downloader插件失败，请检查插件加载顺序 我电脑老是冒出這个、这是为什么？怎么办他才能把他消灭？

這个是怎么回事啊？ 老是从电脑里面弹出来？

要怎么做它才可以消失啊？

清理开机启动项，还有插件之类的东西。很可能中毒了。

该病毒属木马类。病毒使用Windows图片浏览器的图标，用以迷惑用户点击运行。病毒运行后，复制自身到系统目录%WINDIR%下，释放病毒文件，修改注册表，添加启动项，以达到随机启动的目的，连接网络，开启本地端口，下载病毒文件，修改用户QICQ密码，盗取用户的敏感信息，并使QICQ带有“QQ尾巴”，自动发送含有被挂马的网站信息，终止反病毒软件的进程，阻止杀毒软件的安装。该病毒对用户有较大危害。 行为分析： 1、病毒使用Windows图片浏览器的图标，用以迷惑用户点击运行。 2、病毒运行后，复制自身到系统目录%WINDIR%下，释放病毒文件： %WINDIR%\niw.exe %system32%\impai.exe 3、修改注册表，添加启动项，以达到随机启动的目的： 修改的注册表项： HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile \shell\open\command 原键值：字串："默认"="%SystemRoot%\system32 \NOTEPAD.EXE %1." 修改的键值：字串："默认"="C:\WINDOWS\system32 \impai.exe "%1"" 新建注册表项： HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Run 键值: 字串: "NIW "="C:\WINDOWS\NIW.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run 键值: 字串: "Desktop"="C:\WINDOWS\system32 \rundll32.exe" "C:\Program Files\DeskAdTop\Run.dll" ,Rundll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {08A312BB-5409-49FC-9347-54BB7D069AC6}\ 键值: 字串: "默认"="MonitorURL Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {08A312BB-5409-49FC-9347 54BB7D069AC6}\InprocServer32\ 键值: 字串: "默认"="C:\PROGRA~1\DESKAD~1 \deskipn.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{08A312BB-5409-49FC-9347-54BB7D069AC6}\InprocServer32\ 键值: 字串: "ThreadingModel "="Apartment" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {08A312BB-5409-49FC-9347-54BB7D069AC6}\ProgID 键值: 字串: "默认"="MonitorIE.MonitorURL.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {08A312BB-5409-49FC-9347 54BB7D069AC6}\VersionIndependentProgID 键值: 字串: "默认"="MonitorIE.MonitorURL" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL.1 键值: 字串: "默认"="MonitorURL Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL.1\CLSID 键值: 字串: "默认"="{08A312BB-5409-49FC-9347-54BB7D069AC6}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE.MonitorURL 键值: 字串: "默认"="MonitorURL Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL\CLSID 键值: 字串: "默认"="{08A312BB-5409-49FC-9347-54BB7D069AC6}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL\CurVer 键值: 字串: "默认"="MonitorIE.MonitorURL.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {647BB013-E900-473E-BC10-99CF3AC365AD}\1.0\0\win32 键值: 字串: "默认"="C:\Program Files\DeskAdTop\deskipn.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {647BB013-E900-473E-BC10-99CF3AC365AD}\1.0 键值: 字串: "默认"="MonitorIE 1.0 Type Library" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {647BB013-E900-473E-BC10-99CF3AC365AD}\1.0\ 键值: 字串: "HELPDIR"="C:\Program Files\DeskAdTop\" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ 键值: 字串: "DownloadManager"="C:\WINDOWS\system32 \rundll32.exe"C:\Program Files\DeskAdTop\Run.dll" ,Rundll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\桌面媒体 键值: 字串: " DisplayName "="桌面媒体" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\桌面媒体 键值: 字串: "SetupPath"="C:\Program Files\DeskAdTop\" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\桌面媒体 键值: 字串: "UninstallString"="C:\Program Files\DeskAdTop\DeskUn.exe" 4、连接网络，开启本地端口，下载病毒文件： 协议：TCP 端口：随机开启本地1024以上端口，如：1124 IP地址：210.51.168.69 下载的病毒文件： %system32%\tmdown.exe %system32%\tmdown1.exe %Program Files%\deskadtop\_uninstall %Program Files%\deskadtop\allverx.dat %Program Files%\deskadtop\deskipn.dll %Program Files%\deskadtop\DeskUn.exe %Program Files%\deskadtop\Mrup.exe %Program Files%\deskadtop\Run.dll %Program Files%\deskadtop\sinfo.ini 5、修改用户QICQ密码，盗取用户的敏感信息，并使QICQ带有“QQ尾巴”，自动发送含有被挂马的网站信息： QQ尾巴内容为： 咱们老同学的校友录有新留言了,你看看吧! http://www.0451m***.com/img/chianren.htm 6、终止反病毒软件的进程，阻止杀毒软件的安装。 注：% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\Winnt\System32，windows95/98/me中默认的安装路径是C:\Windows\System，windowsXP中默认的安装路径是C:\Windows\System32。 清除方案 ： 1、使用安天木马防线可彻底清除此病毒(推荐)。 2、手工清除请按照行为分析删除对应文件，恢复相关系统设置。 (1) 使用安天木马防线“进程管理”关闭病毒进程 (2) 删除病毒文件 %WINDIR%\niw.exe %system32%\impai.exe %system32%\tmdown.exe %system32%\tmdown1.exe %Program Files%\deskadtop\_uninstall %Program Files%\deskadtop\allverx.dat %Program Files%\deskadtop\deskipn.dll %Program Files%\deskadtop\DeskUn.exe %Program Files%\deskadtop\Mrup.exe %Program Files%\deskadtop\Run.dll %Program Files%\deskadtop\sinfo.ini (3) 恢复病毒修改的注册表项目，删除病毒添加的注册表项 修改注册表项： HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile \shell\open\command 键值：字串："默认"="C:\WINDOWS\system32 \impai.exe "%1"" 改为： 键值：字串："默认"="%SystemRoot%\system32 \NOTEPAD.EXE %1." 删除以下注册表项： HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Run 键值: 字串: "NIW "="C:\WINDOWS\NIW.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run 键值: 字串: "Desktop"="C:\WINDOWS\system32 \rundll32.exe"C:\Program Files\DeskAdTop\Run.dll" ,Rundll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{08A312BB-5409-49FC-9347-54BB7D069AC6}\ 键值: 字串: "默认"="MonitorURL Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{08A312BB-5409-49FC-9347-54BB7D069AC6}\InprocServer32\ 键值: 字串: "默认"="C:\PROGRA~1\DESKAD~1\deskipn.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{08A312BB-5409-49FC-9347-54BB7D069AC6}\InprocServer32\ 键值: 字串: "ThreadingModel "="Apartment" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{08A312BB-5409-49FC-9347-54BB7D069AC6}\ProgID 键值: 字串: "默认"="MonitorIE.MonitorURL.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{08A312BB-5409-49FC-9347-54BB7D069AC6}\VersionIndependentProgID 键值: 字串: "默认"="MonitorIE.MonitorURL" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL.1 键值: 字串: "默认"="MonitorURL Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL.1\CLSID 键值: 字串: "默认"="{08A312BB-5409-49FC-9347-54BB7D069AC6}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE.MonitorURL 键值: 字串: "默认"="MonitorURL Class" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE. MonitorURL\CLSID 键值: 字串: "默认"="{08A312BB-5409-49FC-9347-54BB7D069AC6}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MonitorIE .MonitorURL\CurVer 键值: 字串: "默认"="MonitorIE.MonitorURL.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {647BB013-E900-473E-BC10-99CF3AC365AD}\1.0\0\win32 键值: 字串: "默认"="C:\Program Files\DeskAdTop\deskipn.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib \{647BB013-E900-473E-BC10-99CF3AC365AD}\1.0 键值: 字串: "默认"="MonitorIE 1.0 Type Library" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {647BB013-E900-473E-BC10-99CF3AC365AD}\1.0\ 键值: 字串: "HELPDIR"="C:\Program Files\DeskAdTop\" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ 键值: 字串: "DownloadManager"="C:\WINDOWS\system32 \rundll32.exe"C:\Program Files\DeskAdTop\Run.dll" ,Rundll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window s\CurrentVersion\Uninstall\桌面媒体 键值: 字串: " DisplayName "="桌面媒体" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\桌面媒体 键值: 字串: "SetupPath"="C:\Program Files\DeskAdTop\" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\桌面媒体 键值: 字串: "UninstallString"="C:\Program Files \DeskAdTop\DeskUn.exe 你说的rasmed.exe是:只有英文介绍的具体翻译你可以用金山在线翻译看看: My XPPro is behind a router with a firewall, and I run E-Trust Vet antivirus and Ad-aware, but still something infected the PC,but what is it? I boot from D:\ and about 30 seconds after login I get a Vet warning of infections as below. D:\Windows\system32\com\rasmed.exe (Win32/Chisnye!Generic) - deleted D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drsmartload(1).exe (Win32/Thoog.FB - deleted C:\dsmartload1.exe (Win32/Thoog.FB) - deleted In addition I get a CMD.exe error warning that "D:\windows\System32\com\rasmed.exe" cannot be found (It was deledted in a Virus scan prior to reboot. If I now run a virus scan across the system I get the following: Infected items D:\Windows\system32\com\rasmed.exe (Win32/Chisnye!Generic)- deleted D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\drsmartload(1).exe (Win32/Thoog.FB)- deleted C:\drsmartload(1).exe (Win32/Thoog.FB)- deleted In addition I not a file pro3_install.exe is regularly copied into C:\ at startup and at times when the PC is not in use. At similar intervals I get the CMD.exe warning as an attempt is made to run "D:\windows\System32\com\rasmed.exe"