jwgkvsq.vmx (W32.Downadup.B)如何彻底清除?麻烦了...急!
的有关信息介绍如下:问题补充:以下是本人曾尝试过的杀毒过程及相关记录.供参考.***************************************************************************************一.中毒后: 系统打SP4补丁,装360安全卫士,诊断报告:------------------------------------------------------------------------------诊断时间: 2010-02-08 23:06:33诊断平台: Microsoft Windows 2000 Service Pack 4IE版本: Internet Explorer V5.00.3700.1000 Build:53700.1000 计算机物理内存:247.48MB - 当前可用内存:128.13MBO4 - 未知 - HKLM\..\Run: [autoupdatevod] [] C:\ldjlb\upvod.exeO23 - 未知 - Service: dpjbpdm [Shell Center] - - (starting)O23 - 未知 - Service: DWMRCS [DameWare Mini Remote Control] - C:\WINNT\SYSTEM32\DWRCS.EXE -service - (running)O23 - 未知 - Service: OracleOraHome81ClientCache [OracleOraHome81ClientCache] - C:\oracle\ora81\BIN\ONRSD.EXE - (not running)=======================================100 - 安全 - Process: SMSS.EXE [该进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINNT\System32\smss.exe100 - 安全 - Process: CSRSS.EXE [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=ba100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINNT\system32\winlogon.exe100 - 安全 - Process: SERVICES.EXE [用于管理windows服务系统进程。] - C:\WINNT\system32\services.exe100 - 安全 - Process: LSASS.EXE [本地安全权限服务控制windows安全机制。] - C:\WINNT\system32\lsass.exe100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k netsvcs100 - 安全 - Process: DWRCS.EXE [dameware公司出品的迷你控制程序软件,用于控制客户机的相关程序。] - C:\WINNT\SYSTEM32\DWRCS.EXE -service100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost -k rpcss100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINNT\system32\svchost.exe -k wugroup100 - 安全 - Process: WinMgmt.exe [windows management service透过windows management instrumentation data (wmi)技术处理来自应用客户端的请求。] - C:\WINNT\System32\WBEM\WinMgmt.exe100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINNT\Explorer.EXE100 - 安全 - Process: msiexec.exe [windows installer的一部分。用来帮助windows installer package files (msi)格式的安装文件。] - C:\WINNT\System32\MsiExec.exe /V100 - 安全 - Process: hkcmd.exe [intel显卡驱动相关软件。] - C:\WINNT\System32\hkcmd.exe100 - 安全 - Process: SOUNDMAN.EXE [一个软声卡控制台软件。] - C:\WINNT\SOUNDMAN.EXE100 - 安全 - Process: internat.exe [输入控制图标用于更改类似国家设置、键盘类型和日期格式。] - C:\WINNT\system32\internat.exe100 - 安全 - Process: DLLHOST.EXE [dcom dll host进程支持基于com对象支持dll以运行windows程序。] - C:\WINNT\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}100 - 安全 - Process: zhudongfangyu.exe [360主动防御服务模块] - C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe100 - 安全 - Process: 360Safe.exe [360安全卫士] - C:\Program Files\360\360safe\360Safe.exe100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - C:\Program Files\360\360safe\safemon\360tray.exe100 - 安全 - Process: 360hotfix.exe [360安全卫士漏洞修复模块] - C:\Program Files\360\360safe\360hotfix.exeR1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\system32\blank.htmR1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\system32\blank.htmO1 - 安全 - Host: 127.0.0.1 localhostO3 - 安全 - Toolbar: (@msdxmLC.dll,-1@2052,电台(&R)) - [是Windows Media Player播放器ActiveX控制相关文件。] - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - 安全 - HKLM\..\Run: [Synchronization Manager] [资料同步管理器] mobsync.exe /logonO4 - 安全 - HKLM\..\Run: [IgfxTray] [是Intel显卡配置和诊断程序,会同Intel 810芯片组的集成显卡安装。] C:\WINNT\System32\igfxtray.exeO4 - 安全 - HKLM\..\Run: [HotKeysCmds] [是Intel显示卡相关程序,用于配置和诊断相关设备。] C:\WINNT\System32\hkcmd.exeO4 - 安全 - HKLM\..\Run: [SoundMAXPnP] [analog device公司声卡驱动程序。] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - 安全 - HKLM\..\Run: [SoundMAX] [analog device公司声卡驱动程序。] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - 安全 - HKLM\..\Run: [SoundMan] [Realtek声卡相关程序。] SOUNDMAN.EXEO4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] "C:\Program Files\360\360safe\safemon\360tray.exe" /startO4 - 安全 - HKCU\..\Run: [Internat.exe] [输入法在任务栏里的图标] internat.exeO9 - 安全 - Extra button: 电台(HKLM) - C:\WINNT\web\related.htmO23 - 安全 - Service: EventSystem [] - C:\WINNT\System32\es.dll - (running)O23 - 安全 - Service: Fax [微软Microsoft传真服务相关程序,该服务允许用户创建和发送传真到微软Office组件中。] - C:\WINNT\system32\faxsvc.exe - (not running)O23 - 安全 - Service: SoundMAX Agent Service (default) [是Analog SoundMAX声卡产品相关程序。] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - (not running)O23 - 安全 - Service: SysmonLog [Performance Logs and Alerts Service] - C:\WINNT\system32\smlogsvc.exe - (not running)O23 - 安全 - Service: ZhuDongFangYu [360主动防御的服务项,提供实时保护、文件变化监控、智能扫描加速等功能。关闭此服务可能导致木马防不住、查不出,严重降低木马扫描速度。] - "C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe" - (running)=======================================O31 - 未知 - Notify: igfxcui - C:\WINNT\system32\igfxsrvc.dll - Intel Corporation - igfxsrvc Module - 3.0.0.1915 - 315392 - f31fbe239d110ff14f2f361166b26b47O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 - O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 - O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 - O31 - 未知 - SEApproved: 无效的CLSID:Shell Extensions for RealOne Player - - - - - 0 - O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 - O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 - =======================================O40 - Explorer.EXE - Intel Corporation - C:\WINNT\system32\igfxres.dll - xxxxres Module - a4a6f119c30ce3db56c8a1e88b7c4119O40 - Explorer.EXE - Intel Corporation - C:\WINNT\System32\igfxdev.dll - igfxdev Module - 4d97374cd40035e3be7609129cdcd94b=======================================O41 - rm847x - MPEG Decoder Minidriver - C:\WINNT\system32\drivers\rm847x.sys - (running) - MPEG Decoder Minidriver - Sigma Designs Inc. - d046e5f400ea925c3597354fcc309c5dO41 - rmstream - Stream Class Driver - C:\WINNT\system32\drivers\rmstream.sys - (running) - Stream Class Driver - Sigma Designs Inc. - e76d0fc8b4958572c143a6cb3fb48e39O41 - {6080A529-897E-4629-A488-ABA0C29B635E} - Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM) - C:\WINNT\system32\drivers\ialmsbw.sys - (running) - Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM) - Intel Corporation - 9b808527870ebae0b1dfb90ef3f861b9O41 - {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM) - C:\WINNT\system32\drivers\ialmkchw.sys - (running) - Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM) - Intel Corporation - dba29fe70d66f5a82c860894c91b42c7O41 - GMSIPCI - GMSIPCI - E:\INSTALL\GMSIPCI.SYS - (not running) - - - O41 - senfilt - Sensaura WDM 3D Audio Driver - C:\WINNT\system32\drivers\senfilt.sys - (not running) - Sensaura WDM 3D Audio Driver - Sensaura - 118092cd20e1ef60fc846a5e190b6844O41 - smwdm - SoundMAX Integrated Digital Audio - C:\WINNT\system32\drivers\smwdm.sys - (not running) - SoundMAX Integrated Digital Audio - Analog Devices, Inc. - 58cde3ec67aeab13507b74aad2f82df7=======================================360Safe.exe=6.1.0.1016AntiAdwa.dll=5.1.1.1003AntiEng.dll=5.0.0.1009AntiActi.dll=2.0.0.3000CleanHis.dll=4.2.0.1003live.dll=1.0.2.1007二.打上所有补丁------------------------------------------------------------------------------其中该补丁:KB923191 Windows 资源管理器中的漏洞可能允许远程执行 .一直未能修复.MS08-067漏洞的KB958644补丁已经打上了.------------------------------------------------------------------------------三.用Symantec专杀工具查毒.------------------------------------------------------------------------------Symantec W32.Downadup Removal Tool 1.1.0.7process: svchost.exe, thread: 00000228 (terminated)process: svchost.exe, thread: 000003F0 (terminated)process: svchost.exe, thread: 0000027C (terminated)process: svchost.exe, thread: 00000278 (terminated)process: svchost.exe, thread: 000003F8 (terminated)process: svchost.exe, thread: 0000033C (terminated)process: svchost.exe (terminated)C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6J2R4Z6J\zfbuks[1].jpg: W32.Downadup.B (unrepairable) (deleted) C:\WINNT\system32\iinulkmk.dll: W32.Downadup.B (unrepairable) (deleted) C:\WINNT\system32\iinulkmk.jdq: W32.Downadup.B (unrepairable) (deleted) scheduled job: Unable to enumerate scheduled jobs. Returned status 2184scheduled job: Unable to enumerate scheduled jobs. Returned status 2184W32.Downadup has been successfully removed from your computer!Here is the report:The total number of the scanned files: 12555The number of deleted threat files: 3The number of threat processes terminated: 1The number of threat threads terminated: 6The number of registry entries fixed: 0The system requires a reboot but was not rebooted.To clean up all remnants of the threat from the system it must be rebooted.------------------------------------------------------------------------------第二天再用Symantec专杀工具查毒.再次感染.能查杀一个病毒文件.10后再用Symantec专杀工具查毒.再次感染,能查杀多个病毒文件.***************************************************************************************大过年的,遇到病毒,过不清净了.哎........哪位高人能指条明路,在此感谢了!