Global.exe，keyboard.exe 驱动级病毒！

虽然网上查了些资料，但还是不行！释放主要文件如下：
%systemroot%\cursors\boom.vbs
%systemroot%\system\keyboard.exe
%systemroot%\system32\dllcache\default.exe
%systemroot%\fonts\fonts.exe %systemroot%\system32\drivers\drivers.cab.exe
%systemroot%\fonts\fonts.exe %systemroot%\media\rndll32.pif
%systemroot%\pchealth\helpctr\binaries\helphost.com
%systemroot%\fonts\tskmgr.exe %systemroot%\pchealth\Global.exe
%systemroot%\system32\dllcache\autorun.inf
%systemroot%\system32\dllcache\system.exe
%systemroot%\system32\dllcache\svchost.exe
%systemroot%\system32\dllcache\Global.exe
%systemroot%\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\system.exe
%systemroot%\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\svchost.exe
%systemroot%\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\Global.exe
各个盘符下的autorun.inf以及MS-DOS.com
下面的专杀也不完美
@echo off
title 金来全 Global.exe删除代码
color 0a
taskkill /im Global.exe /t /f
taskkill /im tskmgr.exe /t /f
attrib -s -h -r c:\autorun.inf
attrib -s -h -r C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
attrib -s -h -r C:\WINDOWS\pchealth\Global.exe
attrib -s -h -r C:\WINDOWS\system32\dllcache\Default.exe
attrib -s -h -r C:\WINDOWS\pchealth\Global.exe
attrib -s -h -r C:\WINDOWS\system\KEYBOARD.exe
attrib -s -h -r C:\WINDOWS\Fonts\Fonts.exe
attrib -r -s -h C:\MS-DOS.com
attrib -r -s -h C:\WINDOWS\Cursors\Boom.vbs
attrib -r -s -h C:\windows\fonts\tskmgr.exe
attrib -r -s -h C:\windows\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\global.exe
attrib -r -s -h C:\windows\system32\dllcache\rndll32.exe
attrib -r -s -h C:\windows\system32\drivers\drivers.cab.exe
del c:\autorun.inf
del C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
del C:\WINDOWS\pchealth\Global.exe
del C:\WINDOWS\system32\dllcache\Default.exe
del C:\WINDOWS\pchealth\Global.exe
del C:\windows\fonts\tskmgr.exe
del C:\WINDOWS\system\KEYBOARD.exe
del C:\WINDOWS\Fonts\Fonts.exe
del C:\MS-DOS.com
del C:\WINDOWS\Cursors\Boom.vbs
del C:\windows\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\global.exe
del C:\windows\system32\dllcache\rndll32.exe
del C:\windows\system32\drivers\drivers.cab.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\autorun.inf attrib -s -h -r %%d:\autorun.inf
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\autorun.inf del %%d:\autorun.inf /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com attrib -s -h -r %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\Global.exe attrib -s -h -r %%d:\WINDOWS\pchealth\Global.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system32\dllcache\Default.exe attrib -s -h -r %%d:\WINDOWS\system32\dllcache\Default.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system\KEYBOARD.exe attrib -s -h -r %%d:\WINDOWS\system\KEYBOARD.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\Fonts\Fonts.exe attrib -s -h -r %%d:\WINDOWS\Fonts\Fonts.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\MS-DOS.com attrib -s -h -r %%d:\MS-DOS.com
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com del %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\Global.exe del %%d:\WINDOWS\pchealth\Global.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system32\dllcache\Default.exe del %%d:\WINDOWS\system32\dllcache\Default.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system\KEYBOARD.exe del %%d:\WINDOWS\system\KEYBOARD.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\Fonts\Fonts.exe del %%d:\WINDOWS\Fonts\Fonts.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\MS-DOS.com del %%d:\MS-DOS.com /q
'cls
set rg = createobject("wscript.shell")
on error resume next
rg.regwrite "HKCR\.vbs\", "VBSFile"
rg.regwrite "HKCU\Control Panel\Desktop\SCRNSAVE.EXE", ""
rg.regwrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut", "30"
rg.regwrite "HKCR\MSCFile\Shell\Open\Command\", ""
rg.regwrite "HKCR\regfile\Shell\Open\Command\", ""
rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", ""
rg.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", ""
rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", ""
rg.regwrite "HKEY_CLASSES_ROOT\MSCFile\Shell\Open\Command\", ""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\DisplayName","Local Group Policy"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\FileSysPath",""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\GPO-ID","LocalGPO"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\GPOName","Local Group Policy"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\SOM-ID","Local"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0\Parameters",""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0\Script",""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\DisplayName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\FileSysPath", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\GPO-ID", "LocalGPO"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\GPOName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\SOM-ID", "Local"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Parameters", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Script", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\DisplayName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\FileSysPath", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\GPO-ID", "LocalGPO"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\GPOName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\SOM-ID", "Local"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\0\Parameters", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\0\Script", ""
cls
set /p tmp=C盘该病毒清除完毕，请按回车开始删除其他分区病毒。
cls
@echo off
title 金来全 Global.bat删除代码
color 0a
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
echo 例如：D盘无法打开则输入 d,你也可以输入d,e,f这样来同时
echo 对这三个分区操作。
echo.
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
set /p input=[请输入无法打开的分区的盘符]
attrib -s -h -r %input%:\autorun.inf
attrib -s -h -r %input%:\MS-DOS.com
cls
del %input%:\autorun.inf /q
del %input%:\MS-DOS.com /q
cls
echo 恭喜查杀成功！！。
===========================
一运行Regedit，又出来了！希望360能出专杀，谢谢！

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

感谢楼主提供分享

瑞星版本20.46.02
Global.exe  Worm.Win32.VB.nk