把系统日期修改正确。
这个病毒会通过局域网传播,ARP欺骗,所以要断网操作。再处理完以后,安装ARP防火墙,绑定网关MAC地址
用附件的XDELBOX删除文件
C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys
C:\WINDOWS\system32\msosdohs00.dll
C:\WINDOWS\system32\msosfmsq00.dll
C:\WINDOWS\system32\msosmnsf00.dll
C:\WINDOWS\system32\MMKAFNFW1085.dll
C:\WINDOWS\system32\MMMHXGGD1054.dll
C:\WINDOWS\system32\MMMYSBDR1100.dll
C:\WINDOWS\system32\ks43.dll
C:\WINDOWS\system32\fmsiocps.dll
C:\WINDOWS\system32\anistio.dll
C:\WINDOWS\system32\issms32.dll
C:\WINDOWS\system32\dionpis.dll
C:\WINDOWS\system32\fmbiost.dll
C:\WINDOWS\system32\msosdohs00.dll
C:\WINDOWS\system32\fmsjhif.dll
C:\WINDOWS\system32\bincdwsa.dll
C:\WINDOWS\system32\dbhlp32.dlL
C:\WINDOWS\533931MM.DLL
C:\WINDOWS\system32\MMKAFNFW1086.dll
C:\WINDOWS\system32\MMMHXGGD1056.dll
c:\WINDOWS\system32\fmsbbqi.dll
C:\WINDOWS\system32\ptshell.dll
C:\WINDOWS\system32\rzysdhbx.dll
C:\WINDOWS\533931WL.DLL
C:\WINDOWS\system32\msosfmsq00.dll
C:\WINDOWS\system32\tciocp64.dll
C:\WINDOWS\system32\tynjder.dll
C:\WINDOWS\system32\ghjkdr.dll
C:\WINDOWS\system32\wefgh.dll
C:\WINDOWS\system32\mfchlp64.dll
C:\WINDOWS\system32\huifitc.dll
C:\WINDOWS\system32\msosmnsf00.dll
C:\WINDOWS\system32\ticisms.dll
C:\WINDOWS\system32\MMFKKLJK1085.dll
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys
C:\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
从剪贴板导入,抑制再生,重起删除
重起以后,用附件2修复下IFEO劫持
再用SRENG删除
注册表中:
<WinSysM><C:\WINDOWS\533931M.exe> [File is missing]
<WinSysW><C:\WINDOWS\533931L.exe> [File is missing]
<dbhlp32><C:\WINDOWS\dbhlp32.exe> []
<ticisms><C:\WINDOWS\ticisms.exe> []
<RavAV><C:\WINDOWS\RavMonE.exe> []
<fmsiocps><C:\WINDOWS\fmsiocps.exe> []
<anistio><C:\WINDOWS\anistio.exE> []
<issms32><C:\WINDOWS\issms32.exe> []
<dionpis><C:\WINDOWS\dionpis.exe> []
<fmbiost><C:\WINDOWS\fmbiost.exe> []
<fmsjhif><C:\WINDOWS\fmsjhif.exe> []
<bincdwsa><C:\WINDOWS\bincdwsa.exe> []
<fmsbbqi><C:\WINDOWS\fmsbbqi.exe> []
<ptshell><C:\WINDOWS\ptshell.exe> []
<igzwzslm><C:\WINDOWS\gwsmhxuq.exe> []
<tciocp64><C:\WINDOWS\tciocp64.exe> []
<mfchlp64><C:\WINDOWS\mfchlp64.exe> []
<huifitc><C:\WINDOWS\huifitc.exe> []
编辑<AppInit_DLLs><tynjder.dll,wefgh.dll,ghrst.dll,ethyg.dll,yuker.dll,gtujerg.dll,uyjtd.dll,ukrth.dll,hjmh.dll,dhugtj.dll,ytjkyer.dll,dgrgfs.dll,gfcfg.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fydfgk.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,fghdghu.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,,fmsiocps.dll,msosmnsf00.dll,msosfmsq00.dll> []为空
删除 <{398C9B84-4EF7-47B5-9862-DE29543B3C42}><> [N/A]
<{9894cca6-eaae-4134-855f-8b71d77af7fd}><C:\WINDOWS\system32\MMMYSBDR1100.dll> []
<{262fc17d-bbdd-47b7-954a-2974733a58cd}><C:\WINDOWS\system32\MMKAFNFW1086.dll> []
<{ee087d59-09fa-4357-a433-c4bf51d006ef}><C:\WINDOWS\system32\MMMHXGGD1056.dll> []
<{4bdb87a0-3efa-46d5-a662-1c16384154cf}><C:\WINDOWS\system32\MMFKKLJK1085.dll> []
<anistio><; C:\WINDOWS\anistio.exE> []
<bincdwsa><; C:\WINDOWS\bincdwsa.exe> []
<dbhlp32><; C:\WINDOWS\dbhlp32.exe> []
<dionpis><; C:\WINDOWS\dionpis.exe> []
<fmsbbqi><; C:\WINDOWS\fmsbbqi.exe> []
<fmsiocps><; C:\WINDOWS\fmsiocps.exe> []
<fmsjhif><; C:\WINDOWS\fmsjhif.exe> []
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [File is missing]
<huifitc><; C:\WINDOWS\huifitc.exe> []
<igzwzslm><; C:\WINDOWS\gwsmhxuq.exe> []
<mfchlp64><; C:\WINDOWS\mfchlp64.exe> []
<ptshell><; C:\WINDOWS\ptshell.exe> []
<tciocp64><; C:\WINDOWS\tciocp64.exe> []
<ticisms><; C:\WINDOWS\ticisms.exe> []
<WinSysM><; C:\WINDOWS\533931M.exe> [File is missing]
<WinSysW><; C:\WINDOWS\533931L.exe> [File is missing]
禁止驱动
[4st2fspcs6 / 4st2fspcs6][Stopped/Boot Start]
<\SystemRoot\system32\drivers\4st2fspcs6.sys><N/A>
[8tspmnm / 8tspmnmg][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\8tspmnmg.sys><N/A>
[bsfrpqv / bsfrpqvs][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\bsfrpqvs.sys><N/A>
删除驱动
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[apcdli / apcdli][Stopped/Auto Start]
<\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[dohs / dohs][Stopped/Auto Start]
<\??\C:\WINDOWS\TEMP\tmp5.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\ying\LOCALS~1\Temp\tmp7.tmp><N/A>
[mhfp / mhfp][Stopped/Auto Start]
<\??\C:\DOCUME~1\ying\LOCALS~1\Temp\tmpE.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\ying\LOCALS~1\Temp\tmp9.tmp><N/A>
[msp2p32 / msp2p32][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[zftp / zftp][Stopped/Auto Start]
<\??\C:\DOCUME~1\ying\LOCALS~1\Temp\tmp3.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
然后下载arswp(Windows清理助手)清理下..
http://www.arswp.com/download/arswp/arswp.rar清理临时文件夹:
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空下列临时文件夹中所有内容:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
C:\WINDOWS\TEMP
用开始---搜索----文件或者文件夹---svchost.exe
把除了大小14K的其他两个路径的删除
