D2K8X8
   
|
分享:
▲
▼
由你的內容看出這是一部run Oracle的機器,但卻做了很多不該是資料庫主機應該做的事,比如上網(因為有裝了windows live toolbar),所以控管上應該有問題吧!
可以去找kavo_killer.exe去解決這隻毒,以下是你的中毒資訊
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<kava><C:\WINDOWS\system32\kavo.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<tasa><C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1DBD6574-D6D0-4782-94C3-69619E719765}><C:\WINDOWS\HELP\F3C74E3FA248.dll>
正在運行的進程
以下每個程序幾乎都有紅字的部份
[PID: 2508 / WinnieLee][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\HELP\F3C74E3FA248.dll] [N/A, ]
[C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\kavo1.dll] [N/A, ]
正常電腦不應該在各磁碟槽有autorun.inf
Autorun.inf
[C:\]
[AutoRun]
open=ntdelect.com <----這就是病毒檔之一
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[D:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[E:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
|
