发表于: 2007-07-22 20:59 | 显示全部 短消息 资料
字号: 1楼

求terebmi.exe病毒解决方法

不知道朋友们最近有没有遇到一个病毒,进程名为terebmi.exe和另外个进程nuygtvw.exe一起的相互关联,也不能结束掉,具体现象是可以自动关闭目前流行的杀毒软件,更怪的是连在百度里面搜 terebmi.exe或者打开杀毒软件的官方网站也会被关掉,据同事说,次病毒在VISTA下面更离谱,连下载的东西都不让存盘安装,本人也在网上搜到一个解决办法,就是先运行如下批处理,cd c:\program files\common files\system
attrib terebmi.exe -s -h
taskkill /f /im terebmi.exe -t
del terebmi.exe
cd c:\program files\common files\microsoft shared
attrib nuygtvw.exe -s -h
taskkill /f /im nuygtvw.exe -t
del nuygtvw.exe
d:
attrib terebmi.exe -s -h
del terebmi.exe
attrib nuygtvw.exe -s -h
del nuygtvw.exe
attrib autorun.inf -s -h
del autorun.inf
attrib xywrebh.exe -s -h
del xywrebh.exe
e:
attrib terebmi.exe -s -h
del terebmi.exe
attrib nuygtvw.exe -s -h
del nuygtvw.exe
attrib autorun.inf -s -h
del autorun.inf
attrib xywrebh.exe -s -h
del xywrebh.exe
f:
attrib terebmi.exe -s -h
del terebmi.exe
attrib nuygtvw.exe -s -h
del nuygtvw.exe
attrib autorun.inf -s -h
del autorun.inf
attrib xywrebh.exe -s -h
del xywrebh.exe
g:
attrib terebmi.exe -s -h
del terebmi.exe
attrib nuygtvw.exe -s -h
del nuygtvw.exe
attrib autorun.inf -s -h
del autorun.inf
attrib xywrebh.exe -s -h
del xywrebh.exe
h:
attrib terebmi.exe -s -h
del terebmi.exe
attrib nuygtvw.exe -s -h
del nuygtvw.exe
attrib autorun.inf -s -h
del autorun.inf
attrib xywrebh.exe -s -h
del xywrebh.exe

结束这两个进程,然后导入一个REG文件,如下:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105" 然后,安装360安全卫士来清除,但此方法有个问题,就是要下载这个文件,当然在网上下一输入这个就会被关,或者装不上360
 
  本人发此贴只为找到一个最好的解决方法,请瑞星的工程师和高手们帮忙
最后编辑2007-07-22 20:53:18