| Thành viên | Trả lời |
aspnet
Lập trình không biên giới
608 bài
| 28-7-2010 6:49:45
Thằng này lây nhiễm qua USB, rất nhanh và nó nhân bản ra các file image.exe và forever.exe ở khắp nơi. Để diệt nó chỉ cần tạo ra file bat có nội dung như sau rồi run :
Taskkill /f /im userinit.exe /im system.exe /im userinit.exe
Del /Q /F /A s %windir%\system32\system.exe
Del /Q /F /A s %windir%\userinit.exe
Del /Q /F /A s %windir%\kdcoms.dll
Del /Q /F /A s %windir%\kdcoms32.dll
Del /Q /F /A s %windir%\system32\task.exe
del /a /s /q /f D:\forever.exe
del /a /s /q /f E:\forever.exe
del /a /s /q /f F:\forever.exe
del /a /s /q /f G:\forever.exe
del /a /s /q /f I:\forever.exe
del /a /s /q /f H:\forever.exe
del /a /s /q /f D:\images.exe
del /a /s /q /f E:\images.exe
del /a /s /q /f F:\images.exe
del /a /s /q /f G:\images.exe
del /a /s /q /f I:\images.exe
del /a /s /q /f H:\images.exe
Del /Q /F /A s c:\autorun.inf
Del /Q /F /A s d:\autorun.inf
Del /Q /F /A s e:\autorun.inf
Del /Q /F /A s f:\autorun.inf
Del /Q /F /A s g:\autorun.inf
Del /Q /F /A s h:\autorun.inf
Del /Q /F /A s i:\autorun.inf
Del /Q /F /A s j:\autorun.inf
Del /Q /F /A s k:\autorun.inf
Del /Q /F /A s l:\autorun.inf
REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\MountPoints2" /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 00000001 /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v Hidden /t REG_DWORD /d 00000001 /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v HideFileExt /t REG_DWORD /d 00000000 /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 00000001 /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d %Windir%\system32\userinit.exe, /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoAutoUpdate /t REG_DWORD /d 00000001 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoToolbarsOnTaskbar /t REG_DWORD /d 00000000 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoRun /t REG_DWORD /d 00000000 /F
REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoFolderOptions /t REG_DWORD /d 00000000 /F
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v Homepage /t REG_DWORD /d 00000000 /F
REG Delete "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\System" /v DisableTaskMgr /t REG_DWORD /d 00000000 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\System" /v DisableRegistryTools /t REG_DWORD /d 00000000 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Po licies\System" /v NoDispCPL /t REG_DWORD /d 00000000 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced" /v Start_ShowControlPanel /t REG_DWORD /d 00000002 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer" /v SearchSystemDir /t REG_DWORD /d 00000001 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer" /v SearchHidden /t REG_DWORD /d 00000001 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer" /v IncludeSubFolders /t REG_DWORD /d 00000001 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer" /v CaseSensitive /t REG_DWORD /d 00000001 /F
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer" /v SearchSlowFiles /t REG_DWORD /d 00000001 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\wuause rv" /v Start /t REG_DWORD /d 00000004 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\wuause rv" /v AutorunsDisabled /t REG_DWORD /d 00000001 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc " /v Start /t REG_DWORD /d 00000004 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc " /v AutorunsDisabled /t REG_DWORD /d 00000001 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDet ection" /v Start /t REG_DWORD /d 00000004 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDet ection" /v AutorunsDisabled /t REG_DWORD /d 00000001 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Schedu le" /v Start /t REG_DWORD /d 00000004 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Schedu le" /v AutorunsDisabled /t REG_DWORD /d 00000001 /F
download file ở đây
http://coder.awas.vn/downloads.ashx?id=bcf30ccced8743bd9c8f6a2a875e233e
---
Coding for food
http://yenbai.awas.vn
http://tknd.vn
http://coder.awas.vn
http://awas.vn
http://bieuquyet.vn
http://webhocsinh.com
|
lengantk4
1 bài
| 21-8-2010 7:53:6
run như thế nào, để file đó ở đâu vậy. Thông cảm, mình hơi kém vấn đề này.
|
 |