hddai - 2007-2-21 3:50:00
盗Q木马 isignup.sys isignup.dll
该木马运行后,删除QQ目录下的键盘保护文件“npkcrypt.sys”,并尝试访问网络下载其它木马病毒,生成以下文件:
C:\Program Files\Internet Explorer\Connection Wizard\icwres.ocx
C:\Program Files\Internet Explorer\Connection Wizard\isignup.dll
C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys
手工清除方法
1.删除病毒添加的注册表项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}
[HKEY_CLASSES_ROOT\CLSID
{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}
2.重新启动系统
删除病毒文件:
C:\Program Files\Internet Explorer\Connection Wizard\icwres.ocx
C:\Program Files\Internet Explorer\Connection Wizard\isignup.dll
C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys
4.重新安装一下QQ,并反病毒软件查看是否还有其它木马病毒!
© 2000 - 2026 Rising Corp. Ltd.