编辑注册表,删除以下项:并删除对应文件
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<wywbgl4><C:\WINDOWS\servicer.exe> [N/A]
<2se3><C:\WINDOWS\iexp1ore.exe> [N/A]
<8m9ug528qw1fg><C:\WINDOWS\system.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><354797M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> [N/A]
关闭以下服务:并删除对应文件
[erve / erver]
<C:\WINDOWS\G_Server1.23.exe><N/A>
[Gray_Pigeon_Server1.23 / GrayPigeonServer1.23]
<C:\WINDOWS\erver.exe><>
[Proxy Service / HTran]
<C:\1.exe -run><N/A>
[host Service For Windows / mshostsr]
<C:\WINDOWS\mshostsr.exe><N/A>
[Security Accounts Manager Two / samsss]
<C:\WINDOWS\System32\lsasss.exe><Microsoft Corporation>(注意与正常系统文件区分)
[Windows DHCP Service / WinDHCPsvc]
<C:\WINDOWS\System32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
驱动程序
[242518 / 242518]
<\SystemRoot\System32\drivers\242518.sys><N/A>
正在运行的进程
[C:\DOCUME~1\lyj.OEM\LOCALS~1\Temp\2u.dll] [N/A, N/A]
[PID: 512][C:\WINDOWS\mshostsr.exe] [N/A, N/A]
[PID: 1144][C:\WINDOWS\System32\lsasss.exe] [Microsoft Corporation, 5.2.3790.1830]
[PID: 1828][C:\WINDOWS\system.exe] [N/A, N/A]
[[PID: 2884][C:\WINDOWS\iexp1ore.exe] [N/A, N/A]
[C:\Documents and Settings\All Users\「开始」菜单\共享文件\Notificat] [N/A, N/A]
[C:\WINDOWS\354797M.BMP] [N/A, N/A]
[C:\DOCUME~1\lyj.OEM\LOCALS~1\Temp\2u.dll] [N/A, N/A]
[PID: 3588][C:\WINDOWS\servicer.exe] [N/A, N/A]
[C:\WINDOWS\354797M.BMP] [N/A, N/A]
[C:\WINDOWS\System32\Qqyov.dll] [N/A, N/A]
[C:\DOCUME~1\lyj.OEM\LOCALS~1\Temp\2u.dll] [N/A, N/A]
[C:\WINDOWS\System32\Kav26.dll] [N/A, N/A]
[C:\WINDOWS\System32\Qqzos.dll] [N/A, N/A]
个人认为,升级你的杀软,进入安全模式全盘扫描,进行查杀,清理系统和IE临时文件,然后回到正常模式再扫一个日志看看,对于遗留的再处理,这么多的病毒恐怕靠手动查杀,对于动手经验少的,还不得累坏啊
