【軟體】疾風病毒自動掃瞄移除工具---不止疾風病毒含其他蠕蟲病毒

顯示結果從第 1 筆 到 3 筆,共計 3 筆
  1. #1
    會員
    註冊日期
    2001-05-06
    討論區文章
    105

    【軟體】疾風病毒自動掃瞄移除工具---不止疾風病毒含其他蠕蟲病毒

    此程式FOR 所有的版本 NT/2000/XP/2003

    程式
    ftp://ftp.kaspersky.com/utils/clrav.com

    用法說明及參數


    ****************************************************************************
    Utility for cleaning infection by:
    I-Worm.BleBla.b
    I-Worm.Navidad
    I-Worm.Sircam
    I-Worm.Goner
    I-Worm.Klez.a,e,f,g,h
    Win32.Elkern.c
    I-Worm.Lentin.a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p
    I-Worm.Tanatos.a,b
    Worm.Win32.Opasoft.a,b,c,d,e,f,g,h
    I-Worm.Avron.a,b,c,d,e
    I-Worm.LovGate.a,b,c,d,e,f,g,h,i,j,k,l
    I-Worm.Fizzer
    I-Worm.Magold.a,b,c,d,e
    Worm.Win32.Lovesan
    Version 10.0.5.2 Copyright (C) Kaspersky Lab 2000-2003. All rights reserved.
    ****************************************************************************
    Command line:
    /s[n] - to force scaning of hard drives. Program will scan hard
    drive for I-Worm.Klez.a(e,f,g,h) infection in any case.
    n - include scaning of mapped network drives.
    /y - end program without pressing any key.
    /i - show command line info.
    /nr - do not reboot system automatically in any cases.
    /Rpt[ao][=<Report file path>] - create report file
    a - add report file
    o - report only (do not cure/delete infected files)
    Return codes:
    0 - nothing to clean
    1 - virus was deleted and system restored
    2 - to finilize removal of virus you shold reboot system
    3 - to finilize removal of virus you shold reboot system and start
    program the second time
    4 - programm error.
    ****************************************************************************

    I-Worm.BleBla.b
    ---------------
    If program find HKEY_CLASSES_ROOT\rnjfile key in registry it:
    delete registry keys
    HKEY_CLASSES_ROOT\rnjfile
    HKEY_CLASSES_ROOT\.lha
    repair registry key to default value
    HKEY_CLASSES_ROOT\.jpg to jpegfile
    HKEY_CLASSES_ROOT\.jpeg to jpegfile
    HKEY_CLASSES_ROOT\.jpe to jpegfile
    HKEY_CLASSES_ROOT\.bmp to Paint.Picture
    HKEY_CLASSES_ROOT\.gif to giffile
    HKEY_CLASSES_ROOT\.avi to avifile
    HKEY_CLASSES_ROOT\.mpg to mpegfile
    HKEY_CLASSES_ROOT\.mpeg to mpegfile
    HKEY_CLASSES_ROOT\.mp2 to mpegfile
    HKEY_CLASSES_ROOT\.wmf to empty
    HKEY_CLASSES_ROOT\.wma to wmafile
    HKEY_CLASSES_ROOT\.wmv to wmvfile
    HKEY_CLASSES_ROOT\.mp3 to mp3file
    HKEY_CLASSES_ROOT\.vqf to empty
    HKEY_CLASSES_ROOT\.doc to word.document.8 or wordpad.document.1
    HKEY_CLASSES_ROOT\.xls to excel.sheet.8
    HKEY_CLASSES_ROOT\.zip to winzip
    HKEY_CLASSES_ROOT\.rar to winrar
    HKEY_CLASSES_ROOT\.arj to archivefile or winzip
    HKEY_CLASSES_ROOT\.reg to regfile
    HKEY_CLASSES_ROOT\.exe to exefile
    try to delete file
    c:\windows\sysrnj.exe

    I-Worm.Navidad
    --------------
    If program find HKEY_CURRENT_USER\Software\Navidad,
    HKEY_CURRENT_USER\Software\xxxxmas or HKEY_CURRENT_USER\Software\Emanuel key
    in registry it:
    delete registry keys
    HKEY_CURRENT_USER\Software\Navidad
    HKEY_CURRENT_USER\Software\xxxxmas
    HKEY_CURRENT_USER\Software\Emanuel
    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Win32BaseServiceMOD
    repair registry key to default value
    HKEY_CLASSES_ROOT\exefile\shell\open\command to "%1" %*
    try to delete file
    winsvrc.vxd
    winfile.vxd
    wintask.exe

    I-Worm.Sircam
    -------------
    If program find HKEY_LOCAL_MACHINE\Software\SirCam key in registry,
    "@win \recycled\sirc32.exe" in autoexec.bat or \windows\run32.exe and
    \windows\rundll32.exe was created on Delphi it:
    delete registry keys
    HKEY_LOCAL_MACHINE\Software\SirCam
    Software\Microsoft\Windows\CurrentVersion\RunServices
    Driver32
    repair registry key to default value
    HKEY_CLASSES_ROOT\exefile\shell\open\command to "%1" %*
    try to delete file
    %Windows drive%:\RECYCLED\SirC32.exe
    %Windows directory%\ScMx32.exe
    %Windows system directory%\SCam32.exe
    %Windows startup directory%\"Microsoft Internet Office.exe"
    %Windows drive%:\windows\rundll32.exe
    try to rename files
    %Windows drive%:\windows\Run32.exe to
    %Windows drive%:\windows\RunDll32.exe
    try to repair files
    autoexec.bat

    In case program can not delete or rename any files (it may be used at
    that moment) it set these files to queue to delete or rename during bootup
    process and offer user to reboot system.

    I-Worm.Goner
    ------------
    If gone.scr process exist in memory, program will try to stop it.
    if file %Windows system directory%\gone.scr exist on hard drive,
    program will try to delete it.
    If program find %Windows system directory%\gone.scr key in
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run of system
    registry, it will delete this key.

    I-Worm.Klez.a,e-h, Win32.Elkern.c, I-Worm.Lentin.a-p, I-Worm.Tanatos.a-b,
    -------------------------------------------------------------------------
    Worm.Win32.Opasoft.a-h, I-Worm.Avron.a-e, I-Worm.LovGate.a-l, I-Worm.Fizzer,
    ----------------------------------------------------------------------------
    I-Worm.Magold.a-e, Worm.Win32.Lovesan
    -------------------------------------
    If program find next processes in memory:
    Krn132.exe
    WQK.exe
    or any processes, infected by these viruses, it will try to
    unhook virus hooks and patch needed processes to stop reinfection and then
    stop them and delete/cure their files on hard drive and delete links to their
    files from system registry and other startup places.
    If program find that WQK.DLL library has been loaded by any processes
    it will rename file of this library and will remove it after system reboot.
    In case program find such library in memory of your PC you should reboot your
    PC when program finish and start it the second time after reboot to clean your
    system registry.
    If program find any infected processes in memory it will start scan of
    your hard drive (and all mapped network drives if you specify /netscan in
    command line). It will check only infection by these viruses.
    If you specify /s key in command line program will scan your hard drive
    (and all mapped network drives if you specify /sn) in all cases.
    If Win32.Elkern.c virus create memory mapping, program will disinfect
    this memory area.
    Program can restore next startup links used by viruses:
    autoexec.bat
    win %virus file path and name%
    win.ini section [Windows]
    run=<virus file>
    registry keys
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    values
    AppInit_DLLs
    Run
    HKEY_CLASSES_ROOT\txtfile\shell\open\command (txt association)
    restoring to link to notepad.exe program
    HKEY_CLASSES_ROOT\exefile\shell\open\command (exe association)
    restoring to "%1" %*
    HKEY_CLASSES_ROOT\comfile\shell\open\command (com association)
    restoring to "%1" %*
    HKEY_CLASSES_ROOT\batfile\shell\open\command (bat association)
    restoring to "%1" %*
    HKEY_CLASSES_ROOT\piffile\shell\open\command (pif association)
    restoring to "%1" %*
    HKEY_CLASSES_ROOT\scrfile\shell\open\command (scr association)
    restoring to "%1" %*
    installed NT services
    mIRC start scripts
    <Program Files folder>\Mirc\script.ini
    <Program Files folder>\Mirc32\script.ini
    Pirch start scripts
    <Program Files folder>\Pirch98\events.ini



    用法:
    1. copy clrav.com 到你的windows\system32目錄下
    2. 開始--->執行----->鍵入clrav.com /s----> 確定



  2. #2
    人不機車罔少年~機 TAIWAN 的大頭照
    註冊日期
    2003-06-26
    所在地區
    衛星上網
    討論區文章
    1,161
    對『 馬 』兒和『 蟲蟲 』 危機有用嗎

    這年頭 H 字輩的都已經不在用這類修改機碼的『馬』兒了和『 蟲蟲 』

    當然寫防毒軟體的還是只能用那套舊技術來做防範

    不過聽說寫防毒的還會寫毒出來逛大街

    不知是否正確

    還是看看這一篇吧 寫防毒的最恨

    http://forum.icst.org.tw/phpBB2/viewtopic.php?t=943
    國道客運台北站揭開2008年市值佰億的都市計畫變更利益輸送弊案~ 提早上映嘍~
    http://www.pczone.com.tw/vbb3/showthread.php?t=119462



    生命應該倒過來活!一出生就是老年!接著先享受退休!開始工作就是個老闆!
    懂得少做些決定!多留點時間給自己!當您進入人生的黃金時期!衝勁十足!
    也正該擁有 MERCEDES-BENZ R-CLASS
    你買了沒 ? R系列贊啦~
    作業系統:WINDOWS VISTA 全區AV成人版

  3. #3
    會員
    註冊日期
    2001-05-06
    討論區文章
    105
    Taiwan兄 謝謝指教
    我想重視資訊安全 不會只重視 防毒而不防火
    下列應列為原則 有需要在另外開PROT
    RULE 1:

    Description: Loopback
    Protocol: TCP and UDP
    Direction: Both
    Local Port: Any
    Local App.: Any
    Remote Address Type: Single
    Host address: 127.0.0.1
    Port type: Any
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 2:

    Description: Block Inbound NetBIOS TCP UDP (Notify)
    Protocol: TCP and UDP
    Direction: Incoming
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Local App.: Any
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 3:

    Description: Block Outbound NetBIOS TCP UDP (Notify)
    Protocol: TCP and UDP
    Direction: Outgoing
    Local Port: Any
    Local App.: Any
    Remote Address Type: Any
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 4:

    Description: ISP Domain Name Server Any App UDP
    Protocol: UDP
    Direction: Both
    Local Port: Any
    Local App.: Any
    Remote Address Type: Single
    Host address: (Your ISP DNS) IP number
    Port type: Single
    Port number: 53
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 5:

    Description: Other DNS
    Protocol: TCP and UDP
    Direction: Both
    Local Port: Any
    Local App.: Any
    Remote Address Type: Any
    Port type: Single
    Port number: 53
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 6:

    Description: Out Needed To Ping And TraceRoute Others
    Protocol: ICMP
    Direction: Outgoing
    ICMP Type: Echo
    Remote Endpoint: Any
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 7:

    Description: In Needed To Ping And TraceRoute Others
    Protocol: ICMP
    Direction: Incoming
    ICMP Type: Echo Reply, Destination Unreachable, Time
    Exceeded
    Remote Endpoint: Any
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 8:

    Description: In Block Ping and TraceRoute ICMP
    (Notify)
    Protocol: ICMP
    Direction: Incoming
    ICMP Type: Echo
    Remote Endpoint: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 9:

    Description: Out Block Ping and TraceRoute ICMP
    (Notify)
    Protocol: ICMP
    Direction: Outgoing
    ICMP Type: Echo Reply, Destination Unreachable, Time
    Exceeded
    Remote Endpoint: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 10:

    Description: Block ICMP (Logged)
    Protocol: ICMP
    Direction: Both
    ICMP Type: Echo Reply, Destination Unreachable, Source
    Quench, Redirect,
    Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
    StampReply, Info
    Request, Info Reply, Address, Address Reply, Router
    Advertisement, Router
    Solicitation (ALL)
    Remote Endpoint: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 11:

    Description: Block Common Ports (Logged)
    Protocol: TCP and UDP
    Direction: Incoming
    Port type: List of Ports
    Local App.: Any
    List of Ports:
    113,79,21,80,443,8080,143,110,25,23,22,42,53,98
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 12:

    Description: Back Orifice Block (Logged)
    Protocol: TCP and UDP
    Direction: Incoming
    Port type: List of Ports
    Local App.: Any
    List of Ports: 54320,54321,31337
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 13:

    Description: Netbus Block (Logged)
    Protocol: TCP
    Direction: Incoming
    Port type: List of Ports
    Local App.: Any
    List of Ports: 12456,12345,12346,20034
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 14:

    Description: Bootpc (Logged)
    Protocol: TCP and UDP
    Direction: Incoming
    Port type: Single port
    Local App.: Any
    Port number: 68
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 15:

    Description: RPCSS (Logged)
    Protocol: UDP
    Direction: Incoming
    Port type: Single port
    Local App.: Any
    Port number: 135
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 16:

    Description: Block Low Trojan Ports TCP UDP (Notify)
    Protocol: TCP and UDP
    Direction: Both
    Port type: Port/range
    Local App.: Any
    First port number: 1
    Last port number: 79
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 17:

    Description: Block High Trojan Ports TCP UDP (Notify)
    Protocol: TCP and UDP
    Direction: Both
    Port type: Port/range
    Local App.: Any
    First port number: 5000
    Last port number: 65535
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 18:

    Description: Internet Explorer-Web browsing
    Protocol: TCP
    Direction: Outgoing
    Port type: Any
    Local App.: Only selected below => iexplore.exe
    Remote Address Type: Any
    Port type: Any
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 19:

    Description: Outlook Express
    Protocol: TCP
    Direction: Outgoing
    Port type: Any
    Local App.: Only selected below => msimn.exe
    Remote Address Type: Any
    Port type: List of ports
    List of ports: 25,110,119,143
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 20:

    Description: ICQ Web Access Block
    Protocol: TCP and UDP
    Direction: Outgoing
    Port type: Any
    Local App.: Only selected below => icq.exe
    Remote Address Type: Any
    Port type: Single port
    List of ports: 80
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 21:

    Description: ICQ Application
    Protocol: TCP
    Direction: Outgoing
    Port type: Any
    Local App.: Only selected below => icq.exe
    Remote Address Type: Any
    Port type: Single port
    List of ports: 5190
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 22:

    Description: Block Outbound Unauthorized Apps TCP UDP
    (Notify)
    Protocol: TCP and UDP
    Direction: Outgoing
    Port type: Any
    Local App.: Any
    Remote Address Type: Any
    Port type: Any
    Action DENY

    = = = = = = = = = = = = = = = =
    RULE 23:

    Description: Block Inbound Unknown Apps TCP UDP
    (Notify)
    Protocol: TCP and UDP
    Port type: Any
    Local App.: Any
    Remote Address Type: Any
    Port type: Any
    Action DENY

    If you are on a LAN you might need to allow NetBIOS to and from computers on
    your LAN. You should insert two rules before rule 2 and 3:

    RULE 2a:

    Description: Trusted Inbound NetBIOS TCP UDP
    Protocol: TCP and UDP
    Direction: Incoming
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Local App.: Any
    Remote Address Type: Trusted Address Group
    Port type: Any
    Action PERMIT

    = = = = = = = = = = = = = = = =
    RULE 3b:

    Description: Trusted Outbound NetBIOS TCP UDP
    Protocol: TCP and UDP
    Direction: Outgoing
    Local Port: Any
    Local App.: Any
    Remote Address Type: Trusted Address Group
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Action PERMIT

類似的主題

  1. Microsoft 惡意軟體移除工具
    作者:augurking 所在討論版:-- 軟 體 分 享 版
    回覆: 7
    最後發表: 2006-10-19, 01:39 PM
  2. 【軟體】Sophos 提供免費 Rootkit 移除工具
    作者:DarkSkyline 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 2
    最後發表: 2006-08-27, 04:37 PM
  3. "我的厄運" (A,B) 蠕蟲移除工具 for Windows XP/2000
    作者:琥珀 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 0
    最後發表: 2004-02-07, 01:58 PM
  4. 【軟體】M$ 的掃瞄你的疾風病毒的修補程式
    作者:ranger 所在討論版:-- Windows 討 論 版
    回覆: 1
    最後發表: 2003-08-20, 12:24 PM
  5. 【問題】MailServer自動掃毒,並移除病毒?
    作者:rock 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 3
    最後發表: 2002-05-01, 08:46 PM

 

疾風病毒 掃

發表文章規則

  • 不可以發表新主題
  • 不可以回覆文章
  • 不可以上傳附加檔案
  • 不可以編輯自己的文章
  •