.Hqr326
ÔÎÄÀ´×Ô£ºhttp://blog.ycjan.com/article.asp£¿id=49
ÏÈ˵һ¸ö¹ØÓÚÎÒ¶ÔСÐÜèµÄһЩ¾Àú£¡
¡¡ÔÚ×òÌ죬ÎÒÔÚµçÄÔÖп´µ½Ò»¸öÎļþÃûΪgamesetup.exe µÄÎļþ£¬¿´ÆðÀ´ÊǸöÐÜèͼ±ê¾ÍºÃÆæË«»÷ÁËһϣ¡½á¹û½á ¡°Åµ¶Ùɱ¶¾Èí¼þ¡±·¢ÏÖ¶¾Ìáʾ£¬È»ºó¾Í×Ô¼º×ÔɱÁË£¨É±¶¾Èí¼þ×Ô¶¯¹ØÁË£©¡£ÔÚÕâÀïºòÎÒÔÙ´ò¿ª½ø³Ì¿´¿´¡£¡£½á¹ûÒ»´ò¿ª¾Í°ïÎÒ¹ØÁË£¬¿´ÏÂ×¢²á±íÓÖ¸øÎÒ¹ØÁË£¬ºóÀ´ÔÚÍøÉÏÕÒµ½Ò»¸ö ¡°³¬¼¶Ñ²¾¯Ö®ÐÜèÉÕÏ㲡¶¾×¨É± V1.3¡±µ«ÊÇ»¹ÊÇÒ»ÑùÒ»´ò¿ª¾Í°ïÄã¹ØÁË¡£¿´ÔÚ¸÷Ó²ÅÌ¿´Ò»Ï£¨ÔÚÎļþ¼ÐÑ¡Ïî´ÎÏÔʾϵͳÎļþ²ÅÄÜ¿´µ½£©autorun.inf ͬsetup.exe Á½¸öÎļþ¡£ÔÏȾÍÏëÀ´É¾³ýËü£¬½á¹ûÔõôɾҲɾ²»ÁË£¬ÕÒЩÎļþÀ´´úÌæËü»¹ÊDz»ÐУ¨ÒòΪСÐÜèÒѾÔÚÔËÐÐÖС£¡£ÄãɾÁËËûÓֻḴÖƵģ©¡£ °¥£¬¿´À´ÒªGHOST»¹ÔÀ£¬ÇìΪÎÒ¸Õ×°ÁËIIS²»ÏëGHOST£¬µ«Êǵ½ÁËÏÖÔÚҲûÓа취ÁË¡£ÓÚÊǾÍÖØÆô½øÈëDOS´ò¿ªGHOST »¹Ô£¬Ææ¹ÖÁË¡£ÎÒµÄÓ³ÏñÎļþÄÇÀïÈ¥ÁË¡£°¥£¬»¹ÊÇ¿ª»ú¿´¿´ÔÚÄÇÀï°É£¬¿ªÁË»úÒ»¿´£¬Ã÷Ã÷ÔÚÕâ¸öÎļþ¼ÐÖУ¬Ôõô²»¼ûÁËÄØ£¿¡£¡£¡£Å¶£¬ÖÕÓÚÖªµÀÁË£¬ÔÀ´ÊÇ´ÏÃ÷µÄСÐÜèΪÁËÉú´æÏÂÀ´¾Í°Ñ×Ô¼ºµÄµÐÈËɱÁË£¨·²ÊÇ.GHOÀ©Õ¹ÎĵĶ¼É¾£©¡£¡£¡£ÓôÃÆÖС£¡£ÄѵÀÒªÎÒÖØ×°²»»á°É£¿Í»È»¼ä»úÁéÒ»¶¯£¬ÎÒÔõô²»½ø¡°°²È«Ä£Ê½¡±ÊÔÒ»ÏÂÄØ£¿ÓÚÊÇ£¬ÖØпª»ú°´ F8 ½øÁË°²È«Ä£Ê½¡£ºÙºÙ£¡Ð¡ÐÜèËüÔÚ˯¾õÖÐÄØ£¬ºÇºÇ£¨°²È«Ä£Ê½ËüûÓÐÔËÐУ©£¡ÄÇÎÒÒ²Òª¡°±°±É¡±Ò»µãÀ£¬É±Ëû¸ö´ÂÊÖ²»¼°Ò²ºÃ£¨ÒÔÆäÈËÖ®ÐÄ»¹ÖÎÆäÈËÖ®µÀ£©£¬ÏȽø¸÷Ó²Å̸ùĿ¼°Ñ¡°setup.exe,autorun.inf¡±ÔÙ¸öÎļþɾ³ý£¬È»ºóÔÙÓøղÅÏ嵀 ¡°³¬¼¶Ñ²¾¯Ö®ÐÜèÉÕÏ㲡¶¾×¨É± V1.3¡±É¨ÃèÒ»ÏÂСÐܵġ°×¦ÑÀ¡±£¨¸ÐȾÎļþ£©£¬¹ûÈ»ÕÒµ½Á˼¸¸ö²¢¸ÉµôÁË£¬×îºóÒª×öµÄ¾ÍÊǵ½×¢²á±í°ÑËûÄǸöÆô¶¯Ïîɾ³ý¡£
×¢²á±íλÖãº[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
È»ºóÔÙÖØÆô¼ÆËã»ú¾ÍûÊÂÁË¡£
СÐÜèÊǸɵôÁË£¬Õâ´ÎÊǸɵôÁËСÐÜ裬µ«ÊÇÄã¾Í²»Å´óÐÜèÀ´±¨³ðÂð£¿ÄÇÓÖÓ¦¸ÃÔõôԤ·ÀÄØ£¿
¸ù¾ÝÎÒ¸öÈ˵ķÖÎö£¬Ð¡ÐÜèÔÀ´ÊÇ´ÓÄã¼ÒµÄºóÃŽøÀ´µÄ£¨Í¨¹ý¾ÖÓòÍø´ÓĬÈϹ²Ïí¼°¿ÉÄÜ°²È«¿ØÖƵĹ²Ïí´«²¥¹ýÀ´µÄ£©£¡
Ô¤·À´ëÊ©£º
1¡¢ÏÈ°ÑÎÒÃǼҵĺóÃŹغ㨴òĬÈϹ²Ïí¹Øµô£©£¬°ÑÒÔÏÂÄÚÈÝΪ´æΪÀ©Õ¹ÃûΪ.REGË«»÷µ¼Èë×¢²á±í£º
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
»¶ÓÀ´µ½(www.dngz.net)
£¢AutoShareServer£¢=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
£¢AutoShareWks£¢=dword:00000000
2¡¢µ±È»£¬ÎҰѺóÃŹØÁË£¬¾Í²»ÅÂËû°ÑÎÒÃǵÄÃŶ¼×²ÆÆÂð£¿ÏÖÔÚÒª×öµÄ¾ÍÊÇÒª°Ñ×ÔÉíµÄ·ÀÓùÄÜÁ¦Ìá¸ß£¨¾ÍÊÇ°ÑÎÒÃǵÄɱ¶¾Èí¼þÉý¼¶Ò»Ï£©
3¡¢°ÑСÐÜèÁÐÈëºÚÃûµ¥£¨½ûÖ¹ÔËÐС°Ð¡ÐÜ衱£©£¬°ÑÒÔÏÂÄÚÈÝΪ´æΪÀ©Õ¹ÃûΪ.REGË«»÷µ¼Èë×¢²á±í£º
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
£¢DisallowRun£¢=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
£¢1£¢=£¢gamesetup.exe£¢
ºÃÁ˸Ã˵µÄÎÒ¶¼ËµÍêÁË£¬ºÃÄÜÄãÈÏΪÎÒ˵ÁËÒ»´ó¶ÑµÄ·Ñ»°£¬²»¹ÜÔõôÑù£¬ÈÏΪÓеÃÉϵľͶ¥Ò»Ï°ɣ¡
Èí¼þÏÂÔØ£º³¬¼¶Ñ²¾¯Ö®ÐÜèÉÕÏ㲡¶¾×¨É± V1.3
°àÖíÄÜÔçµã·¢Õâ¸ö³öÀ´£¬Ò²Ðí×òÌìÎҾͲ»ÒªÖØ×°ÎÒÃÇÕâÀïµÄ¼¸Ì¨µçÄÔ£¬¶¼ÀÛËÀÈËÁË£¡
ºÃ¶«Î÷²»ÉÙ°¡¡£ ÓÐÐÄÀ²¡£
²»ÊÇËùÓÐÖֵĻúÆ÷ÔÚ°²È«Ï¶¼ºÃÓÃѽ£¬Îҵļ¸Ì¨»úÆ÷ÔÚ°²È«Ä£Ê½ÏÂЧ¹ûÒ²ÊÇÒ»ÑùÁË£¬¿ªÊ²Ã´¹Øʲô£¬¾ÍÁ¬×îºó¹Ø»ú»òÖØÆ𶼲»Èã¬Ö»ÄÜ°´µçÔ´£¡
µ¥Î»µÄ»úÆ÷ÓÃÕâ¸ö·½·¨¶¼É±ÁËÒ»±é£¬²»ÖªµÀ½ÚºóÉÏ°àµÄʹÓÃЧ¹û£¬Ï£ÍûÄܺÃÓðÉ
лл¥Ö÷À²