請問此木馬如何解 -- 謝謝
**************************
壓縮檔裡是個 .cmd 檔 沒把握請勿執行
**************************
可列印頁面
請問此木馬如何解 -- 謝謝
**************************
壓縮檔裡是個 .cmd 檔 沒把握請勿執行
**************************
內有美女圖喔....
[COLOR="red"]請進入安全模式刪除以下檔案...[/COLOR]
ProgramFiles\Setup.exe
ProgramFiles\2.bat
ProgramFiles\inst.exe
ProgramFiles\inst.txt
ProgramFiles\MyPic\168_279734_b65c914d06501b2 .jpg
ProgramFiles\MyPic\168_279734_caeae17634f4b08 .jpg
ProgramFiles\MyPic\168_279734_d053f1b9e38f9d3 .jpg
ProgramFiles\MyPic\168_279734_d5a8430f4176137.jpg
ProgramFiles\MyPic\168_279734_feeefebbc475bb2 .jpg
ProgramFiles\MyPic\Desktop.ini
C:\WINDOWS\Help\F3C74E3FA248.dll
C:\WINDOWS\Help\F3C74E3FA248.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[COLOR="Red"]刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32]
(Default) = "%Windir%\HELP\F3C74E3FA248.dll"
ThreadingModel = "Apartment"
[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[COLOR="red"]刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}]
(Default) = "SSUUDL"
[/COLOR]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[COLOR="red"]刪除這段{1DBD6574-D6D0-4782-94C3-69619E719765} = ""
[/COLOR] 預設值 是空的
[QUOTE=juijui;1010647][COLOR="red"]請進入安全模式刪除以下檔案...[/COLOR]
ProgramFiles\Setup.exe
ProgramFiles\2.bat
ProgramFiles\inst.exe
ProgramFiles\inst.txt
ProgramFiles\MyPic\168_279734_b65c914d06501b2 .jpg
ProgramFiles\MyPic\168_279734_caeae17634f4b08 .jpg
ProgramFiles\MyPic\168_279734_d053f1b9e38f9d3 .jpg
ProgramFiles\MyPic\168_279734_d5a8430f4176137.jpg
ProgramFiles\MyPic\168_279734_feeefebbc475bb2 .jpg
ProgramFiles\MyPic\Desktop.ini
C:\WINDOWS\Help\F3C74E3FA248.dll
C:\WINDOWS\Help\F3C74E3FA248.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[COLOR="Red"]刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32]
(Default) = "%Windir%\HELP\F3C74E3FA248.dll"
ThreadingModel = "Apartment"
[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\[COLOR="red"]刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}]
(Default) = "SSUUDL"
[/COLOR]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[COLOR="red"]刪除這段{1DBD6574-D6D0-4782-94C3-69619E719765} = ""
[/COLOR] 預設值 是空的[/QUOTE]
謝謝
沒有 ProgramFiles\Setup.exe
ProgramFiles\2.bat
regedit.exe 裡找不到那些字串
搜尋"4782-94C3-69619E719765" 也沒有
電腦沒異常 朋友也未收到濫寄的信
Windows Vista™ Home Premium
難道你沒中毒...:o
[QUOTE=billyao;1010693]難道你沒中毒...:o[/QUOTE]
是有看到妹妹的資料夾
但沒
ProgramFiles\Setup.exe
ProgramFiles\2.bat
regedit.exe 裡找不到那些字串
上面那個是分析那隻病毒的行為,那些地方都沒我說的東西,那就是沒中毒阿~
若不放心的話,請使用SREng掃一下,再把分析發上來,一看就知有沒有中毒了!
載點 [url]http://www.kztechs.com/sreng/download[/url]
我的電腦跟發文者一樣.......
使用"費爾木馬強力清除助手",在安全模式下刪除木馬