用System Repair Engineer修复如下项:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<hksrv.dll><hksrv.dll>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings]
<WinlogonNotify: CSCSettings><C:\WINDOWS\system32\q0860alsedq60.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntlRun.OC]
<WinlogonNotify: IntlRun.OC><C:\WINDOWS\system32\MDCC2CHS.DLL> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<explore.exe><; C:\Program Files\explore.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<lockit.exe><; lockit.exe> [spring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<msnok><; C:\Program Files\MsnOK\msnok.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NMGameX_AutoRun><; C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ScanRegistry><; C:\Program Files\Common Files\update\update.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMam><; C:\WINDOWS\system32\SVOHOST.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<svchost><; C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX3\svchost.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ToP><; C:\WINDOWS\LSASS.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant> []
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
===================
开始--控制面板--性能和维护--管理工具--服务
禁用如下服务:
TCP/IP NetBIOS Help / ipcs]
[TCP/IP Net Create / IPsc]
[Windows Createddos / Windows Processdos]
开始--运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services](X代表1,2,3,4....)
找到后删除如下文件夹:
ipcs文件夹
IPsc文件夹
Windows Processdos文件夹
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Enum\Root\](X代表1,2,3,4....)
删除如下文件夹:
LEGACY_ipcs文件夹
LEGACY_IPsc文件夹
LEGACY_Windows Processdos文件夹
================
卸载
C:\Program Files\MsnOK\
C:\Program Files\YOK.com\
C:\Program Files\pCast\
==============
删除
C:\Program Files\MsnOK\
C:\Program Files\YOK.com\
C:\Program Files\pCast\
C:\WINDOWS\system32\Down(1).exe
C:\WINDOWS\system32\Down(2).exe
C:\WINDOWS\system32\ipsec.exe
C:\WINDOWS\system32\q0860alsedq60.dll
C:\WINDOWS\system32\MDCC2CHS.DLL
C:\Program Files\explore.exe
C:\WINDOWS\system32\NMGameX.dll
C:\Program Files\Common Files\update\update.exe
C:\Program Files\Common Files\update\
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\LSASS.exe
C:\WINDOWS\Downloaded Program Files\pCastCtl.dll
hksrv.dll<在C盘搜索>
lockit.exe<在C盘搜索>
以及C:\DOCUME~1\user\LOCALS~1\Temp\下的所有文件及文件夹
============
其中
C:\WINDOWS\lsass.exe是恶意变态木马
具体操作参考
http://forum.ikaka.com/topic.asp?board=28&artid=7828861
System Repair Engineer的使用方法请参考
http://forum.ikaka.com/topic.asp?board=67&artid=8125594
===============
提示:
若正常模式下无法解决
建议进入安全模式下操作
