倾家荡产跪求哪位大侠帮帮我。我的机子不知中了什么巨毒,弄了两天,还有两位朋友的机子也挂了。症状如下:
先是瑞星杀毒软件监控中心自动退出,再也启动不了,修复后还是老问题。
然后桌面上的快捷方式均不能用,点击一个应用程序,立即产生在该应用程序增加“.exe”后缀名的文件。
用其他程序杀毒无效,网页浏览速度急速下降。
机子重新启动后,点击“Administrator”立即自动注销,重新回复到“Administrator”状态。
跪求,急求,help……
參考答案:你说的不详细,但是目前 很流行的巨厉害的病毒有:威金、熊猫烧香,橙色八月这三个。
我分别给你专杀工具的地址,希望能帮助你!
熊猫烧香:
威金:
橙色:
在杀毒的时候注意是安全模式!
下面的是一个威金免疫批处理工具,我把代码贴出来,你复制到记事本上,然后保存问*.bat的文件,运行时候双击就可以了!
reg delete HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /v {9D0351F9-8E49-4ed1-BBCE-0795F5B9F240} /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v load /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run /v {9D0351F9-8E49-4ed1-BBCE-0795F5B9F240} /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability /v ShutdownStateSnapshot /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v zt /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v ms /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v fzg /f
reg delete HKEY_USERS\S-1-5-21-***********-***********-***********-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /v {9D0351F9-8E49-4ed1-BBCE-0795F5B9F240} /f
reg delete "HKEY_USERS\S-1-5-21-***********-***********-***********-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v load /f
md %systemroot%\1.com
cacls %systemroot%\1.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\sws32.dll
cacls %systemroot%\sws32.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\kill.exe
cacls %systemroot%\kill.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\EXP10RER.com
cacls %systemroot%\10RER.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\finders.com
cacls %systemroot%\finders.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Shell.sys
cacls %systemroot%\Shell.sys /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo_.exe
cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo_.exe
cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\1Sy.exe
cacls %systemroot%\1Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\2Sy.exe
cacls %systemroot%\2Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\3Sy.exe
cacls %systemroot%\3Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\4Sy.exe
cacls %systemroot%\4Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\5Sy.exe
cacls %systemroot%\5Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\6Sy.exe
cacls %systemroot%\6Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\7Sy.exe
cacls %systemroot%\7Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\8Sy.exe
cacls %systemroot%\8Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\9Sy.exe
cacls %systemroot%\9Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\exerouter.exe
cacls %systemroot%\exerouter.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo1_.exe
cacls %systemroot%\Logo1_.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\rundl132.exe
cacls %systemroot%\rundl132.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\rundll32.exe
cacls %systemroot%\rundll32.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\smss.exe
cacls %systemroot%\smss.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\vDll.dll
cacls %systemroot%\vDll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Dll.dll
cacls %systemroot%\Dll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\svhost32.exe"
cacls "C:\Program Files\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Intel\rundll32.exe"
cacls "C:\Program Files\Intel\rundll32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Intel\svhost32.exe"
cacls "C:\Program Files\Intel\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Microsoft\svhost32.exe"
cacls "C:\Program Files\Microsoft\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\richnotify.exe
cacls %systemroot%\system32\richnotify.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\reshtm.dll
cacls %systemroot%\system32\reshtm.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\resPro.dll
cacls %systemroot%\system32\resPro.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\stdie.dll
cacls %systemroot%\stdie.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
del c:\_desktop.ini /f/s/q/a
del d:\_desktop.ini /f/s/q/a
del e:\_desktop.ini /f/s/q/a
del f:\_desktop.ini /f/s/q/a
del g:\_desktop.ini /f/s/q/a
del h:\_desktop.ini /f/s/q/a
del i:\_desktop.ini /f/s/q/a
*****************
那就是你中了熊猫烧香的病毒了!
如果你已经割了机器就不介意再次格式化,然后安装最新的杀毒软件,杀毒!!
然后开监控在插上U盘杀毒!
