史萊姆論壇 - 中毒刪毒

史萊姆論壇 (http://forum.slime.com.tw/)

- 一般電腦疑難討論區 (http://forum.slime.com.tw/f17.html)

- - 中毒刪毒 (http://forum.slime.com.tw/thread207850.html)

我覺的NOD32有一點頓
白痴白痴的
我使用的是NOD32 2.70.27
可是
我覺得他掃毒能力很怪
因為學校流傳著一隻木馬
每次隨身碟都會中毒
我是因為NOD32掃描到我的隨身碟中有木馬
然後他才警示我
c:\windows\system32\odbcjet.exe 受到 Win32/TrojanDownloader.VB.ANF trojan 感染。

然後呢
我又用手動掃描掃一次我的硬碟
沒發現任何感染

然後呢現在開機又突然跳出視窗警告我
"檔案 c:\windows\system32\odbcjet.exe 受到 Win32/TrojanDownloader.VB.ANF trojan 感染。可以刪除檔案。強烈建議你繼續清除前備份任何重要資料。"

那我清除木馬呢...他又要刪除這個檔
刪除之後呢
系統又告訴我重大錯誤

而且我進入安全模式
NOD32根本不啟動.......:on_63:

我使用線上掃描
Panda 反而告訴我有另一隻木馬且以清除
之後就找不到

卡巴是沒找到木馬

BDF找到同樣的感染
但是無法清除感染也無法刪除檔案

:on_36: :on_36:

請問
我該如何解決

建議您換一種掃毒工具，
我近日提供的幾種都不錯!

用 hijackthis 掃描
http://www.trendsecure.com/portal/en...ackThis_v2.exe

把日誌貼上來

引用:

作者: plunderer (文章 1734450)

用 hijackthis 掃描
http://www.trendsecure.com/portal/en...ackThis_v2.exe

把日誌貼上來

日誌是什麼??
log file嗎??
http://hjt-data.trend-braintree.com/...report=3907101

-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 01:43:33, on 2007/6/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ching-Ping Yang\桌面\HiJackThis_v2.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\dl_text.html
O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\Ching-Ping Yang\桌面\SmartGet1.2\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\dl_url.html
O8 - Extra context menu item: 使用 S&martGet 下載 - C:\Documents and Settings\Ching-Ping Yang\桌面\SmartGet1.2\dl_link.htm
O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://milkygp.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor...n/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1144384069520
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com/Kor/vc4w_ocx/Vcrscan.CAB
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing)
O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 14333 bytes

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing)

O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing)

勾選並修復上述項目, (其實只有第一項有問題, 其他項是檔案不存在的無效項目)重新開機後, 刪除 C:\WINDOWS\system32\ODBCJET.exe
若無法刪除, 就以安全模式登入 windows 再刪除

ODBCJET.exe 是在開機登入 windows 時就被掛載, 也就是說, 比防毒軟體還早執行, 因此防毒軟體能查但刪不掉

引用:

作者: plunderer (文章 1734508)

感謝大大指導
但是小弟尚有兩個疑問,還請指教
1.ODBCJET.exe 刪除會不會造成我系統影響
2.為什麼我的防毒軟體NOD32 一下子找的到一下子找不到這隻

http://virusscan.jotti.org/
利用線上掃描的結果

Service load: 0% 100%

File: ODBCJET.exe
Status: INFECTED/MALWARE
MD5 b7c835b89ca33ca7ba9012038a80ebe3
Packers detected: EXPRESSOR

Scanner results
Scan taken on 12 Jun 2007 08:52:04 (GMT)

A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found GenPack:Trojan.Downloader.VB.AGZ (probable variant)
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/TrojanDownloader.VB.ANF
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Packed/eXPressor
VBA32 Found nothing

=========================================================
http://www.virustotal.com/vt/en/resu...6381b376419a74

STATUS: FINISHEDComplete scanning result of "ODBCJET.exe", received in VirusTotal at 06.12.2007, 10:50:42 (CET).

http://aycu08.webshots.com/image/17287/2000358243765401950_rs.jpg

我比較在意的是
為啥我的NOD32掃不到這隻木馬

ODBCJET.exe 並非系統檔案, 但已在 system.ini 設定為登入時掛載, 若直接刪除, 開機時找不到ODBCJET.exe 就會提示錯誤(但不影響正常使用), 所以必須先在 hijackthis 內修復, 重新開機後再刪除

防毒軟體的"監控"只在讀到檔案時才會起作用, 且這隻木馬未常駐在記憶體內, 所以才會一下子找的到一下子找不到....你用"掃描"就應該每次都能查到了

感謝不飛大 plunderer大 mancool大
我已經將其刪除
再次感謝