前几天前上网时中毒:病毒文件fmsbbqi.dll/exe, yuiabct.exe/dll, bincdwsa.dll/exe, winsvr64.dll/exe,ptshell.exe/dll,dionpis.exe/dll,ticisms.exe/dll
装的诺顿杀毒,在中的是候都没反映.好不容易手动清除.
今天有中标
%windows%win.ini
添加新节
[cqit]
cqit=msoscqit00.dll
[fqit]
Fqit=msosfmsq00.dll
.........
病毒文件在windows/system32\
msosdrop00.dll,
msosfmsq00.dll,
msoscqit00.dll,
msosdohs00.dll,
nicozftp00.dll,
msosping00.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_Dlls"=hex(2):6d,00,73,00,6f,00,73,00,64,00,72,00,6f,00,70,00,30,00,30,\
00,2e,00,64,00,6c,00,6c,00,2c,00,6d,00,73,00,6f,00,73,00,66,00,6d,00,73,00,\
71,00,30,00,30,00,2e,00,64,00,6c,00,6c,00,2c,00,6d,00,73,00,6f,00,73,00,63,\
00,71,00,69,00,74,00,30,00,30,00,2e,00,64,00,6c,00,6c,00,2c,00,6d,00,73,00,\
6f,00,73,00,64,00,6f,00,68,00,73,00,30,00,30,00,2e,00,64,00,6c,00,6c,00,2c,\
00,6e,00,69,00,63,00,6f,00,7a,00,66,00,74,00,70,00,30,00,30,00,2e,00,64,00,\
6c,00,6c,00,2c,00,6d,00,73,00,6f,00,73,00,70,00,69,00,6e,00,67,00,30,00,30,\
00,2e,00,64,00,6c,00,6c,00,00,00
在安全模式下无法删除.我在cmd 下用命令导出进程所调用的Dll文件.只有
System Idle Process 0 暂缺
System 4 暂缺
smss.exe 796 ntdll.dll
csrss.exe 852 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, USER32.dll, KERNEL32.dll,
GDI32.dll, LPK.DLL, USP10.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, sxs.dll
这几个进程没有调用以上病毒文件.
其他全部调用.
有那位兄弟有专杀工具提供.否则就麻烦的. |
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡