[C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll] [N/A, ]
盗号木马 尚未找到变种。
Autorun.inf
[C:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[D:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[E:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[F:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
(PegeFile.pif是该病毒副本,arto自运行链接网络下载病毒)
用冰刃删除
病毒创建的ShellExecuteHooks项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0EA66AD2-CF26-2E23-532B-B292E22F3266}"=""
[HKEY_CLASSES_ROOT\CLSID\{0EA66AD2-CF26-2E23-532B-B292E22F3266}]
删除文件
%ProgramFiles%\Internet Explorer\PLUGINS\NewTemp.dll
删除各分区(C,D,E,F)下文件文件:
X:\PegeFile.pif
X:\autorun.inf
