我的電腦中毒了....還中2次不同的木馬病毒
特色就是當掃毒軟體掃到後
這個病毒是刪不掉的
再來打開隱藏的資料夾是開不起來的
只要打開隱藏的資料夾是無法開起的
就表示電腦中毒啦

會中這樣的病毒
相信大家應該也中嚕~~~~只是自己不知道趕快去掃掃看喔~~~


來嚕~~~~
先寫一下我找到哪些病毒
Trojan-GameThief.Win32.Magania.cctc
感染路徑
c:\windows\system32\mkfght0.dll
目前新型的病毒
Trojan-GameThief.Win32.Magania.cdbw
感染路徑
G:\0s63el.exe
C:\WINDOWS\system32\rttrwq.exe

解決方式
1.製作BAT檔  批次檔讓它自動幫你找程式勷後幫你清除
2.或是到此網頁
http://blog.yam.com/changshuwei/article/20622446下載
將kavo.exe病毒完整消滅?簡單又快速的方法 Kavo_killer 4.15

這個比較快~~~~
不然就是製作批次檔
批次檔製作法:
請將下面虛線中的文字複製後
貼到文字檔內然後將檔名改為時間.bat
因為此種病毒會繼續更新~~~所以批次檔刪除的病毒也會更新嚕!!
====================================
@echo off
echo.
echo.
echo.
echo.
echo 執行程式前 請先檢查系統還原是否關閉
echo.
echo 若無關閉請先關閉系統還原
echo.
echo 以免刪毒失敗......
echo.
echo.
echo 啟動刪除隨身碟病毒批次檔
echo.
echo 若不執行請關閉程式
echo.
echo 本批次檔會自動建制防禦資料夾
echo.
echo 資料夾檔名:autorun.inf(開機會讀取的檔案)
echo.
echo 以及修復點不開隱藏檔選項功能
echo.
echo.
pause
cls
echo.
echo 清除autorun.inf資料夾
echo.
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -A -S -H -R %%a:\autorun.inf
rd %%a:\autorun.inf
echo.
echo 刪除autorun.inf檔案
echo.
attrib -A -S -H -R %%a:\autorun.inf
del %%a:\autorun.inf /f /a )
echo.
echo 刪除系統下system32區病毒
echo.
for %%e in (
AMVa.exe
AMVO.exe
AVPa.exe
AVPO.exe
afmain0.dll
afmain1.dll
afmain2.dll
Bitkv1.dll
Bitkv2.dll
Bitkv0.dll
cvsdfw.exe
dsewtds0.dll
dsewtds1.dll
dsewtds2.dll
e8main0.dll
e8main1.dll
godert0.dll
godert1.dll
godert2.dll
ierdfgh.exe
j3ewro.exe
jvvo0.dll
jvvo1.dll
jvvo2.dll
jvvo.exe
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
kacsde.exe
kava.exe
kavo.exe
kavo0.dll
kavo1.dll
kavo2.dll
kxvo.exe
kxvo1.dll
kxvo2.dll
lhgjyit0.dll
lhgjyit1.dll
lhgjyit2.dll
otrewe0.dll
pytdfse0.dll
pytdfse1.dll
pytdfse2.dll
pytdfse3.dll
pytdfse4.dll
pytdfse5.dll
pytdfse6.dll
pytdfse7.dll
pytdfse8.dll
pytdfse9.dll
rttrwq.exe
mkfght0.dll
mkfght1.dll
mkfght2.dll
mmva.exe
mnsa.exe
TASO.exe
tavo.exe
tavo0.dll
tavo1.dll
tavo2.dll
taso.exe
uret463.exe
weidfsg.exe
wvps.dll
yt8a.exe

huwesa.exe
) do (
if exist %windir%\system32\%%e attrib -A -S -H -R %windir%\system32\%%e
del %windir%\system32\%%e /f /a
)
echo.
echo 刪除特殊路徑下病毒
echo.
for %%b in (
rb.exe
tt.exe
rundl132.exe
dll.dll
jwgkvsq.vmx
vdll.dll
logo1_.exe
2.exe
FF[n].EXE
Ahnrpta.exe

) do (
if exist %windir%\%%b attrib -A -S -H -R %windir%\%%b
del %windir%\%%b /s /f /a
)

echo.
echo 刪除硬碟目錄下病毒
echo.
for %%c in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
for %%d in (
0.com
0c2q.com
096.bat
0jbnlnu8.exe
0pqb6qnj.cmd
0qx0sc6.bat
0tmhoc.cmd
0wk2.cmd
0ohqxsdx.bat
1a0sr.cmd
1wkwxgxw.com
16onq.bat
1.exe
19f.exe
1bbvq96y.com
1brfrip.exe
1bg.cmd
1i.com
1jief.cmd
1irqtv.cmd
1n.cmd
1m.cmd
1q8p0y.com
1wod1.com
1xxec.exe
1yl.cmd
2.cmd
20740666.DAT
23ft.exe
26612903.DAT
2ACE4CFBAF2C.dll
2ACE4CFBAF2C.exe
2g.com
2px8tdn.bat
2y8la.exe
30ed3.exe
300y.cmd
30c0e.cmd
38840801.SVD
3dohrt.com
3ds.cmd
3bo9tn.cmd
3iugonx.com
3jkka91.com
3wy1vm.cmd
3hihyi.exe
3u.cmd
3yr1.cmd
39ysi89.com
54521049.EXE
6.bat
6.exe
6o0.BAT
6j2j.com
6g3.com
6vu680.com
6tkoyhx.cmd
6r3p.com
82.EXE
82i.cmd
82r9.cmd
8df.exe
8d.cmd
8e.com
8e9gmih.bat
8h3hh3m.exe
8mlo1q.cmd
8nlo1q.cmd
8nli1q.cmd
8ox6116.cmd
8ox61l6.cmd
8oupido.bat
8tss2gwq.bat
8q6h.exe
81365594.EXE
90imhpnc.exe
91m.com
91407786.EXE
92j11sm.com
93vx0c.com
96.com
9b8kmipy.com
9dl.cmd
9es.com
9mf.exe
a.bat
a.exe
a1.exe
aw.bat
abs.exe
abqk2c3i.bat
aoutfq.exe
autorun.inf
ay8p6v3.cmd
af93gcf.exe
b.bat
b.cmd
bsp.cmd
bitkv0.dll
bitkv1.dll
bitkv2.dll
bn0.bat
bplel98.cmd
bplrl98.cmd
bxuup9r.bat
c.com
cc.exe
c.bat
correcttime.bat
c9.com
cd8idoy1.com
cd8idoyl.com
cfv90h.com
cjrp8.com
copetttt.com
cubp.bat
clc3k.com
dgkx.exe
dsty.com
d.bat
d1y36.com
d22xl.bat
d3bn0j.exe
d3bnoj.exe
d8ur3qs.bat
ddyikr.cmd
dgf.exe
dp.exe
dynrn6e.cmd
ewatr.cmd
e.bat
e.exe
e00233it.com
e898.com
EB6C4499B05F.dll
EB6C4499B05F.exe
eb9ehyh.exe
ejoq.exe
ek.com
ekf6dbg0.com
erdeIect.com
f.bat
f.exe
ff.exe
f2ir.com
fvbk.exe
F3C74E3FA248.dll
F3C74E3FA248.exe
feav9a2.cmd
fp.exe
ff.exe
fphj6j31.bat
g2p3s.exe
g8rruyw.exe
gjfl.exe
gnc.bat
gmiljxy.com
gmi1jxy.com
gqsk.bat
gsxlexd.cmd
gx.com
gxlxknou.exe
gxul.com
gymussy.bat
ggl.cmd
g0.cmd
gabptk6d.bat
gnwav.exe
hqx292nu.exe
h1ahxi.bat
h3i1k3.exe
h3hi1k3.exe
hovrflst.bat
h0giuhmg.bat
hsi.com
hpkq.cmd
hupxj.bat
i.bat
i0.cmd
i2.com
i8.com
ierdfgh.exe
ig.com
igcmrtjw.cmd
ilpg9ejd.com
iok.exe
iq0ecwcj.cmd
iw.bat
j.bat
j.cmd
jj2.com
jj.com
j1.cmd
jj.bat
jbfqv8j.cmd
jg.com
jg6w3yx.com
jq6w3yx.com
j0mpdkja.cmd
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
k2d8j3wa.bat
kaq86asx.bat
kdy.cmd
kiibu.com
kjbu.com
kjibu.com
k08e.com
kk.bat
kya6l.bat
kya61.bat
k.bat
kqsr.exe
ll.exe
l9dwu8.bat
lgcadwx.bat
lp3c.bat
lj6hdv.com
lvxvo1xg.cmd
m.exe
m2.cmd
m6r8v.com
m6n.com
mcmm.bat
mmtpw22.bat
mmva.exe
mnsa.exe
mrsne.bat
mpstxgx.exe
mt0.cmd
mt.com
n1.com
n6j.com
nl.com
ndmego0f.cmd
nncu6kk.com
np.exe
n.com
nq.bat
nqgcd.com
nsv.bat
ntdeIect.com
ntdelect.com
nw0t1l0d.exe
o2yf0w.bat
o93ml8.bat
o9o2u.bat
oka3yrf.bat
okhr.exe
om.cmd
om0.com
oess.bat
oc.cmd
otf.cmd
pjwtv.cmd
p.exe
p8ihdw.exe
p9.exe
pamn.exe
pbwkwj.com
pchkh.cmd
PICTURE015.SCR
phgr1j.bat
pnc.exe
prjydpe.cmd
psgq60.bat
px.bat
q2vl2fiy.com
q0rppr.exe
qsid8g.exe
q1pady.cmd
q6h6j.com
qjfl.exe
qkarc.exe
qs6m.bat
r120.bat
r9ghv9.com
r9hv9.com
rjiybg.exe
rjx0.exe
rf.cmd
rn.exe
rtnlpipu.com
s38k.exe
s39tg.cmd
s9l.exe
s6muem.cmd
SCVB.EXE
smkjd.cmd
se11.cmd
spkr9wou.bat
spq.bat
stwi.com
sxs.exe
txfl1rhh.com
t1xdgvq.exe
t82e2v.cmd
tt.com
tg.com
t.exe
tigi.cmd
tg.com
t.cmd
tbhje.cmd
tfa8rk6.com
tj8odymw.exe
tlmjw.cmd
tlmjw.com
tmf3w3g0.com
tn0k.exe
u.exe
u18vxqle.bat
u18vxqle.com
u26ufgv.exe
u2by.exe
u6k.cmd
ubs.exe
ud.exe
uh.exe
uh31.exe
uorys.cmd
usbmons.dll
uxkktr.cmd
uyd9cck.cmd
utcn8c63.exe
uyfd9cck.cmd
v0vj.exe
v2h3.exe
v3pif.bat
v0f8rqc.cmd
v9l1l.com
v91qw.com
v9ug2p2.com
vctio.com
vmyphd.bat
vpqdgkx.com
vnkucvv.com
w.cmd
w.bat
w0owgn.bat
w6hikrv.com
wg0kpd.bat
winpows.exe
x.cmd
XAdeIect.com
xc.exe
xj.bat
xpq63xl.exe
xwpehlv.com
xe9fdii1.cmd
y319s.exe
yi9.exe
y6u.bat
yu.bat
yfmqo.cmd
ynfs9ks.cmd
ypjq1.cmd
yt8a.exe
yq00tht.exe
Z.EXE

0tmhoc.cmd
1dgybkp.bat
82tgk9eg.exe
89nrb.com
9tb8ist.bat
iu.bat
i.exe
dih6ke.bat
r.com
eg1.cmd
nmje9v6d.bat
xv.com
ldgybkp.bat
l1.cmd
m8wafly.com

u99.exe
ufwi6sq.exe
v86htgx.cmd
weg6sp.com
wglplm6g.bat
x1o8uo.exe
3g3.exe
9l66g8k1.com
ap.com
dmf.exe
e619e.cmd
ftiduico.bat
ib3qc3t.cmd
ig.bat
jcmmawa.bat
jdt2ofp.exe
jy.exe
n.exe
nt6ry3bn.cmd
qkolx.exe
s6.bat
h0ti1de.bat

)do (
if exist %%c:\%%d attrib -A -S -H -R %%c:\%%d
del %%c:\%%d /f /a
))

cls
echo.
echo 修復磁碟點不開和關閉autorun功能
echo.
echo.
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul

echo.
echo 恢復autorun.inf功能
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
echo.
echo 創建autorun.inf資料夾
echo.
for %%b in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (md %%b:\autorun.inf)>nul 2>nul
cls
echo 修復登錄檔!無法開啟隱藏檔
reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "CheckedValue" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f >nul 2>nul
echo.
echo.刪除病毒登錄檔
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "jvsoft" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "tasoft" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "anhtaaa" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "dorfgwe" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "kava" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "nhkletd" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "ertyuop" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "anhtaas" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "kxswsoft" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "rwasds" /f >nul 2>nul
reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\soft" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "wsctf.exe" /f >nul 2>nul

cls
echo.
echo 刪除完畢!
echo 若有未刪除病毒殘餘檔
echo 請重開機再執行一次本批次檔
echo
echo.請進入REGEDIT自行刪除執行病毒登錄檔
echo.路徑如下:
echo. (可刪可不刪)
echo HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
echo.
echo 若使用本批次檔兩次後
echo 還是無法打開隱藏檔
echo 請在執行打CMD
echo 指令: cd\
echo dir/w/a
echo. 製作者 t73319
echo.
http://www.wretch.cc/blog/t73319/11855505
pause
@echo on
===============================================================

以上~~~原理應該不需要多說
看依下以下我參考的網站就知道嚕!!!!!

參考網址:

http://www.wretch.cc/blog/t73319/11855505
http://samuel3a.spaces.live.com/Blog/cns!BE4A75B8077945!1626.entry
http://blog.yam.com/changshuwei/category/2379229





arrow
arrow
    全站熱搜

    呼呼 發表在 痞客邦 留言(0) 人氣()