1.建立a.bat 文件,内容如下
taskkill /f /im ipilrws.exe
taskkill /f /im ipilrws.exe
保存后运行(关闭病毒运行的程序)
taskkill /f /im ipilrws.exe
保存后运行(关闭病毒运行的程序)
2.打开winRAR
浏览每个盘符根目录。删除
x:\nqecmus.exe
x:\autorun.inf
3.打开注册表
x:\autorun.inf
3.打开注册表
删除HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run下的对应文件
病毒修改键值,使“显示隐藏文件”失效
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
改回来
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
改回来
5,添加注册表的启动项
到这病毒就不发作了,但是文件还在
C:\Program Files\Common Files\System\egrrgdk.inf
C:\Program Files\Common Files\System\ipilrws.exe
C:\Program Files\Common Files\System\owupxei.exe
C:\Program Files\Common Files\System\ipilrws.exe
C:\Program Files\Common Files\System\owupxei.exe
删掉。还有些
c:\VBurl.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\2222.exe
C:\Program Files\bhpkndi.inf
C:\Program Files\dld.dat
C:\Program Files\meex.exe
C:\Program Files\1a1221.exe
C:\Program Files\Common Files\Microsoft Shared\egrrgdk.inf
C:\Program Files\Common Files\Microsoft Shared\iqwfobe.exe
C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGwd.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGwd2.dll
C:\Program Files\Common Files\System\egrrgdk.inf
C:\Program Files\Common Files\System\ipilrws.exe
C:\Program Files\Common Files\System\owupxei.exe
C:\WINDOWS\Fonts\rarjfni.dll
C:\WINDOWS\Fonts\rarjfpi.dll
C:\WINDOWS\Fonts\rarjftl.exe
C:\WINDOWS\Fonts\verclsids.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\2222.exe
C:\Program Files\bhpkndi.inf
C:\Program Files\dld.dat
C:\Program Files\meex.exe
C:\Program Files\1a1221.exe
C:\Program Files\Common Files\Microsoft Shared\egrrgdk.inf
C:\Program Files\Common Files\Microsoft Shared\iqwfobe.exe
C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGwd.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGwd2.dll
C:\Program Files\Common Files\System\egrrgdk.inf
C:\Program Files\Common Files\System\ipilrws.exe
C:\Program Files\Common Files\System\owupxei.exe
C:\WINDOWS\Fonts\rarjfni.dll
C:\WINDOWS\Fonts\rarjfpi.dll
C:\WINDOWS\Fonts\rarjftl.exe
C:\WINDOWS\Fonts\verclsids.exe
都删了。
ok
