作者Lecwar (冷月玄)
看板AntiVirus
标题[中毒] kavo 隐藏档无法检视
时间Fri Oct 17 17:23:47 2008
1.问题描述:
怀疑中了kavo病毒,AntiVir一直出现kava.xxx的档案,无法删除。且隐藏档案检视的
功能无法开启(资料夹选项),所以先在安全模式下做了全系统的扫毒,以及Efix,
2.扫毒报告:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\fn20.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\kavo0.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP463\A0048513.EXE
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP463\A0048514.exe
[DETECTION] Is the TR/VB.Small.475136 Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP469\A0048874.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP469\A0048889.DLL
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP469\A0049042.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP473\A0049142.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP473\A0049143.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume
Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP473\A0049144.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\'
D:\fn20.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
Begin scan in 'E:\'
E:\fn20.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
4.报告连结:
请将扫描报告(log)贴於下方 (上面的全要)
Efix Log :
http://sun.cis.scu.edu.tw/~92a39/upload/32927.txt
Combofix :
http://sun.cis.scu.edu.tw/~92a39/upload/32923.txt
Hijackthis:
http://sun.cis.scu.edu.tw/~92a39/upload/32925.txt
SRENG :
http://sun.cis.scu.edu.tw/~92a39/upload/32926.txt
扫毒报告 :
http://sun.cis.scu.edu.tw/~92a39/upload/32924.txt
--
※ 发信站: 批踢踢实业坊(ptt.cc)
◆ From: 59.112.44.240
※ 编辑: Lecwar 来自: 59.112.44.240 (10/17 17:25)
1F:→ chang0206:EFIX无法解决吗?? 10/17 17:57
2F:→ hirokofan:把系统还原关掉再用EFIX扫一次试试看吧 10/17 18:36