百度和GOOGLE等搜索引擎乱码病毒的解决和V 专杀

百度和GOOGLE等搜索引擎乱码病毒的解决和V 专杀 - 故障解答 - 电脑教程网

百度和GOOGLE等搜索引擎乱码病毒的解决和V 专杀

日期:2006-03-30   荐:
近期出现一种病毒通过ARP攻击劫持用户和正常服务器之间的会话,在其中插入病毒代码。由此造成的后果是,用户正常访问这些网站时,会被引导下载病毒和木马程序,或者被跳转到其它网页。国内已经有部分知名网站受此影响。 傍晚拿到样本,写了个V 专杀. 把以下(方框中的内容)代码复制进一个新建的记事本,后缀改为V ,测试过,成功.最好在断网的环境下运行. 拿了ycosxhack的模版写,我真没效率,看来这种专杀没必要的话不做为好....还是去认真学习了....... .修改好了....调试过了..安全模式下运行就杀干净. 4.29:昨天漏了几个.补上,. 4.29晚:最后还是由YY弄了个AUTORUN.INF免疫和HOSTS恢复/我本来想加多个BAT辅助.最后还是放弃了.全都用V 吧

4.30凌晨更新
on error resume next
msgbox "本专杀由[G-AVR]Gryesign提供---http://hi.baidu.com/greysign",64,"搜索引擎乱码病毒专杀,请在安全模式下运行"
'-----------------病毒进程结束模块开始-----------------
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='fyso.exe'")
for each i in p
i.terminate
next
on error resume next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='jtso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='mhso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='qjso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='qqso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='wgso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='wlso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='wmso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='woso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='ztso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='nwizAskTao'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_proce where name='nwizAskTao'")
for each i in p
i.terminate
next
'-----------------病毒进程结束模块终止-----------------

标签: