【求助】遇到sxs.exe病毒变种,无法解决,求助
1、症状
全部盘符无法双击打开,系统变慢
2、特点
在正常状态下显示隐藏文件能看到autorun.bat autorun.reg autorun.vbs sxs.exe
文件,但看不到autorun.inf文件
在安全模式下能看到autorun.inf,内容如下:
[autorun]
shell\open=打开(&O)
shell\open\Command=WScript.exe .\autorun.vbs
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=WScript.exe .\autorun.vbs
open=RavMon.exe
shellEXEcute=RavMon.exe
shell\Auto\command=RavMon.exe
进程中没有名称异样的进程,列表如下:
[csrss.exe]
[winlogon.exe]
[SERVICES.EXE]
[LSASS.EXE]
[Ati2evxx.exe]
[SVCHOST.EXE]
PID = 0x3c4
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch
[SVCHOST.EXE]
PID = 0x3fc
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[CCenter.exe]
[SVCHOST.EXE]
PID = 0x49c
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[SVCHOST.EXE]
PID = 0x4f4
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService
[SVCHOST.EXE]
PID = 0x550
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService
[RavMonD.exe]
[Ati2evxx.exe]
[EXPLORER.EXE]
[wscript.exe]
[conime.exe]
[spoolsv.exe]
[SOUNDMAN.EXE]
[RavTask.exe]
[Acrotray.exe] CommandLine = "D:\Program Files\Adobe\Acrobat 7.0
\Distillr\Acrotray.exe"
[ctfmon.exe]
[RavMon.exe]
[wdfmgr.exe]
[alg.exe]
[webaClient.exe]
[Ras.exe]
4、求助
已经试了好多方法,没有效果,怀疑一启动就回触发病毒
希望大家帮助,谢谢!
