【木馬】請問此木馬如何解 ?

[YCRUNG]

請問此木馬如何解 -- 謝謝

**************************
壓縮檔裡是個 .cmd 檔 沒把握請勿執行
**************************

[quell]

內有美女圖喔....

[juijui]

請進入安全模式刪除以下檔案...

ProgramFiles\Setup.exe
ProgramFiles\2.bat
ProgramFiles\inst.exe
ProgramFiles\inst.txt
ProgramFiles\MyPic\168_279734_b65c914d06501b2 .jpg
ProgramFiles\MyPic\168_279734_caeae17634f4b08 .jpg
ProgramFiles\MyPic\168_279734_d053f1b9e38f9d3 .jpg
ProgramFiles\MyPic\168_279734_d5a8430f4176137.jpg
ProgramFiles\MyPic\168_279734_feeefebbc475bb2 .jpg
ProgramFiles\MyPic\Desktop.ini
C:\WINDOWS\Help\F3C74E3FA248.dll
C:\WINDOWS\Help\F3C74E3FA248.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32]
(Default) = "%Windir%\HELP\F3C74E3FA248.dll"
ThreadingModel = "Apartment"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}]
(Default) = "SSUUDL"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
刪除這段{1DBD6574-D6D0-4782-94C3-69619E719765} = ""
預設值 是空的

[YCRUNG]

請進入安全模式刪除以下檔案...

ProgramFiles\Setup.exe
ProgramFiles\2.bat
ProgramFiles\inst.exe
ProgramFiles\inst.txt
ProgramFiles\MyPic\168_279734_b65c914d06501b2 .jpg
ProgramFiles\MyPic\168_279734_caeae17634f4b08 .jpg
ProgramFiles\MyPic\168_279734_d053f1b9e38f9d3 .jpg
ProgramFiles\MyPic\168_279734_d5a8430f4176137.jpg
ProgramFiles\MyPic\168_279734_feeefebbc475bb2 .jpg
ProgramFiles\MyPic\Desktop.ini
C:\WINDOWS\Help\F3C74E3FA248.dll
C:\WINDOWS\Help\F3C74E3FA248.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32]
(Default) = "%Windir%\HELP\F3C74E3FA248.dll"
ThreadingModel = "Apartment"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\刪除CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}]
(Default) = "SSUUDL"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
刪除這段{1DBD6574-D6D0-4782-94C3-69619E719765} = ""
預設值 是空的

謝謝
沒有 ProgramFiles\Setup.exe
ProgramFiles\2.bat
regedit.exe 裡找不到那些字串
搜尋"4782-94C3-69619E719765" 也沒有

電腦沒異常 朋友也未收到濫寄的信

Windows Vista™ Home Premium

[billyao]

難道你沒中毒...

[YCRUNG]

難道你沒中毒...

是有看到妹妹的資料夾
但沒
ProgramFiles\Setup.exe
ProgramFiles\2.bat
regedit.exe 裡找不到那些字串

[juijui]

上面那個是分析那隻病毒的行為，那些地方都沒我說的東西，那就是沒中毒阿~

若不放心的話，請使用SREng掃一下，再把分析發上來，一看就知有沒有中毒了!
載點 http://www.kztechs.com/sreng/download

[YANGCR]

我的電腦跟發文者一樣.......
使用"費爾木馬強力清除助手",在安全模式下刪除木馬