我自己手工杀了 效果不很理想 谢谢你帖子的启发 有好的办法 我回复你
就是,手工查杀非常麻烦! 诚盼哪位大虾解决!
复制以下代码存为bat文件可以删除染毒文件, 但注册表还得手工改,不知哪个高手能参考1楼的内容把注册表文件改好,双击就可以导入,不甚感激! @echo ==================================================================== @echo "TTrojan.PSW.Lmir.iux"专杀工具 欢迎来到(www.dngz.net) @echo 建议您在“安全模式”或纯DOS模式下执行 @echo ==================================================================== @echo off @echo Start... @echo ==================================================================== @echo Execute ATTRIB... @echo off attrib -s -r -a -h %windir%\1.com attrib -s -r -a -h %windir%\services.exe attrib -s -r -a -h %windir%\explorer.com attrib -s -r -a -h %windir%\finder.com attrib -s -r -a -h %windir%\exeroute.exe attrib -s -r -a -h %windir%\debug\debugprogram.exe attrib -s -r -a -h %windir%\system32\regedit.com attrib -s -r -a -h %windir%\system32\dxdiag.com attrib -s -r -a -h %windir%\system32\msconfig.com attrib -s -r -a -h %windir%\system32\command.pif attrib -s -r -a -h %windir%\system32\finder.com attrib -s -r -a -h %windir%\system32\rundll32.com attrib -s -r -a -h %windir%\system32\i.com attrib -s -r -a -h c:\progra~1\common~1\iexplore.pif attrib -s -r -a -h c:\progra~1\intern~1\iexplore.com attrib -s -r -a -h d:\pagefile.pif rem ==================================================================== @echo Execute DELETE... @echo off del %windir%\1.com del %windir%\services.exe del %windir%\explorer.com del %windir%\finder.com del %windir%\exeroute.exe del %windir%\debug\debugprogram.exe del %windir%\system32\regedit.com del %windir%\system32\dxdiag.com del %windir%\system32\msconfig.com del %windir%\system32\command.pif del %windir%\system32\finder.com del %windir%\system32\rundll32.com
del %windir%\system32\i.com del c:\progra~1\common~1\iexplore.pif del c:\progra~1\intern~1\iexplore.com del d:\pagefile.pif @echo ==================================================================== @echo 清除完成... 欢迎来到(www.dngz.net) @echo ====================================================================哪位高手会编辑以下的注册表文件?可以导入的?谢谢! 打开注册表编辑器,需要修改以下内容: HKEY_CLASSES_ROOT\.lnk\ShellNew\\command HKEY_CLASSES_ROOT\.bfc\ShellNew\\command HKEY_CLASSES_ROOT\cplfile\Shell\cplopen\command\\ HKEY_CLASSES_ROOT\dunfile\Shell\open\command\\ HKEY_CLASSES_ROOT\file\Shell\open\command\\ HKEY_CLASSES_ROOT\htmlfile\Shell\Print\command\\ HKEY_CLASSES_ROOT\inffile\Shell\Install\command\\ HKEY_CLASSES_ROOT\InternetShortcut\Shell\open\command\\ HKEY_CLASSES_ROOT\scrfile\Shell\Install\command\\ HKEY_CLASSES_ROOT\telnet\Shell\open\command\\ HKEY_CLASSES_ROOT\InternetShortcut\Shell\open\command\\ HKEY_CLASSES_ROOT\scrfile\Shell\Install\command\\ HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\command\\ HKEY_CLASSES_ROOT\Unknown\Shell\openas\command\\ HKEY_CLASSES_ROOT\dunfile\Shell\open\command\\ HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Shared Tools\MSInfo\ToolSets\MSInfo\hdwwiz\\command 将以上注册表键值下的"rundll32.com","finder.com","command.pif"改为"rundll32.exe" HKEY_CLASSES_ROOT\htmlfile\Shell\open\command\\ HKEY_CLASSES_ROOT\Applications\iexplore.exe\Shell\open\command\\ HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\command\\ HKEY_CLASSES_ROOT\ftp\Shell\open\command\\ 将以上键值下的"iexplore.com"改为"iexplore.exe" HKEY_CLASSES_ROOT\htmlfile\Shell\opennew\command\\ HKEY_CLASSES_ROOT\http\Shell\open\command\\ 将以上键值下内容修改为"%SystemRoot%\Program Files\Internet Explorer\iexplore.exe" HKEY_CLASSES_ROOT\Drive\Shell\find\command\\ 将以上键值下的"explorer1.com"改为"iexplore.exe" HKEY_CLASSES_ROOT\.exe\\ 将以上键值下的"(默认)"修改为"exefile" dngz.net您的电脑医生 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\\Shell 将以上键值下的"Explorer.exe 1"修改为"Explorer.exe" HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\Internet Explorer\Main\\Check_Associations 将以上键值下的"No"修改为"Yes" 删除HKCR\winfiles 删除病毒自启动项和病毒信息: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN\\Torjan Program "%Windows%\CSRSS.exe" (或services.exe) HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings 删除HKLM\SOFTWARE\MICROSOFT\Windows\CURRENT VERSION子键(注意不是CURRENTVERSION子键,删中间有空格的那个,别删错了!)