YCRUNG
2008-03-24, 08:33 PM
請問此木馬如何解 -- 謝謝
**************************
壓縮檔裡是個 .cmd 檔 沒把握請勿執行
**************************
贊助商連結
**************************
壓縮檔裡是個 .cmd 檔 沒把握請勿執行
**************************
贊助商連結
贊助商連結 YCRUNG 2008-03-24, 08:33 PM 請問此木馬如何解 -- 謝謝 ************************** 壓縮檔裡是個 .cmd 檔 沒把握請勿執行 ************************** 贊助商連結 quell 2008-03-24, 09:37 PM 內有美女圖喔.... juijui 2008-03-24, 10:54 PM 請進入安全模式刪除以下檔案... ProgramFiles\Setup.exe ProgramFiles\2.bat ProgramFiles\inst.exe ProgramFiles\inst.txt ProgramFiles\MyPic\168_279734_b65c914d06501b2 .jpg ProgramFiles\MyPic\168_279734_caeae17634f4b08 .jpg ProgramFiles\MyPic\168_279734_d053f1b9e38f9d3 .jpg ProgramFiles\MyPic\168_279734_d5a8430f4176137.jpg ProgramFiles\MyPic\168_279734_feeefebbc475bb2 .jpg ProgramFiles\MyPic\Desktop.ini C:\WINDOWS\Help\F3C74E3FA248.dll C:\WINDOWS\Help\F3C74E3FA248.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32] (Default) = "%Windir%\HELP\F3C74E3FA248.dll" ThreadingModel = "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}] (Default) = "SSUUDL" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 刪除這段{1DBD6574-D6D0-4782-94C3-69619E719765} = "" 預設值 是空的 YCRUNG 2008-03-25, 09:28 AM 請進入安全模式刪除以下檔案... ProgramFiles\Setup.exe ProgramFiles\2.bat ProgramFiles\inst.exe ProgramFiles\inst.txt ProgramFiles\MyPic\168_279734_b65c914d06501b2 .jpg ProgramFiles\MyPic\168_279734_caeae17634f4b08 .jpg ProgramFiles\MyPic\168_279734_d053f1b9e38f9d3 .jpg ProgramFiles\MyPic\168_279734_d5a8430f4176137.jpg ProgramFiles\MyPic\168_279734_feeefebbc475bb2 .jpg ProgramFiles\MyPic\Desktop.ini C:\WINDOWS\Help\F3C74E3FA248.dll C:\WINDOWS\Help\F3C74E3FA248.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32] (Default) = "%Windir%\HELP\F3C74E3FA248.dll" ThreadingModel = "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}] (Default) = "SSUUDL" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 刪除這段{1DBD6574-D6D0-4782-94C3-69619E719765} = "" 預設值 是空的 謝謝 沒有 ProgramFiles\Setup.exe ProgramFiles\2.bat regedit.exe 裡找不到那些字串 搜尋"4782-94C3-69619E719765" 也沒有 電腦沒異常 朋友也未收到濫寄的信 Windows Vista™ Home Premium billyao 2008-03-25, 10:28 AM 難道你沒中毒...:o YCRUNG 2008-03-25, 11:14 AM 難道你沒中毒...:o 是有看到妹妹的資料夾 但沒 ProgramFiles\Setup.exe ProgramFiles\2.bat regedit.exe 裡找不到那些字串 juijui 2008-03-25, 09:34 PM 上面那個是分析那隻病毒的行為,那些地方都沒我說的東西,那就是沒中毒阿~ 若不放心的話,請使用SREng掃一下,再把分析發上來,一看就知有沒有中毒了! 載點 http://www.kztechs.com/sreng/download YANGCR 2008-03-26, 09:57 AM 我的電腦跟發文者一樣....... 使用"費爾木馬強力清除助手",在安全模式下刪除木馬 |
|