病毒 Virus.Win32.Delf.bz
病毒 Virus.Win32.Delf.bz感染硬盘中所以*.exe文件
怎样解决?
SREng和冰刃不是很有效!
高手出招!!! 高手在哪??? [font=宋体][size=10.5pt][color=#000000]手工清除请按照行为分析删除对应文件,恢复相关系统设置!太累!!!:L: :L: :L: [/color][/size][/font]
[font=宋体][size=10.5pt][color=#000000][font=Arial][size=10.5pt](1) [/size][/font][font=宋体][size=10.5pt]结束病毒进程:[/size][/font][/color][font=Arial][size=10.5pt][color=#000000]
%WinDir%\cmdbcs.exe
%WinDir%\Kvsc3.exe
%WinDir%\msccrt.exe
%WinDir%\msppds.exe
%WinDir%\shualai.exe
%WinDir%\winform.exe [/color]
[color=#000000][font=Arial][size=10.5pt](2) [/size][/font][font=宋体][size=10.5pt]删除并恢复病毒添加与修改的注册表键值:[/size][/font][/color][color=#000000][font=Arial][size=10.5pt]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{DD7D4640-4464-48C 0-82F D-21338366D2D2}\
InProcServer32\@
Value: String: "C:\Program Files\InternetExplorer\
MoWang.tdm"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{DD7D4640-4464-48C0-82FD-21338366D2D2}\
InProcServer32\ThreadingModel
Value: String: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\ShellExecuteHooks\
{42A612A4-4334-4424-4234-42261A31A236}
Value: String: "pdkpri.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\ShellExecuteHooks\
{DD7D4640-4464-48C0-82FD-21338366D2D2}
Value: String: ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\cmdBcs
Value: String: "WINDIRcmdbcs.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\Kvsc3
Value: String: "WINDIRKvsc3.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\mscCrt
Value: String: "WINDIRmsccrt.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\mspPds
Value: String: "WINDIRmsppds.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\shuAlai
Value: String: "WINDIRshualai.exe /i"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\upxDnd
Value: String: "%\DOCUME~1%\ [/size][/font][font=宋体][size=10.5pt]当前用户名[/size][/font][/color][font=Arial][size=10.5pt][color=#000000]\
LOCALS~1\Temp\upxdnd.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\winForm
Value: String: "WINDIRwinform.exe" [/color]
[color=#000000][font=Arial][size=10.5pt](3) [/size][/font][font=宋体][size=10.5pt]删除病毒释放文件:[/size][/font][/color][font=Arial][size=10.5pt][color=#000000]
%WinDir%\cmdbcs.exe
%WinDir%\Kvsc3.exe
%WinDir%\msccrt.exe
%WinDir%\msppds.exe
%WinDir%\shualai.exe
%WinDir%\winform.exe
%System32%\cmdbcs.dll
%System32%\explorer.exe
%System32%\kupini.dll
%System32%\Kvsc3.dll
%System32%\msccrt.dll
%System32%\msppds.dll
%System32%\shualai.dll
%System32%\winform.dll [/color]
[/size][/font]大家试试![/size][/font][/size][/font][/size][/font]
[font=宋体][size=10.5pt][font=Arial][size=10.5pt][font=Arial][size=10.5pt]最好找专杀!期待专杀![/size][/font][/size][/font][/size][/font][font=宋体][size=10.5pt][font=Arial][size=10.5pt]
[/size][/font][/size][/font] AV终结者试下
页:
[1]
