avpsrv.exe 今天上午楼上办公网有几台的机器不能上网，ping不通网关，但可ping通网内的机器，怀疑arp欺骗，在代理服务器上用arp查看，发现很多ip对应同一mac地址，查到此mac地址ip，找到该主机，发现瑞星已经不能启动，arp jin tian shang wu lou shang ban gong wang you ji tai de ji qi bu neng shang wang ping bu tong wang guan dan ke ping tong wang nei de ji qi huai yi arp qi pian zai dai li fu wu qi shang yong arp cha kan fa xian hen duo ip dui ying tong yi mac di zhi cha dao ci mac di zhi ip zhao dao gai zhu ji fa xian rui xing yi jing bu neng qi dong arp -a可列出其所攻击的所有ip地址，用木马助手查杀出很多木马病毒，rnmain.exe，nslookupi.exe，avpsrv.dll，mosou.dll……其中将nslookupi.exe进程删除后，网络恢复正常，在网上查了一下nslookupi.exe应该是一种arp欺骗木马，但是没有查到进一步的详细信息。 -a ke lie chu qi suo gong ji de suo you ip di zhi yong mu ma zhu shou cha sha chu hen duo mu ma bing du rnmain.exe nslookupi.exe avpsrv.dll mosou.dll qi zhong jiang nslookupi.exe jin cheng shan chu hou wang luo hui fu zheng chang zai wang shang cha le yi xia nslookupi.exe ying gai shi yi zhong arp qi pian mu ma dan shi mei you cha dao jin yi bu de xiang xi xin xi 正在写博客的时候，机房一个网段也发生arp欺骗，有客户反映丢包严重，三层交换机的log中有网关地址冲突的信息 zheng zai xie bo ke de shi hou ji fang yi ge wang duan ye fa sheng arp qi pian you ke hu fan ying diu bao yan zhong san ceng jiao huan ji de log zhong you wang guan di zhi chong tu de xin xi jul 11 13:53:02: jul 11 13:53:02: %ip-4-dupaddr: duplicate address *.*.215.1 on vlan2, sourced by avpsrv.exe %ip-4-dupaddr: duplicate address *.*.215.1 on vlan2, sourced by avpsrv.exe 0004.23cf.2090 0004.23cf.2090 shutdown该主机端口，clear shutdown gai zhu ji duan kou clear arp，网络恢复正常。 arp wang luo hui fu zheng chang 最近机房经常发生arp欺骗，不知有什么好的解决办法 zui jin ji fang jing chang fa sheng arp qi pian bu zhi you shen me hao de jie jue ban fa avpsrv.exe