D2K8X8
   
|
分享:
▲
▼
由你的内容看出这是一部run Oracle的机器,但却做了很多不该是资料库主机应该做的事,比如上网(因为有装了windows live toolbar),所以控管上应该有问题吧!
可以去找kavo_killer.exe去解决这只毒,以下是你的中毒资讯
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<kava><C:\WINDOWS\system32\kavo.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<tasa><C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1DBD6574-D6D0-4782-94C3-69619E719765}><C:\WINDOWS\HELP\F3C74E3FA248.dll>
正在运行的进程
以下每个程序几乎都有红字的部份
[PID: 2508 / WinnieLee][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\HELP\F3C74E3FA248.dll] [N/A, ]
[C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\kavo1.dll] [N/A, ]
正常电脑不应该在各磁碟槽有autorun.inf
Autorun.inf
[C:\]
[AutoRun]
open=ntdelect.com <----这就是病毒档之一
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[D:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[E:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
|
