auto.exe又出新变种了?
删除文件:
C:\WINNT\system32\explore3.exe
C:\WINNT\Kvsc3.exe> [N/A]
C:\WINNT\msccrt.exe> []
C:\WINNT\MsPrint32D.exe> []
C:\WINNT\upxdnd.exe> [N/A]
C:\WINNT\cmdbcs.exe> [N/A]
C:\WINNT\DbgHlp32.exe
C:\WINNT\MsIMMs32.exe
C:\WINNT\system32\EF206EA6.EXE
找到
winforms.dll
zinforms.dll
C:\Program Files\Internet Explorer\PLUGINS\IPictureEx.dll
应该还有一个与C:\WINNT\system32\EF206EA6.EXE相对应的DLL文件,由于没有进程,不知道文件名
依次重命名为1.DLL 2.DLL 3.DLL...
删除每个分区下的
auto.exe autorun.inf
重起,删除注册表中
<ravshell><C:\WINNT\system32\explore3.exe> [N/A]
<Kvsc3><C:\WINNT\Kvsc3.exe> [N/A]
<msccrt><C:\WINNT\msccrt.exe> []
<MsPrint32D><C:\WINNT\MsPrint32D.exe> []
<upxdnd><C:\WINNT\upxdnd.exe> [N/A]
<MsIMMs32><C:\WINNT\MsIMMs32.exe> [N/A]
<cmdbcs><C:\WINNT\cmdbcs.exe> [N/A]
<DbgHlp32><C:\WINNT\DbgHlp32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe> [N/A]
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winforms.dll> []
<{AEB6717E-7E19-11d0-97EE-00C04FD91975}><zinforms.dll> []
<IPicture><"C:\Program Files\Internet Explorer\PLUGINS\IPictureEx.dll> [N/A]
把[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><zinforms.dll> []设置为空
删除服务
[A6C6F6E6 / A6C6F6E6][Stopped/Auto Start]
<C:\WINNT\system32\EF206EA6.EXE -k><Microsoft Corporation>