PCDVD數位科技討論區
PCDVD數位科技討論區   註冊 常見問題 標記討論區為已讀

回到   PCDVD數位科技討論區 > 其他群組 > 疑難雜症區
重新載入此頁 [求救]電腦中怪毒了
帳戶
密碼
 

回應
 
主題工具
dyco
Regular Member
 

加入日期: Jul 2003
文章: 75
[求救]電腦中怪毒了
這個病毒會一直狂寄郵件,notorn根本就掃不到,而且還會幫忙透過notorn掃瞄後寄出
,他會在system32下產生大量的K****,或Q****的文件..第一個字母是變數後四碼是數字
電腦開機後不久就開始狂寄,而且會透過區網感染,我家三台電腦都中了..HElp
     
      
__________________
-------------------

-------------------
我是......儒夫剋星
舊 2005-02-26, 12:03 PM #1
回應時引用此文章
dyco離線中  
dyco
Regular Member
 

加入日期: Jul 2003
文章: 75
這是其中一個檔名的內容
散步在windows跟system32下
[KB833998.log]
***

2004/9/5 15:29:12.140
***

Exe = update.exe, Version = 5.4.1.0
***

================== Update.exe started at 9/ 5/2004 at 15:29:12 ==================
***

Service Pack 用以下指令行啟動: /u /z /n /q
***

---- Old Information In The Registry ------
***


Source:h:\3\$shtdwn$.req
Version:
***


Destination:
Version:
***


Source:h:\3\symbols\exe
Version:
***


Destination:
Version:
***


Source:h:\3\symbols
Version:
***


Destination:
Version:
***


Source:h:\3\update\update.exe
Version:
***


Destination:
Version:
***


Source:h:\3\update
Version:
***


Destination:
Version:
***


Source:h:\3
Version:
***


Destination:
Version:
***


Source:h:\3
Version:
***


Destination:
Version:
***


Source:h:\c8636db\$shtdwn$.req
Version:
***


Destination:
Version:
***


Source:h:\c8636db\update\update.exe
Version:
***


Destination:
Version:
***


Source:h:\c8636db\update
Version:
***


Destination:
Version:
***


Source:h:\c8636db
Version:
***


Destination:
Version:
***


Source:h:\c8636db
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\Help\SET247.tmp
Version:
***


Destination:C:\WINDOWS\Help\apps.chm
Version:
***


Source:C:\WINDOWS\AppPatch\SET24D.tmp
Version:
***


Destination:C:\WINDOWS\AppPatch\sysmain.sdb
Version: 0.0.2.0
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\$shtdwn$.req
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update\update.exe
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\SET264.tmp
Version: 5.1.2600.1240
***


Destination:C:\WINDOWS\System32\iphlpapi.dll
Version: 5.0.1.0
***


Source:C:\WINDOWS\System32\SET26C.tmp
Version: 5.1.2600.1240
***


Destination:C:\WINDOWS\System32\ws2_32.dll
Version: 5.0.1.0
***


Source:h:\ccc66885264a60f461130624c4
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\SET286.tmp
Version: 6.0.2800.1221
***


Destination:C:\WINDOWS\explorer.exe
Version: 6.0.0.0
***


Source:h:\117b61f7a409d007d2f3
Version:
***


Destination:
Version:
***


Source:h:\bf8ec5be18d724fcde393fbb1e0529a2
Version:
***


Destination:
Version:
***


Source:h:\a431d00c630a0b59e0807c7a86
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\SET2A9.tmp
Version: 5.131.2600.1243
***


Destination:C:\WINDOWS\System32\cryptui.dll
Version: 5.0.131.0
***


Source:h:\f70aef1659d3faaa0af296f6b45c2a54
Version:
***


Destination:
Version:
***


Source:h:\3ce81de768eee02679e2dbe08d
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\_000002_.tmp
Version: 5.1.2600.1134
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\_000003_.tmp
Version: 5.1.2600.1134
***


Destination:
Version:
***


Source:h:\38046fd26e6ae29a00
Version:
***


Destination:
Version:
***


Source:h:\a9e0b707f45786aadadc
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\_000004_.tmp
Version: 5.1.2600.1106
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\SET2DB.tmp
Version: 5.1.2600.1276
***


Destination:C:\WINDOWS\System32\wzcsvc.dll
Version: 5.0.1.0
***


Source:h:\001af574ff6ca0dba1
Version:
***


Destination:
Version:
***


Source:h:\14965a9a5663852b9790b07212
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\_000001_.tmp
Version: 5.1.2600.0
***


Destination:
Version:
***


Source:h:\17f8d70ddfe6c54ff9a2ec001ed67490
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\SET304.tmp
Version: 2001.12.4414.53
***


Destination:C:\WINDOWS\System32\comsvcs.dll
Version: 2001.0.12.0
***


Source:C:\WINDOWS\System32\SET308.tmp
Version: 2001.12.4414.53
***


Destination:C:\WINDOWS\System32\es.dll
Version: 2001.0.12.0
***


Source:C:\WINDOWS\System32\SET310.tmp
Version: 2001.12.4414.53
***


Destination:C:\WINDOWS\System32\mtxclu.dll
Version: 2001.0.12.0
***


Source:C:\WINDOWS\System32\SET312.tmp
Version: 2001.12.4414.53
***


Destination:C:\WINDOWS\System32\mtxoci.dll
Version: 2001.0.12.0
***


Source:C:\WINDOWS\System32\SET314.tmp
Version: 5.1.2600.1362
***


Destination:C:\WINDOWS\System32\ole32.dll
Version: 5.0.1.0
***


Source:C:\WINDOWS\System32\SET316.tmp
Version: 5.1.2600.1361
***


Destination:C:\WINDOWS\System32\rpcrt4.dll
Version: 5.0.1.0
***


Source:C:\WINDOWS\System32\SET318.tmp
Version: 5.1.2600.1361
***


Destination:C:\WINDOWS\System32\rpcss.dll
Version: 5.0.1.0
***


Source:C:\WINDOWS\System32\SET31E.tmp
Version: 2001.12.4414.53
***


Destination:C:\WINDOWS\System32\clbcatq.dll
Version: 2001.0.12.0
***


Source:C:\WINDOWS\System32\SET320.tmp
Version: 2001.12.4414.53
***


Destination:C:\WINDOWS\System32\colbact.dll
Version: 2001.0.12.0
***


Source:h:\17d31c437234fca13159af55e31c0f39
Version:
***


Destination:
Version:
***


Source:h:\ca74b3fc8568225b38d06d
Version:
***


Destination:
Version:
***




---- New Information In The Registry ------
***


Source:h:\3\$shtdwn$.req
Version:
***


Destination:
Version:
***


Source:h:\3\symbols\exe
Version:
***


Destination:
Version:
***


Source:h:\3\symbols
Version:
***


Destination:
Version:
***


Source:h:\3\update\update.exe
Version:
***


Destination:
Version:
***


Source:h:\3\update
Version:
***


Destination:
Version:
***


Source:h:\3
Version:
***


Destination:
Version:
***


Source:h:\3
Version:
***


Destination:
Version:
***


Source:h:\c8636db\$shtdwn$.req
Version:
***


Destination:
Version:
***


Source:h:\c8636db\update\update.exe
Version:
***


Destination:
Version:
***


Source:h:\c8636db\update
Version:
***


Destination:
Version:
***


Source:h:\c8636db
Version:
***


Destination:
Version:
***


Source:h:\c8636db
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\Help\SET247.tmp
Version:
***


Destination:C:\WINDOWS\Help\apps.chm
Version:
***


Source:C:\WINDOWS\AppPatch\SET24D.tmp
Version:
***


Destination:C:\WINDOWS\AppPatch\sysmain.sdb
Version: 0.0.2.0
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\$shtdwn$.req
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update\update.exe
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31\update
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31
Version:
***


Destination:
Version:
***


Source:h:\a841ffb4e520f42bc7c3cc986ecbed31
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\System32\SET264.tmp
Version: 5.1.2600.1240
***


Destination:C:\WINDOWS\System32\iphlpapi.dll
Version: 5.0.1.0
***


Source:C:\WINDOWS\System32\SET26C.tmp
Version: 5.1.2600.1240
***


Destination:C:\WINDOWS\System32\ws2_32.dll
Version: 5.0.1.0
***


Source:h:\ccc66885264a60f461130624c4
Version:
***


Destination:
Version:
***


Source:C:\WINDOWS\SET286.tmp
Version: 6.0.2800.1221
***


Destination:C:\WINDOWS\explorer.exe
Version: 6.0.0.0
***


Source:h:\117b61f7a409d007d2f3
Version:
***


Destination:
Version:
***


Source:h:\bf8ec5be18d724fcde393fbb1e0529a2
Version:
***


Destination:
Version:
***


Source:h:\a431d00c630a0b59e0807c7a86
Version:
***


Destination:
Version:
***
 
__________________
-------------------

-------------------
我是......儒夫剋星
舊 2005-02-26, 12:12 PM #2
回應時引用此文章
dyco離線中  
Firspirit
Senior Member
 
Firspirit的大頭照
 

加入日期: Jan 2002
您的住址: 電影院
文章: 1,363
中毒唯一的處理就是 : 1.備份 2. Format 3. 重灌 ~~
__________________
沒有所謂絕對是與非,只有見仁見智的差別.
--------------------------------------------
CPU:i7 - 6700K (Skylake)
記憶體: Kinston HyperX Fury (2666MHz) (16G)
顯示卡:Galax GTX-970 Black Edition
主機板:MSi - Z170A Gaming M9 ACK
硬碟:美光 SSD 250G (2顆)
喇叭:Edifier S1000DB + Logitech Z906
--------------------------------------------
舊 2005-02-26, 12:41 PM #3
回應時引用此文章
Firspirit離線中  
sbs
Master Member
 
sbs的大頭照
 

加入日期: Jul 2004
您的住址: 草莓的故鄉/新竹
文章: 1,640
先想辦法下載更新最新的病毒碼(可以在別台下載最新病毒碼在複製過來更新)

然後拔除網路線,進到安全模式下掃毒,知道病毒名稱後會比較好解決

如果清不掉的話,可以利用病毒名稱到NORTON網站找解毒詳細方法

如果Norton都掃不到的話,改用KAV(卡巴斯基)試試看吧~

如果最後還是不行,建議整個重灌&更新全部的微軟重大更新。
__________________
當sbs遇上Jeanr,世界開始變得不一樣∼
舊 2005-02-26, 04:18 PM #4
回應時引用此文章
sbs離線中  
haiyabusa
Junior Member
 
haiyabusa的大頭照
 

加入日期: Aug 2004
文章: 719
引用:
作者Firspirit
中毒唯一的處理就是 : 1.備份 2. Format 3. 重灌 ~~


如果有先前有ghost影像檔的話,那麼加上一個..
GHOST還原
舊 2005-02-26, 04:54 PM #5
回應時引用此文章
haiyabusa離線中  


回應

« 上一主題 | 下一主題 »

POPIN
主題工具

發表文章規則
不可以發起新主題
不可以回應主題
不可以上傳附加檔案
不可以編輯您的文章
vB 代碼打開
[IMG]代碼打開
HTML代碼關閉



所有的時間均為GMT +8。 現在的時間是11:05 AM.

聯絡我們 - PCDVD數位科技討論區 - 回到頂端

vBulletin Version 3.0.1
powered_by_vbulletin 2024。