最恶毒流氓的网站

feng117 · 发表于 2006-10-9 10:04:40

有个网站教www.4199.com的，很是恶毒把首页改成这个网站了！无论如何我也改不回去了，最后只有用雅虎助手才该回去，但每次开机雅虎助手还总提示EXPORER.EXE要把www.4199.com设置为首页，问我同意否，请问各位大侠有什么办法把这个恶毒的网站去除啊？谢谢了！

feng117 · 发表于 2006-10-9 10:06:05

对了，大家不要点击那个网站，我根本没去过那个网站就被他给设置成首页了，气死了！

xzuiyu · 发表于 2006-10-9 10:48:41

看名字就不去，这种名字要小心

13987260859 · 发表于 2006-10-9 11:13:06

用7939专杀试试~~应该可以搞定

vipnai · 发表于 2006-10-9 12:11:25

你用超级免子试一试,他可以帮你删除一些流氓软件,下载地址:
www.pctutu.com

feng117 · 发表于 2006-10-9 12:40:36

超级兔子肯定杀不掉的，我用过了，7939就不知道了，怎么把explorer.exe给感染了呢，我想删除都没办法删除，有更好的办法吗？

[ 本帖最后由 feng117 于 2006-10-9 12:42 PM 编辑 ]

feng117 · 发表于 2006-10-9 12:42:47

晚上有空我发张图片吧！不知道权限够不够！

vipnai · 发表于 2006-10-9 13:01:30

那只有修改注册表了,

13987260859 · 发表于 2006-10-9 13:09:51

原帖由 vipnai 于 2006-10-9 01:01 PM 发表
那只有修改注册表了,

修改了同样会马上就被改回来

feng117 · 发表于 2006-10-9 13:17:25

对，这种恶毒的网站，真是气死人了，我又不喜欢总开着雅虎助手！

vipnai · 发表于 2006-10-9 13:33:51

看来只有请6618版主想办法了,我是无能为力了

feng117 · 发表于 2006-10-9 13:47:05

无论如何先谢谢你了！不知道哪个烂网站把这个网站弄进去的，我也没上什么乱七八糟的网站啊，晕倒！

magictek · 发表于 2006-10-9 14:13:45

把任务管理器里面的进程发上来，肯定要先干掉进程，再删掉文件，才不会继续修改主页了

feng117 · 发表于 2006-10-9 15:10:15

可文件是explorer.exe啊，这个文件怎么能删除呢啊？等晚上我看看，就是不知道有没有发图片的权限，如果有我就发上来！

6618 · 发表于 2006-10-9 15:53:30

用HIJACKTHIS扫描机子，把日志传上来。
http://www.crsky.com/soft/4599.html

[ 本帖最后由 6618 于 2006-10-9 04:02 PM 编辑 ]

feng117 · 发表于 2006-10-9 16:37:51

好的，谢谢，我看看

feng117 · 发表于 2006-10-9 18:54:47

生成的日志如下：
Logfile of HijackThis v1.99.1
Scan saved at 18:54:28, on 2006-10-9
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2462.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\KAV2007\KWatch.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\KAV2007\KPfwSvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\KAV2007\KPFW32.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\admin\桌面\首页绑架克星\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [run] C:\WINNT\system32\rundll32.exe rsrc.dll s
O4 - HKCU\..\Run: [msnmsgr] ; "D:\Z\Me\Tools\MSN\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2007\KPFW32.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C439D18-DE10-4CA0-A307-76005D47B71B}: NameServer = 202.96.209.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE75DB9D-CC6E-474D-9F3C-662A6911C796}: NameServer = 202.96.209.5 202.96.209.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C439D18-DE10-4CA0-A307-76005D47B71B}: NameServer = 202.96.209.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C439D18-DE10-4CA0-A307-76005D47B71B}: NameServer = 202.96.209.5
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2007\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2007\KWatch.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

feng117 · 发表于 2006-10-9 18:56:37

哪些可以删除啊，版主？我看得有点晕！

feng117 · 发表于 2006-10-9 18:57:50

这个是我的截图，不知道能看到不！

vipnai · 发表于 2006-10-9 19:57:22

这是我机子的扫描日志,给你看一看做个参考,不过我是XP SP2系统,可能和你的有点不一样,我相信6618版主会指点你要修复哪些项的

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq2\珊瑚版\AddToNetDisk.htm
O8 - Extra context menu item: 使用“文语通”朗读选定内容 - C:\Program Files\iFly Info Tek\iReader2.0\\ir_Select.htm
O8 - Extra context menu item: 使用“文语通”朗读链接 - C:\Program Files\iFly Info Tek\iReader2.0\\ir_Link.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq2\珊瑚版\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq2\珊瑚版\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq2\珊瑚版\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq2\珊瑚版\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq2\珊瑚版\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq2\珊瑚版\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq2\珊瑚版\QQIEHelper.dll (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

feng117 · 发表于 2006-10-9 20:05:42

谢谢你啊，我的是2k，我把O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com这种的全部删除了！

feng117 · 发表于 2006-10-10 07:16:47

我晕了，昨天抓的日志是我用雅虎助手阻止了该网站后的日志，今天我重新抓了个没有阻止过的！
Logfile of HijackThis v1.99.1
Scan saved at 7:15:04, on 2006-10-10
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2462.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\KAV2007\KWatch.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\KAV2007\KPfwSvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\KAV2007\KPFW32.EXE
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\admin\桌面\首页绑架克星\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [run] C:\WINNT\system32\rundll32.exe rsrc.dll s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2007\KPFW32.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C439D18-DE10-4CA0-A307-76005D47B71B}: NameServer = 202.96.209.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C439D18-DE10-4CA0-A307-76005D47B71B}: NameServer = 202.96.209.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C439D18-DE10-4CA0-A307-76005D47B71B}: NameServer = 202.96.209.5
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2007\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2007\KWatch.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

MEIMDM · 发表于 2006-10-10 17:24:06

我点了,但没事

magictek · 发表于 2006-10-10 17:54:36

就是这个exploer.exe

6618 · 发表于 2006-10-11 00:13:53

直接用HIJACKTHIS修掉下面的项，搜索rsrc.dll ，删掉rsrc.dll
O4 - HKLM\..\Run: [run] C:\WINNT\system32\rundll32.exe rsrc.dll s
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com

feng117 · 发表于 2006-10-11 08:43:30

谢谢版主，我试试

feng117 · 发表于 2006-10-11 08:45:44

原帖由 MEIMDM 于 2006-10-10 05:24 PM 发表
我点了,但没事

你点了那个网站？居然没事！我根本没有去过那个网站结果反而有事了，气死了！

13987260859 · 发表于 2006-10-11 09:23:02

注册表里的垃圾真是多，建议连迅雷这些都别用~~

rclds74 · 发表于 2006-10-11 13:56:57

用黄山IE修复专家试试

strongchen · 发表于 2006-10-12 00:20:50

刚才看见的帖子，转一个过来。
一个朋友的IE首页被4199劫持
而且注册表编辑器无法运行
经过昨天一番努力终于通过远程协助解决
解决方法如下：
1。将regedit.exe改名为regedit.com，这样注册表编辑器就可以运行了。
2.在注册表中删除rsrc.dll的加载项，通常是在run里面有一个 rundll32.exe rsrc.dll s 的加载键值，删除之。
3。查找硬盘上的rsrc.dll文件，通常这个文件在 windows\system32\文件夹下面，使用unlocker解除rsrc.dll的锁定，这个进程居然跟十几个进程锁在一起!,解锁后删除该dll文件
4.用Hijackthis修复其他所有可疑项目（hosts文件被改得面目全非）

重启，搞定

实际过程比这个费了许多周折，上文只是一个简单解决方法，其它废话我就不写了，立此存照供后来人参考。

============================================================================
另外一个帖子：
发现过程：
我的机器被www.4199.com恶意修改了首页，无论在ie或是注册表中修改均无效，刚改完，马上被不明程序改回，后安装了一注册表监控软件后发现，是explorer.exe将www.4199.com]改回了注册表，而explorer.exe 又是一个系统正常的程序，那一定是有一个非法的动态连接库（*.dll）插到了explorer.exe里，经过对explorer.exe中的dll分析对比，发现最有可能的是一个user.dll的文件，想使user.dl不插入explorer.e xe,须将user.dll改名或删除，或找到插入的方法，让其不插入。插入方法不好找到，将user.dll决定改名.
解决方法：1、使user.dll 退出explorer.exe。此时user.dll正在被使用，不能改名，需要在任务管理器中将explorer.exe进程结束,若explorer.exe没有自动重启，用任务管理器的新任务（运行）explorer.exe，此时user.dll 就自动退出了explorer.exe.
2、找到user.dll,将其改名或删除。此时user.dll就没有加载了，查找c盘上的所有user.dll发现在c:\user.dll ,c:\winnt\system32\下均有一个40k的user.dll,将user.dll删除或改名，
3、重启机器，重新设置首页就行了。

[ 本帖最后由 strongchen 于 2006-10-12 12:27 AM 编辑 ]

		自动登录	找回密码
密码			注册