发表于: 2008-01-18 13:40 | 短消息 资料
字号: 11楼

注意:删除病毒可能会具有一定的危险性 所以强烈建议操作前要把重要资料转移至非系统分区!
打开sreng
启动项目 注册表 删除如下项目
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WinSysM><C:\WINDOWS\914847M.exe> [N/A]
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<WSockDrv32><C:\WINDOWS\sihjhs.exe> []
<NVDispDrv><C:\WINDOWS\NVDispDRV.EXE> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<miemexbyk><miemexbyk.exe> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><utgnehz.dll,nauhgnem.dll,auhad.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq.dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iqnauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dll,oadnew.dll,dgzg.dll,hz.dll,2ty.dll,jsfg.dll,qcsct.dll,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuyouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll,dqncj.dll> []清空此项

用SRENG扫描工具删除以下驱动程序
[mseqsy / mseqsy][Running/Auto Start]
<system32\DRIVERS\msacpe.sys><N/A>
[msskye / msskye][Running/Auto Start]
<system32\DRIVERS\msaclue.sys><N/A>
用SRENG扫描工具删除以下浏览器加载项
{9963387B-212E-4643-B207-82DAEA0E713D} <C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys, N/A>

重启计算机进入安全模式下删除
<miemexbyk><miemexbyk.exe> []
<WinSysM><C:\WINDOWS\914847M.exe> [N/A]
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<WSockDrv32><C:\WINDOWS\sihjhs.exe> []
<NVDispDrv><C:\WINDOWS\NVDispDRV.EXE> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
[C:\WINDOWS\system32\utgnehz.dll] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\uohsom.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\iemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\xhtd.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\gnaixnauhqq.dll] [N/A, ]
[C:\WINDOWS\epfnepsj.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\bxeimuet.dll] [N/A, ]
[C:\WINDOWS\epfnepsj.dll] [N/A, ]
<system32\DRIVERS\msacpe.sys><N/A>
<system32\DRIVERS\msaclue.sys><N/A>
{9963387B-212E-4643-B207-82DAEA0E713D} <C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys, N/A>
如果无法删除先下载XDelbox1.5删除工具
Xdelbox下载地址:http://www.dodudou.com/down/  打开后选择【原创软件】,下载XDelBox1.6。
打开XDelbox1.5勾选“抑制再生”、“备份文件”(为误操作留条后路)。把病毒路径添加进去(或者复制病毒路径然后点xdelbox右键"从剪贴板导入),然后点右键,立即重启并删除.

找台正常电脑将C:\WINDOWS\system32下的userinit.exe,复制到你电脑的同目录下。