有意思的病毒...
用附件的XDELBOX删除文件
C:\WINDOWS\system32\ffffff.dll
C:\WINDOWS\system32\dddddd.dll
C:\WINDOWS\system32\ytewcxzsw.dll
C:\WINDOWS\system32\eeeeee.dll
C:\WINDOWS\system32\kkkkkk.dll
C:\WINDOWS\system32\yyyyyy.dll
C:\WINDOWS\system32\pppppp.dll
C:\WINDOWS\system32\oooooo.dll
C:\WINDOWS\system32\aaaaaa.dll
C:\WINDOWS\system32\hhhhhh.dll
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\nbnwewd.exe
C:\WINDOWS\608769M.exe
C:\WINDOWS\isscs32.exe
C:\WINDOWS\ytewcxzsw.exe
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\WINDOWS\system32\msosmhfp00.dll
C:\WINDOWS\system32\msostuic00.dll
C:\WINDOWS\system32\nicozftp00.dll
C:\WINDOWS\system32\msosdohs00.dll
复制他们,从剪贴板导入,点上抑制再生,右键点击要删除的文件列表,选择立即重起删除
重起以后进入XDELBOX工具,执行删除~
删除过后,打开SRENG
注册表中删除
<ytewcxzsw><C:\WINDOWS\ytewcxzsw.exe> []
<isscs32><C:\WINDOWS\isscs32.exe> []
<WinSysM><C:\WINDOWS\608769M.exe> [N/A]
<nbnwewd><C:\WINDOWS\nbnwewd.exe> []
<KVP><C:\WINDOWS\system32\drivers\svchost.exe> [N/A]
<{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat> []
<{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win> []
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
编辑<AppInit_DLLs><ffffff.dll,msosmhfp00.dll,msostuic00.dll,nicozftp00.dll,msosdohs00.dll,dddddd.dll,ytewcxzsw.dll,eeeeee.dll,ieprot.dll,kkkkkk.dll,yyyyyy.dll,pppppp.dll,oooooo.dll,aaaaaa.dll,hhhhhh.dll,vvvvvv.dll> []
为<AppInit_DLLs><ieprot.dll> []
删除
驱动程序
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[cqit / cqit][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmp9.tmp><N/A>
[drop / drop][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmp15.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmp11.tmp><N/A>
[IIS Manager / IIS Manager ][Stopped/Manual Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\1.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmp13.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmpB.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[msp2p32 / msp2p32][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[ping / ping][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmpF.tmp><N/A>
[ptfs / ptfs][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmpD.tmp><N/A>
[tuic / tuic][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmp5A.tmp><N/A>
[zftp / zftp][Stopped/Auto Start]
<\??\C:\DOCUME~1\user01\LOCALS~1\Temp\tmp5.tmp><N/A>
删除浏览器加载
[]
{8AD0F1B1-990D-4F52-A33D-2837E43CEF58} <C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys, N/A>
[]
{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} <C:\Program Files\Internet Explorer\IEXPLORE32.win, N/A>
[]
{C5E87A05-F463-4841-B19E-DD3EC3862368} <C:\Program Files\Internet Explorer\IEXPLORE32.Sys, N/A>
[]
{EE12D60D-AD9A-4095-B839-3BE6862679FD} <C:\Program Files\Internet Explorer\IEXPLORE32.Dat, N/A>
修复文件关联
清理临时文件夹:
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空下列临时文件夹中所有内容:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
C:\WINDOWS\TEMP
如果是你是局域网用户,那么请一定要安装ARP防火墙~~~
绑定网关MAC地址~~~
