IESearch.cab

[Shockwave Flash Object]
InProcServer32 = D:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #12: D:\WINNT\system32\nutafun4.dll
Protocol #13: D:\WINNT\system32\nutafun4.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: D:\WINNT\system32\NETSHELL.dll
WebCheck: D:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 4,597 bytes
Report generated in 0.171 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

...全文
91 15 打赏 收藏 转发到动态 举报
写回复
用AI写文章
15 条回复
切换为时间正序
请发表友善的回复…
发表回复
youmingzhihuo 2003-10-20
  • 打赏
  • 举报
回复
可能是如下集中病毒:伪善者中毒或冲击波病毒攻击失败造成的症状!
建议使用如下方法:
1:安装win2ksp4
2:安装IE6sp1
3:安装伪善者补丁:Windows2000-KB823980-x86-CHS.exe
4:安装杀毒软件并升级。
5:去微软站点升级win2k最新更新。
6:系统管理员密码应该采用12位以上密码,防止木马字典攻击。
以上安装如果不能成功,表示您的Win2k系统内核已经被破坏,需要重新安装系统!

这样可以有效防止此类病毒!
好了,如果还有什么问题,可以给我发邮件:pony@zero2000.com
cxce 2003-10-20
  • 打赏
  • 举报
回复
是“冲击波”弄的,你的局域网里面肯定有病毒了,在试图感染你的机子的时候出现了这种情况,可能重起就好了,但过不了多久又这样了!
hongzhi 2003-10-20
  • 打赏
  • 举报
回复
“冲击波”病毒
donke1978 2003-10-20
  • 打赏
  • 举报
回复
打上补定,就可以了。
eboywang 2003-10-20
  • 打赏
  • 举报
回复
冲击波呀,用这个软件更新完后杀的比较彻底。


http://www.cbht.com.cn/download/tria/vrxp.exe
raiky 2003-10-20
  • 打赏
  • 举报
回复
各位大虾,我已经把毒霸上的所有专杀工具下了,也杀了,就是没什么结果,就算是冲击波的话,那也是变种,我去过绿盟科技,好象也有类似的报告,但是却没有什么有效的解决方案哦,不知道还有谁能指点一二。谢谢!
sungod8 2003-10-19
  • 打赏
  • 举报
回复
把以下命令行作成一个批处理文件(a.bat),运行试试。


rem =====批处理开始========

rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\System32\dacui.dll
rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\Catroot\icatalog.mdb
regsvr32 setupwbv.dll
regsvr32 wininet.dll
regsvr32 comcat.dll
regsvr32 shdoc401.dll
regsvr32 shdoc401.dll /i
regsvr32 asctrls.ocx
regsvr32 oleaut32.dll
regsvr32 shdocvw.dll /I
regsvr32 shdocvw.dll
regsvr32 browseui.dll
regsvr32 browseui.dll /I
regsvr32 msrating.dll
regsvr32 mlang.dll
regsvr32 hlink.dll
regsvr32 mshtml.dll
regsvr32 mshtmled.dll
regsvr32 urlmon.dll
regsvr32 plugin.ocx
regsvr32 sendmail.dll
regsvr32 comctl32.dll /i
regsvr32 inetcpl.cpl /i
regsvr32 mshtml.dll /i
regsvr32 scrobj.dll
regsvr32 mmefxe.ocx
regsvr32 proctexe.ocx mshta.exe /register
regsvr32 corpol.dll
regsvr32 jscript.dll
regsvr32 msxml.dll
regsvr32 imgutil.dll
regsvr32 thumbvw.dll
regsvr32 cryptext.dll
regsvr32 rsabase.dll
regsvr32 triedit.dll
regsvr32 dhtmled.ocx
regsvr32 inseng.dll
regsvr32 iesetup.dll /i
regsvr32 hmmapi.dll
regsvr32 cryptdlg.dll
regsvr32 actxprxy.dll
regsvr32 dispex.dll
regsvr32 occache.dll
regsvr32 occache.dll /i
regsvr32 iepeers.dll
regsvr32 wininet.dll /i
regsvr32 urlmon.dll /i
regsvr32 digest.dll /i
regsvr32 cdfview.dll
regsvr32 webcheck.dll
regsvr32 mobsync.dll
regsvr32 pngfilt.dll
regsvr32 licmgr10.dll
regsvr32 icmfilter.dll
regsvr32 hhctrl.ocx
regsvr32 inetcfg.dll
regsvr32 trialoc.dll
regsvr32 tdc.ocx
regsvr32 MSR2C.DLL
regsvr32 msident.dll
regsvr32 msieftp.dll
regsvr32 xmsconf.ocx
regsvr32 ils.dll
regsvr32 msoeacct.dll
regsvr32 wab32.dll
regsvr32 wabimp.dll
regsvr32 wabfind.dll
regsvr32 oemiglib.dll
regsvr32 directdb.dll
regsvr32 inetcomm.dll
regsvr32 msoe.dll
regsvr32 oeimport.dll
regsvr32 msdxm.ocx
regsvr32 dxmasf.dll
regsvr32 laprxy.dll
regsvr32 l3codecx.ax
regsvr32 acelpdec.ax
regsvr32 mpg4ds32.ax
regsvr32 voxmsdec.ax
regsvr32 danim.dll
regsvr32 Daxctle.ocx
regsvr32 lmrt.dll
regsvr32 datime.dll
regsvr32 dxtrans.dll
regsvr32 dxtmsft.dll
regsvr32 vgx.dll
regsvr32 WEBPOST.DLL
regsvr32 WPWIZDLL.DLL
regsvr32 POSTWPP.DLL
regsvr32 CRSWPP.DLL
regsvr32 FTPWPP.DLL
regsvr32 FPWPP.DLL
regsvr32 FLUPL.OCX
regsvr32 wshom.ocx
regsvr32 wshext.dll
regsvr32 vbscript.dll
regsvr32 scrrun.dll mstinit.exe /setup
regsvr32 msnsspc.dll /SspcCreateSspiReg
regsvr32 msapsspc.dll /SspcCreateSspiReg

rem =====批处理结束========
sungod8 2003-10-19
  • 打赏
  • 举报
回复
保险点还是使用专杀工具查查!!
http://www.duba.net/download/3/91.shtml
sysadm520 2003-10-19
  • 打赏
  • 举报
回复
应该是病毒!!!

重新下载最新的病毒库,到网上找专杀工具!!

然后打补丁!!!

如果实在不行了,重装系统吧!!!!
cstrike 2003-10-19
  • 打赏
  • 举报
回复
应该是冲击波吧,我们学校的机房也有类似的事发生啊
KKman 2003-10-19
  • 打赏
  • 举报
回复
肯定冲击波,我们公司也是这样,查下来就是冲击波病毒,杀了以后系统变的爆慢,最后重装系统
raiky 2003-10-19
  • 打赏
  • 举报
回复
再因为,我的任务管理器中没有msblast.exe ,所以应该不冲击波的
raiky 2003-10-19
  • 打赏
  • 举报
回复
肯定不是冲击波病毒,因为我早就把补丁补上了
LiJxin 2003-10-19
  • 打赏
  • 举报
回复
http://expert.csdn.net/Expert/topic/2140/2140772.xml?temp=.613888
LiJxin 2003-10-19
  • 打赏
  • 举报
回复
冲击波病毒。快点把补丁打上

9,505

社区成员

发帖
与我相关
我的任务
社区描述
Windows专区 安全技术/病毒
社区管理员
  • 安全技术/病毒社区
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧