木马群
还有能磕死杀毒软件的病毒
叫什么来着?忘了
如果
发现系统文件debug.exe和taskmgr.exe被病毒替换,并异常的驻留进程中
那么重新找相同系统的正常文件来替换这debug.exe和taskmgr.exe的同时,必须要一起替换系统comctl32.dll 文件。替换文件后
操作前强烈要求先断网1.建议使用XDelBox删除以下文件:(Xdelbox1.7下载地址:
http://www.qispace.com.cn/read.php/1.htm 的工具19或
http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0)
使用说明:
先勾选抑制再生,
删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除(不论文件是否存在,继续操作重启删除
),电脑会重启进入DOS界面进行删除操作。
运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。C:\WINDOWS\system32\explore.exe
C:\Program Files\Internet Explorer\PLUGINS\321Nt64.987
C:\WINDOWS\system32\7ADC2AB1.dll
C:\WINDOWS\system32\4BF9CBA3.dll
C:\WINDOWS\system32\CF8850CD.dll
C:\WINDOWS\system32\8143E39D.dll
C:\WINDOWS\system32\tscfgwmijxsj.dll
C:\WINDOWS\system32\cliconfgzx.dll
C:\WINDOWS\system32\slbiopfs2.dll
C:\WINDOWS\system32\dbeaf7d.sys
C:\WINDOWS\system32\\DRIVERS\HBKernel.sys
C:\WINDOWS\system32\Drivers\msiffei.sys
2.重启后,使用SREng修复下面各项: 启动项目 -- 注册表之如下项删除:
<HBService><explore.exe> []
<kcoud><kcoud32.exe> []
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
<{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll> [File is missing]
<{E560642D-A32D-432c-9E7E-9A135CC37E0F}><C:\WINDOWS\system32\kbdgrms.dll> [File is missing]
<{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\xolehlpjh.dll> [File is missing]
<{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll> [File is missing]
<{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll> [File is missing]
<{65056902-6E7B-4bd7-95BA-688DB5FA5BEB}><C:\WINDOWS\system32\mstimewd.dll> [File is missing]
<{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\figwmtdr.dll> [File is missing]
<{C629FF4F-ACDB-5C90-A098-FACB3456A26C}><C:\WINDOWS\Fonts\lopdfeab.dll> [File is missing]
<{8143E39D-9072-40D0-AF2F-31CDF7F72B16}><8143E39D.dll> []
<{CF8850CD-885D-4380-9E1B-8C987F011437}><CF8850CD.dll> []
<{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}><4BF9CBA3.dll> []
<{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll> []
<{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A}><C:\WINDOWS\system32\slbiopfs2.dll> []
<{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll> []
<{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\tscfgwmijxsj.dll> []
<dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll> [File is missing]
<kbdgrms.dll><C:\WINDOWS\system32\kbdgrms.dll> [File is missing]
<xolehlpjh.dll><C:\WINDOWS\system32\xolehlpjh.dll> [File is missing]
<bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> [File is missing]
<dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll> [File is missing]
<mstimewd.dll><C:\WINDOWS\system32\mstimewd.dll> [File is missing]
<figwmtdr.dll><C:\WINDOWS\system32\figwmtdr.dll> [File is missing]
<slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll> []
<cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> []
<tscfgwmijxsj.dll><C:\WINDOWS\system32\tscfgwmijxsj.dll> []
<AppInit_DLLs><mduaey.dll comboaus.dll thermaltinc.dll cxpop.dll lensch.dll johandy.dll catower.dll micsus.dll> [N/A]改为 <AppInit_DLLs><>
启动项目 -- 服务-- 驱动程序之如下项删除:
(选中有问题的驱动/服务后,点"删除服务",点"设置"按钮即可。注意弹出的窗口中要点"否NO"才是确认删除服务)
[dbeaf7d / dbeaf7d][Running/Manual Start]
< C:\WINDOWS\system32\dbeaf7d.sys>
[iXPT / iXPT][Running/Manual Start]
<\??\C:\WINDOWS\system32\iXPT.sys><N/A>
[msiffei / msiffei][Stopped/Manual Start]
<System32\Drivers\msiffei.sys><N/A>
[HBKernel Driver / HBKernel][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
