【回复“shancat”的帖子】
建议用IceSword手工杀毒。
1、禁止进程创建。
2、结束下列被病毒模块插入的进程:
[PID: 1828][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 312][D:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[PID: 612][d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 6, 1, 292]
[PID: 3200][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3704][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3380][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[PID: 4088][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[PID: 2780][C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\Rar$EX02.422\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
3、删除下列病毒文件:
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso0.dll
4、取消IceSword的“禁止进程创建。
5、按Ctrl_Alt_Del,调出任务管理器。点击“文件”、“新建任务”,键入explorer.exe,按回车。
6、运行SRENG,删除下列启动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wosa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso.exe> []
<ztsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso.exe> []