对对,这个病毒是很强的,首先就会把时间给改了。他们在每个盘下都会留下备份还有一个autorun的文件,所以把进程停了打开其它盘又会感染,很郁闷的。先把下面的代码用记事本存下去,扩展名是reg,然后到导入注册表把病毒停了,再用ACDSee查看每个硬盘下的隐藏文件,把autorun和那个程序文件删了,就可以了,如果中毒不是太深就没事了,我的电脑被感染的直接找不到硬盘了,只能重装。其实要是不清除干净,重装c盘也没用,还是会感染的。
-----------以下为代码-----------------------
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="200"
"WaitToKillAppTimeout"="200"
"WaitTOKillService"="200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL]
@="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
"AutoSharewks"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows]
"NoPopUpsOnBoot"=dword:00000001
[HKEY_CLASSES_ROOT\lnkfile]
@="快捷方式"
"EditFlags"=dword:00000001
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
@="Printers"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000003
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"FontSmoothing"="2"
"FontSmoothingType"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server"=dword:00000008
"MaxConnectionsPerServer"=dword:00000008
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]
"WaitToKillServiceTimeout"="1000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgijhph.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgijhph.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\epiaumj.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\epiaumj.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oso.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\copy.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wokaye.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\she.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rising.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sys.exe]
"Debugger"="c:\\破坏类.exe"
