我日!!!!!!

病毒啊...机子看来要重装了


注册表扫描完成.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>

<head>
<style> a:link                        {font:9pt/11pt 宋体; color:FF0000} a:visited                {font:9pt/11pt 宋体; color:#4e4e4e}
</style>

<META NAME="ROBOTS" CONTENT="NOINDEX">

<title>无法找到网页</title>

<META HTTP-EQUIV="Content-Type" Content="text-html; charset=gb2312">
<META NAME="MS.LOCALE" CONTENT="ZH-CN">
</head>

<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

        //For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
        DocURL = document.URL;

        //this is where the http or https will be, as found by searching for :// but skipping the res://
        protocolIndex=DocURL.indexOf("://",4);

        //this finds the ending slash for the domain server
        serverIndex=DocURL.indexOf("/",protocolIndex + 3);

                //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
        //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
        //urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
        BeginURL=DocURL.indexOf("#",1) + 1;

        urlresult=DocURL.substring(BeginURL,serverIndex);

        //for display, we need to skip after http://, and go to the next slash
        displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);

        InsertElementAnchor(urlresult, displayresult);
}

function HtmlEncode(text)
{
    return text.replace(/&/g, '&amp').replace(/'/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}

function TagAttrib(name, value)
{
    return ' '+name+'="'+HtmlEncode(value)+'"';
}

function PrintTag(tagName, needCloseTag, attrib, inner){
    document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
    if (needCloseTag) document.write( '</' + tagName +'>' );
}

function URI(href)
{
    IEVer = window.navigator.appVersion;
    IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );

    return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
        encodeURI(href) :
        escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}

function InsertElementAnchor(href, text)
{
    PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}

//-->
</script>

<body bgcolor="FFFFFF">

<table width="410" cellpadding="3" cellspacing="5">

  <tr>
    <td align="left" valign="middle" width="360">
        <h1 style="COLOR:000000; FONT: 12pt/15pt 宋体"><!--Problem-->无法找到网页</h1>
    </td>
  </tr>

  <tr>
<td width="400" colspan="2"> <font style="COLOR:000000; FONT: 9pt/11pt 宋体">您正在搜索的网页可能已经删除、更名或暂时不可用。</font></td>
  </tr>

  <tr>
    <td width="400" colspan="2"> <font style="COLOR:000000; FONT: 9pt/11pt 宋体">

        <hr color="#C0C0C0" noshade>

<p>请尝试下列操作：</p>

        <ul>
<li>如果您在“地址”栏中键入了网页地址，请检查其拼写是否正确。<br>
      </li>

<li>打开 <script>
          <!--
          if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
          {
                  Homepage();
          }
          //-->
           </script> 主页，寻找指向所需信息的链接。</li>

<li>单击<a href="javascript:history.back(1)">后退</a>按钮尝试其他链接。</li>
    </ul>

<h2 style="font:9pt/11pt 宋体; color:000000">HTTP 404 - 无法找到文件<br> Internet 信息服务<BR></h2>

        <hr color="#C0C0C0" noshade>

        <p>技术信息（支持个人）</p>

<ul>
<li>详细信息：<br><a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=404&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft 支持</a>
</li>
</ul>

    </font></td>
  </tr>

</table>
</body>
</html>
发现木马
请重新启动计算机,才能彻底清除
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>

<head>
<style> a:link                        {font:9pt/11pt 宋体; color:FF0000} a:visited                {font:9pt/11pt 宋体; color:#4e4e4e}
</style>

<META NAME="ROBOTS" CONTENT="NOINDEX">

<title>无法找到网页</title>

<META HTTP-EQUIV="Content-Type" Content="text-html; charset=gb2312">
<META NAME="MS.LOCALE" CONTENT="ZH-CN">
</head>

<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

        //For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
        DocURL = document.URL;

        //this is where the http or https will be, as found by searching for :// but skipping the res://
        protocolIndex=DocURL.indexOf("://",4);

        //this finds the ending slash for the domain server
        serverIndex=DocURL.indexOf("/",protocolIndex + 3);

                //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
        //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
        //urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
        BeginURL=DocURL.indexOf("#",1) + 1;

        urlresult=DocURL.substring(BeginURL,serverIndex);

        //for display, we need to skip after http://, and go to the next slash
        displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);

        InsertElementAnchor(urlresult, displayresult);
}

function HtmlEncode(text)
{
    return text.replace(/&/g, '&amp').replace(/'/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}

function TagAttrib(name, value)
{
    return ' '+name+'="'+HtmlEncode(value)+'"';
}

function PrintTag(tagName, needCloseTag, attrib, inner){
    document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
    if (needCloseTag) document.write( '</' + tagName +'>' );
}

function URI(href)
{
    IEVer = window.navigator.appVersion;
    IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );

    return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
        encodeURI(href) :
        escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}

function InsertElementAnchor(href, text)
{
    PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}

//-->
</script>

<body bgcolor="FFFFFF">

<table width="410" cellpadding="3" cellspacing="5">

  <tr>
    <td align="left" valign="middle" width="360">
        <h1 style="COLOR:000000; FONT: 12pt/15pt 宋体"><!--Problem-->无法找到网页</h1>
    </td>
  </tr>

  <tr>
<td width="400" colspan="2"> <font style="COLOR:000000; FONT: 9pt/11pt 宋体">您正在搜索的网页可能已经删除、更名或暂时不可用。</font></td>
  </tr>

  <tr>
    <td width="400" colspan="2"> <font style="COLOR:000000; FONT: 9pt/11pt 宋体">

        <hr color="#C0C0C0" noshade>

<p>请尝试下列操作：</p>

        <ul>
<li>如果您在“地址”栏中键入了网页地址，请检查其拼写是否正确。<br>
      </li>

<li>打开 <script>
          <!--
          if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
          {
                  Homepage();
          }
          //-->
           </script> 主页，寻找指向所需信息的链接。</li>

<li>单击<a href="javascript:history.back(1)">后退</a>按钮尝试其他链接。</li>
    </ul>

<h2 style="font:9pt/11pt 宋体; color:000000">HTTP 404 - 无法找到文件<br> Internet 信息服务<BR></h2>

        <hr color="#C0C0C0" noshade>

        <p>技术信息（支持个人）</p>

<ul>
<li>详细信息：<br><a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=404&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft 支持</a>
</li>
</ul>

    </font></td>
  </tr>

</table>
</body>
</html>
发现木马
请重新启动计算机,才能彻底清除
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@ads.adsag[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@ads.cnn[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@ads.pointroll[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@advertising[2].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@atdmt[2].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@counter14.sextracker[1].txt
发现非法ie记录:
Sextracker Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@counter14.sextracker[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@cs.sexcounter[2].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@dcads.sina.com[1].txt
发现非法ie记录:
Doubleclick Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@doubleclick[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@mediaplex[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@sexlist[1].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@sextracker[2].txt
发现非法ie记录:
Sextracker Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@sextracker[2].txt
发现非法ie记录:
Admonitor Spyware Cookie found in c:\documents and settings\ibm\cookies\ibm@statse.webtrendslive[1].txt

已删除: 广告程序 not-a-virus:AdWare.Win32.IEHlpr.o        文件: C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Crypto\\babadf.exe

阁下过于激动了....

完了完了，现在IE都打不开。只能用狐狸了 ，还有色情广告

http://www.DocURL.com/bar.htm
应该是这一段不？
引用了别的网页里面的东西？？？


建议楼主安装IE7，然后可以rest 浏览器。就不怕入侵了。

就是这样的！！！！谢谢楼上的 ，不过只能用IE7吗？删不掉么？

早就和你说过 别老上黄色网站 就是不听啊~ 这下完了吧~

．．．．你才上呢，还给老师逮到了吧．．哈哈，你活该

原帖由 Robin 于 12-8 18:28 发表
．．．．你才上呢，还给老师逮到了吧．．哈哈，你活该

WHAT？   那是你吧？ 哈哈

....我电脑都没法用了,给homestay的孩了