中了winjava.exe。 系统CPU 占用总是100%。瑞星杀不了，连搜索都搜不到，估计搜到也不容易删。请问各位前辈如何把它干掉？谢谢啦

如果是木马程序,那就打开任务管理器结束那个进程.我的办法只可以做参考

手动删除方法
MANUAL REMOVAL INSTRUCTIONS
Terminating the Malware Program
This procedure terminates the running malware process.
Open Windows Task Manager.
・On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the process:
WINJAVA.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
NeroUpdater6.8 = "winjava.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
NeroUpdater6.8 = "winjava.exe"
Close Registry Editor.
NOTE:If you were not able to terminate the malware process as described in the previous procedure, restart your system.
Restoring the Windows HOSTS File
Deleting entries in the HOSTS files prevents the redirection of antivirus Web sites to the local machine.
Open the following file using your default text editor:
%System%\Drivers\etc\Hosts
(Note: %System% is the Windows system directory, which is usually C:\WINNT\System32 or C:\Windows\System32.)
Locate and delete the following lines:
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
Save the HOSTS file and close the text editor.
Additional Windows XP Cleaning Instructions
Users running Windows XP must
disable System Restore
to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure set(s).
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete files detected as WORM_AGOBOT.AMK . To do this, Trend Micro customers must download the
latest pattern file
and scan their system. Other Internet users can use HouseCall, Trend Micro's
online virus scanner
.
Applying Patches
This malware exploits known vulnerabilities in Windows. Download and install the fix patch supplied by Microsoft in the following pages:
Microsoft Security Bulletin MS03-026
Refrain from using the affected software until the appropriate patch has been installed.

【回复“无敌小菜虫”的帖子】
开机按F8,选择进入安全模式
1.打开任务管理器，找到“winjava.exe”，将其结束
2.开始－运行－输入“services.msc”－找到“Enables Java Support”－双击将其设置为“停止”－确定
3.进入C:\Windows\System32文件夹，找到“winjava.exe”，将其删除（这个文件可能为隐藏文件，显示隐藏文件的方法:打开我的电脑－工具－文件夹选项－查看－选择“显示所有文件个文件夹”－确定）
4.开始－运行－输入“regedit”－编辑－查找－输入“winjava.exe”进行查找－将找到的项删除
删除之前请备份注册表，打开注册表，文件－导出

【回复“￡光芒￡”的帖子】谢谢光芒，搞定了，谢谢。