CMD32.exeU盘病毒详细讲解
CMD32.exe U盘病毒感染详解
中毒了主要表现:
释放出来文档
%Windows%CMD32.exe
%System%voice.cpl
%System%timedate.cpl
各系统分区主目录释放出来
X:autorun.inf
autorun.inf 內容
[autorun]
Open=EvilDay.exe
shellexecute=EvilDay.exe
shell开启(&O)command=EvilDay.exe
shell=开启(&O)
shell2=预览(&B)
shell2Command=EvilDay.exe
shell3=资源管理器(&X)
shell3Command=EvilDay.exe
修改注册表:
病毒感染建立启动项
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
"NOTEPAD"="%Windows%CMD32.exe"
改动自动播放停用设定
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoDriveTypeAutoRun"=dword:0000005b
停用“显示信息全部文档和文件夹名称”
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALL]
"CheckedValue"=dword:00000000
停用“注册表编辑器”
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000001
消除方式:
1.结束进程
%Windows%CMD32.exe
2.删掉病毒感染文档
%Windows%CMD32.exe
%System%voice.cpl
%System%timedate.cpl
X:autorun.inf
3.改动回系统时间
4.重新启动电子计算机
免费下载SREng
开启sreng-系统修复-windows shell/ie-全选-修补-
5.删掉病毒感染建立的注册表
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
"NOTEPAD"
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionexplorerAdvancedFolderHiddenSHOWALL]
"CheckedValue"
6.修改注册表,修补被停用的“自动播放”
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoDriveTypeAutoRun"=dword:00000091
7.删掉 Image File Execution Options 映像劫持项
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsIceSword.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsTwister.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsSNATask.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsSysWarn.exe][HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionssloemnit.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsFilMsg.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionsgss.exe]
[HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVStart.
相关文章
- 1条评论
蓝殇野梦2022-05-29 07:52:18- date.cpl 各系统分区主目录释放出来 X:autorun.inf autorun.inf 內容 [autorun] Open=EvilDa
滇ICP备19002590号-1