|
查看: 1445|回复: 21
|
[病毒:求助] 病毒软件自动关闭?
[复制链接]
|
|
|
我在这之前安装了norton antivirus2004
但是在两个星期之后我的电脑变得很慢了,开一个网页要好几分钟,于是把norton 给aninstall,没想到当我aninstall norton的时候竟要40分钟才aninstall 完norton,可是竟没出现finish的按钮出现,结果只好restart,可是重新开机之后出现这样 之后重新安装AVG VIRUS但是结果AVG只开了一会就自动关闭了,之前的norton2004也是这样,所以才aninstall norton,还以为是norton影响速度,可是现在也是这样很慢很慢,是为什么啊?好像把我的memory给站完似的?中毒了吗?怎么办?virus开不到?想在出现这个 是什么啊?我的是WINXP PRO SP2 256RAM
帮忙帮忙
[ Last edited by friends on 21-4-2004 at 04:51 PM ] |
|
|
|
|
|
|
|
|
|
|
|
发表于 21-4-2004 01:54 AM
|
显示全部楼层
1.当你的机缓慢的时候ctrl+alt+delete 把task manager叫出来,按processes.看下是否有program用cpu priority非常高, 除了system idlle process.或把screen shoot post上来.因为某种program用priority 80-100的时侯,电脑不管走什么肯定非常慢.
2.你的antivirus无法使用就用online scan这里看有没有virus |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 21-4-2004 07:31 AM
|
显示全部楼层
Joseph_sky 于 21-4-2004 01:54 AM 说 :
1.当你的机缓慢的时候ctrl+alt+delete 把task manager叫出来,按processes.看下是否有program用cpu priority非常高, 除了system idlle process.或把screen shoot post上来.因为某种program用priority 80-100的时侯 ...
之前我已经online scan 了,发现这个 不过第二个不能delete,worm agobot.gen也用过task manager把很多program关闭了,还是不能,什么是screen shoot post?怎么找出来?
哪个需要关闭
[ Last edited by lou_wai on 21-4-2004 at 07:38 AM ] |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 21-4-2004 07:51 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 21-4-2004 02:32 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 21-4-2004 03:47 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 21-4-2004 05:41 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 23-4-2004 08:15 PM
|
显示全部楼层
在线scan 发现这个
但是不能DELETE 该怎么办?
HOSTS 里面有这些# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
都撤除吗? |
|
|
|
|
|
|
|
|
|
|
|
发表于 23-4-2004 09:06 PM
|
显示全部楼层
lou_wai 于 23-4-2004 08:15 PM 说 :
在线scan 发现这个
但是不能DELETE ...
对,洗完它
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
这个不能洗
127.0.0.1 localhost
洗完了就save |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 23-4-2004 09:43 PM
|
显示全部楼层
感觉上比较好了一些,但是有些PROGRAMS 还自动关闭
我开REGISTRY有时候也会自动关闭,为什么呢? |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 23-4-2004 09:49 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 23-4-2004 10:01 PM
|
显示全部楼层
lou_wai 于 23-4-2004 08:15 PM 说 :
在线scan 发现这个
ctrl+alt+delete 关掉下面那两个program,wins32.exe和winrtx.exe.
再去scan过,就可得delete了 |
|
|
|
|
|
|
|
|
|
|
|
发表于 24-4-2004 09:53 AM
|
显示全部楼层
|
you got a trojan can kill your Av, firewall and other program ?? |
|
|
|
|
|
|
|
|
|
|
|
发表于 24-4-2004 12:46 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 25-4-2004 07:43 AM
|
显示全部楼层
这些,帮忙看看有什么问题
Logfile of HijackThis v1.97.7
Scan saved at 7:44:01 AM, on 4/25/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\lou wai\Desktop\software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/r ... er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\JCCATCH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\System32\SCANREGW.EXE /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\RunServices: [Service Control Manager] scm.exe
O4 - HKLM\..\RunServices: [msReg32 Loader] msReg32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: PowerWord (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 25-4-2004 03:11 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 26-4-2004 04:58 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 29-4-2004 11:01 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 1-5-2004 09:08 AM
|
显示全部楼层
问题没有解决,该怎么办啊!也format过了
也在system32里边delete了好多东西了,help! |
|
|
|
|
|
|
|
|
|
|
|
发表于 1-5-2004 12:11 PM
|
显示全部楼层
你网络上还有连接侵入,即使你重新纯安装,只要网络上有感染的来源,你没有防护与更新Windows漏洞,同样会侵入。
先断掉网络来源,在清干净病毒后,再进行Windows更新。
还有,网络连线重拨换另一个新IP。以后要小心进的网站等… |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
中了agobot后又中blaster 
2845 
47
