[中毒] kavo 隱藏檔無法檢視

看板AntiVirus (防毒)作者Lecwar (冷月玄)時間17年前 (2008/10/17 17:23)推噓0(0推 0噓 2→)

留言2則, 2人參與討論串1/1

1.問題描述：懷疑中了kavo病毒，AntiVir一直出現kava.xxx的檔案，無法刪除。且隱藏檔案檢視的功能無法開啟(資料夾選項)，所以先在安全模式下做了全系統的掃毒，以及Efix， 2.掃毒報告： Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\fn20.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\kavo0.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP463\A0048513.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP463\A0048514.exe [DETECTION] Is the TR/VB.Small.475136 Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP469\A0048874.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP469\A0048889.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP469\A0049042.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP473\A0049142.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP473\A0049143.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{984B8FC0-0588-4A68-B187-D427AFD0D1C9}\RP473\A0049144.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was deleted! Begin scan in 'D:\' D:\fn20.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! Begin scan in 'E:\' E:\fn20.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! 4.報告連結：請將掃描報告(log)貼於下方 (上面的全要) Efix Log ：http://sun.cis.scu.edu.tw/~92a39/upload/32927.txt Combofix ：http://sun.cis.scu.edu.tw/~92a39/upload/32923.txt Hijackthis：http://sun.cis.scu.edu.tw/~92a39/upload/32925.txt SRENG ：http://sun.cis.scu.edu.tw/~92a39/upload/32926.txt 掃毒報告：http://sun.cis.scu.edu.tw/~92a39/upload/32924.txt -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 59.112.44.240 ※ 編輯: Lecwar 來自: 59.112.44.240 (10/17 17:25)