斑竹，用瑞星杀毒后，IE不能打开解决 bbs.ikaka.com

ogim - 2006-7-10 0:19:00

斑竹，用瑞星杀毒后，IE不能打开解决。由于机器感染了了Trojan.dl.agent.hpx病毒，用瑞星杀毒后，双击桌面上的IE图标，不能打开！出现“Windows无法找到INTEXPLORE.com。该文件用于打开“文件”类型的文件。”的提示而不能上网。重启了一下，依然如故。请问如何解决。用瑞星杀毒没有病毒。把日志给我无邪看过了，也说没问题！
麻烦mopery能说说吗。

mopery - 2006-7-10 0:22:00

我无邪说没问题了...

我可能也没话能说得上...能否说清病毒路径...

ogim - 2006-7-10 0:36:00

病毒已经用瑞星杀干净了，但是IE不能正常打开！打开IE就出现提示对话：“Windows无法找到INTEXPLORE.com。该文件用于打开“文件”类型的文件。

mopery - 2006-7-10 0:39:00

IE 文件夹是否是我这样的..

附件: 632398200671003122.JPG

ogim - 2006-7-10 0:42:00

恩

mopery - 2006-7-10 0:42:00

你试着进文件夹里打开看看..

ogim - 2006-7-10 0:44:00

用INTEXPLORE可以打开网页但是不能看属性！只能打开IE在进工具修改

mopery - 2006-7-10 0:46:00

那是IE的快截方式...反正属性与进IE设置一样,..
好象没办法复原..

ogim - 2006-7-10 0:47:00

没有办法了吗？

我无邪 - 2006-7-10 0:48:00

你试试这样做
开始，运行，输入regedit
展开：HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" %1"
展开：HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" %1"
展开：HKEY_CLASSES_ROOT\ftp\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" %1"
展开HKEY_CLASSES_ROOT\htmlfile\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" -nohome"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" -nohome"

以上说明和你的不一定一样，但改为的则是一样的。
你试试，修复后，重启。
不行再反馈。

ogim - 2006-7-10 0:53:00

我去试试！以为不是自己的机器，要等明天，我会及时告诉你们的！
谢谢，无邪兄和mopery

Kind03 - 2006-8-26 15:15:00

我也是这个问题！貌似是中了落雪木马的后遗症，98下通过在注册表下找INTEXPLORE.com改回iexplore.exe就解决了，但XP下就是搞不定啊。
有没有人知道啊

yake0221 - 2006-8-26 16:52:00

我也一样`~

frwang - 2006-8-26 18:39:00

我也是这样，期待老大的文章。

Kind03 - 2006-10-14 18:45:00

我用卡巴把这个病毒监视了一遍
得到以下恢复文件，显示了病毒修改了注册表的哪些地方，可惜键值是我原来的键值
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]
@="\"D:\\Program Files\\Maxthon\\Maxthon.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\opennew\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@="\"D:\\Program Files\\Maxthon\\Maxthon.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,\
00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,\
00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,00,65,00,78,\
00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,\
00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,\
00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,\
00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command]
@="rundll32.exe url.dll,TelnetProtocolHandler %l"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command]
@="\"C:\\WINDOWS\\system32\\RUNDLL32.EXE\" C:\\WINDOWS\\system32\\scrobj.dll,GenerateTypeLib \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command]
@="rundll32.exe desk.cpl,InstallScreenSaver %l"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command]
@="\"D:\\Program Files\\Maxthon\\Maxthon.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,\
00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,\
00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,\
00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,\
00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,\
00,31,00,33,00,32,00,20,00,25,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command]
@="\"D:\\Program Files\\Microsoft Office\\OFFICE11\\msohtmed.exe\" /p %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dunfile\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,52,00,55,00,4e,00,44,\
00,4c,00,4c,00,33,00,32,00,2e,00,45,00,58,00,45,00,20,00,4e,00,45,00,54,00,53,\
00,48,00,45,00,4c,00,4c,00,2e,00,44,00,4c,00,4c,00,2c,00,49,00,6e,00,76,00,6f,\
00,6b,00,65,00,44,00,75,00,6e,00,46,00,69,00,6c,00,65,00,20,00,25,00,31,00,00,\
00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command]
@="rundll32.exe shell32.dll,Control_RunDLL \"%1\",%*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew]
"command"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,\
00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,\
00,65,00,6d,00,33,00,32,00,5c,00,73,00,79,00,6e,00,63,00,75,00,69,00,2e,00,64,\
00,6c,00,6c,00,2c,00,42,00,72,00,69,00,65,00,66,00,63,00,61,00,73,00,65,00,5f,\
00,43,00,72,00,65,00,61,00,74,00,65,00,20,00,25,00,32,00,21,00,64,00,21,00,20,\
00,25,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew]
"command"="rundll32.exe appwiz.cpl,NewLinkHere %1"

Kind03 - 2006-10-14 18:48:00

这时病毒释放的文件
:: This file generated by Kaspersky Anti-Virus ::
del "C:\WINDOWS\1.com"
del "C:\WINDOWS\EXP10RER.com"
copy "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\b54.FC74D6F001C6EF78.history\\00000000.bak" "C:\WINDOWS\WmFirewall.LOG"
del "C:\progra~1\common~1\inexplore.pif"
del "C:\progra~1\intern~1\inexplore.com"
del "C:\WINDOWS\smss.exe"
del "C:\WINDOWS\system32\command.pif"
del "C:\WINDOWS\finders.com"
del "C:\WINDOWS\system32\rund1132.com"
del "C:\DOCUME~1\he\LOCALS~1\Temp\~DFCEDD.tmp"
start restore.reg

瑞星卡卡安全论坛