20CN网络安全小组论坛 - 病毒专区

论坛: 病毒专区标题: 杀毒，帮忙！

复制本贴地址

作者: zergking [zergking]

论坛用户

我的电脑里有两个隐含的文件叫desktop.ini和folder.htt
问这是什么毒？
怎么杀这两种毒，？

地主发表时间: 04-01-19 05:31

回复: saman [saman]

论坛用户

新快乐时光啊，你用记事本打开FLOADER看是不是写着KJSTAR，用VB编的

B1层发表时间: 04-01-20 08:40

回复: wangsong [wangsong]

论坛用户

很多的杀毒软件软件都能查出并杀死客观存在们的，
先升级新的病毒库

B2层发表时间: 04-01-20 12:28

回复: pula [pula]

论坛用户

去掉.htt文件,和查到VBS.Haptime.A@mn或VBS.Haptime.B@mn,重置outlook Express
运行regedit删除键值:
HKEY_CURRENT_USER\Software\Help\Count
HKEY_CURRENT_USER\Software\Help\FileName
上补丁www.microsoft.com/technet/ie/tolls/scrpteye.asp

B3层发表时间: 04-01-20 20:20

回复: zergking [zergking]

论坛用户

这就是用记事本打开的文件内容。。。
desktop.ini内容如下：

[ExtShellFolderViews]
Default={5984FFE0-28D4-11CF-AE66-08002B2E1262}
{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262}

[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]
PersistMoniker=file://Folder.htt

[.ShellClassInfo]
ConfirmFileOp=0

-
* This file was automatically generated by Microsoft Internet Explorer 4.0
* using the file %THISDIRPATH%\folder.htt (if customized) or
* %TEMPLATEDIR%\folder.htt (if not customized).

folder.htt内容如下：

<html>
<link rel=stylesheet href="%TEMPLATEDIR%\webview.css" title="Windows">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">



<base href="%THISDIRPATH%\">


<script language="JavaScript">
// the next line is the ONLY difference from folder.htt
var L_Intro_Text = "<b><font color=red>警告</font></b><br><br>修改该文件夹中的内容可能导致程序无法正常运行。<br><br>要添加或删除程序，请单击“开始”，指向“设置”，然后选择“控制面板”，再单击 <b>添加/删除程序</b>。";
var L_Prompt_Text = "选定项目可以查看其说明。";
var L_Multiple_Text = " 选定的项目。";
var L_Size_Text = "大小: ";
var L_FileSize_Text = "总计文件大小: ";
var L_Delimiter_Text = ",";
var L_Bytes_Text = " 字节";
var L_Attributes_Text = "属性";
var L_Codes_Text = "RHSaCE"; // suppress the Archive flag
var L_ReadOnly_Text = "只读";
var L_Hidden_Text = "隐藏";
var L_System_Text = "系统";
var L_Archive_Text = "档案";
var L_Compressed_Text = "已压缩";
var L_Encrypted_Text = "已加密";
var L_NoAttributes_Text = "(正常)";
var L_Properties_Text = "属性(&R)";
var timer = 0;
var wantMedia = false; // cool, but may hinder media file manipulation

function FixSize() {
// this function handles fixed panel sizing and collapsing when the window resizes
var threshold = 400;
var miniHeight = 32;
var ch = document.body.clientHeight;
var cw = document.body.clientWidth;

if (cw < threshold) {
document.all.Panel.style.visibility = "hidden";
document.all.MiniBanner.style.visibility = "visible";
document.all.FileList.style.top = miniHeight;
document.all.FileList.style.pixelLeft = 0;
} else {
document.all.MiniBanner.style.visibility = "hidden";
document.all.Panel.style.visibility = "visible";
document.all.FileList.style.top = 0;
document.all.FileList.style.pixelLeft = document.all.Panel.style.pixelWidth;
}
document.all.FileList.style.pixelWidth = cw - document.all.FileList.style.pixelLeft;
document.all.FileList.style.pixelHeight = ch - document.all.FileList.style.pixelTop;
}

function FormatNumber(n) {
var t = "";
var i, j = 0;
for (i = n.length - 1; i >= 0; i--) {
t = n.charAt(i) + t;
if (i && ((++j % 3) == 0))
t = L_Delimiter_Text + t;
}
return t;
}

function Properties() {
FileList.SelectedItems().Item(0).InvokeVerb(L_Properties_Text);
}

function Init() {
// call our FixSize() function whenever the window gets resized
window.onresize = FixSize;
FixSize();
Info.innerHTML = L_Intro_Text + "<br><br>" + L_Prompt_Text;
}
</script>

<script language="JavaScript" for="FileList" event="SelectionChanged">
// this script updates the left info panel when you select icons
var fldr = FileList.Folder;
var items;
var name;
var data;
var text;
var title;
var size = 0;
var i;

// cancel any pending status message
if (timer) {
window.clearTimeout(timer);
timer = 0;
}

// erase any visible thumbnail since the selection changed
document.all.Thumbnail.style.display = "none";
document.all.Status.style.display = "none";

// stop & destroy any media player
if (wantMedia)
document.all.Media.innerHTML = "";

data = FileList.SelectedItems().Count;
if (data == 0) {
// nothing selected?
Info.innerHTML = L_Intro_Text + "<br><br>" + L_Prompt_Text;
return;
}
else if (data > 1) {
// more than one item selected?
text = data + L_Multiple_Text + "<br>";
if (data <= 100) {
for (i = 0; i < data; i++)
size += FileList.SelectedItems().Item(i).Size;
if (size)
text += "<br>" + L_FileSize_Text + FormatNumber(size.toString()) + L_Bytes_Text + "<br>";
if (data <= 16)
for (i = 0; i < data; i++)
text += "<br>" + FileList.SelectedItems().Item(i).Name;
}
Info.innerHTML = text;
return;
}

items = FileList.SelectedItems().Item(0);

// name
name = fldr.GetDetailsOf(items, 0);
text = "<b>" + name + "</b>";

// type
data = fldr.GetDetailsOf(items, 2);
if (data)
text += "<br>" + data;

// date
data = fldr.GetDetailsOf(items, 3);
if (data)
text += "<br><br>" + fldr.GetDetailsOf(null, 3) + ":<br>" + data;

// size?
size = FileList.SelectedItems().Item(0).Size;
if (size)
if (size < 1000)
text += "<br><br>" + L_Size_Text + size + L_Bytes_Text;
else {
data = fldr.GetDetailsOf(items, 1);
if (data)
text += "<br><br>" + fldr.GetDetailsOf(null, 1) + ": " + data;
else
text += "<br><br>" + L_Size_Text + FormatNumber(size.toString()) + L_Bytes_Text;
}

// extra details?
for (i = 4; i < 10; i++) {
title = fldr.GetDetailsOf(null, i);
if (!title)
break;
data = fldr.GetDetailsOf(items, i);
if (title == L_Attributes_Text) {
var code;
var s = "";

text += "<br><br>" + title.link("JavaScript:onClick=Properties()") + ": ";
for (i = 0; i < 6; i++) {
code = L_Codes_Text.charAt(i);
if (data.indexOf(code) > -1) {
if (s)
s += ", ";
if (i == 0)
s += L_ReadOnly_Text;
else if (i == 1)
s += L_Hidden_Text;
else if (i == 2)
s += L_System_Text;
else if (i == 3)
s += L_Archive_Text;
else if (i == 4)
s += L_Compressed_Text;
else if (i == 5)
s += L_Encrypted_Text;
}
}
if (!s)
s = L_NoAttributes_Text;
text += s;
}
else if (data)
text += "<br><br>" + title + ":<br>" + data;
}

// tip?
data = fldr.GetDetailsOf(items, -1);
if (data && data != name) {
var start;
var end;
var theLink;
var a;

// parse lines for Office files without breaking links below
a = data.split("\n");
data = a.join("<br>\n");

// look for embedded links
text += "<br><br>";
start = data.indexOf("http://");
if (start < 0)
start = data.indexOf("file://");
if (start < 0)
text += data;
else {
end = data.indexOf(" ", start);
if (end < 0)
end = data.length;
if (start > 0)
text += data.substring(0, start - 1);
theLink = data.substring(start, end);
text += theLink.link(theLink);
if (end < data.length)
text += data.substring(end + 1, data.length);
}
}

// replace Info with the new text
Info.innerHTML = text;

if (wantMedia && size) {
// show media preview or thumbnail based on file extension
ext = name.substring(name.lastIndexOf(".") + 1, name.length);
ext = ext.toLowerCase();
if (ext == 'avi' || ext == 'mov' || ext == 'qt' || ext == 'mpe' || ext == 'mpeg' || ext == 'mpg') {
// show a movie player
document.all.Media.innerHTML = '<object ID="Player" style="width: 160px; height: 148px" classid=clsid:05589FA1-C356-11CE-BF01-00AA0055595A><param name="FileName" value="' + items.Path + '"><param name=ShowDisplay value=0><param name=BorderStyle value=0></object>';
} else if (ext == 'aif' || ext == 'aifc' || ext == 'aiff' || ext == 'au' || ext == 'mid' || ext == 'rmi' || ext == 'snd' || ext == 'wav') {
// show a sound player
document.all.Media.innerHTML = '<object ID="Player" style="width: 160px; height: 28px" classid=clsid:05589FA1-C356-11CE-BF01-00AA0055595A><param name="FileName" value="' + items.Path + '"><param name=ShowDisplay value=0></center></object>'
}
}

// try to generate a new thumbnail asynchronously, and delay the status message one second
if (size && (size < 10000000) && Thumbnail.displayFile(items.Path))
timer = window.setTimeout('document.all.Status.style.display = ""', 1000);
</script>

<script language="JavaScript" for="Thumbnail" event="OnThumbnailReady">
// when a valid thumbnail has been generated, display it
window.clearTimeout(timer);
timer = 0;
document.all.Status.style.display = "none";
if (document.all.Thumbnail.haveThumbnail() && document.all.Media.innerHTML == "")
document.all.Thumbnail.style.display = "";
</script>
</head>

<body scroll=no onload="Init()">


<div ID="MiniBanner" style="visibility: hidden; position: absolute; width: 100%; height: 32px; background: window">

<table><tr><td nowrap>
<p class=Title style="margin-top: 0">

%THISDIRNAME%

</td></tr></table>
</div>



<div id=Panel style="background: white URL(file://%TEMPLATEDIR%\wvleft.bmp) no-repeat">
<p>
<object classid="clsid:E5DF9D10-3B52-11D1-83E8-00A0C90DC849" width=32 height=32>
<param name="scale" value="100">
</object>

<p class=Title>

%THISDIRNAME%


<p class=LogoLine>
<img src="%TEMPLATEDIR%\wvline.gif" width=100% height=1px>

<p>
<span id=Info>
</span>




<p>

<object id=Thumbnail classid="clsid:1D2B4F40-1F10-11D1-9E88-00C04FDCAB92" style="display: none">
</object>


<div id=Status style="display: none">
正在生成预览...
</div>

<p>

<div id=Media>
</div>

</div>




<object id=FileList border=0 tabindex=1 classid="clsid:1820FED0-473E-11D0-A96C-00C04FD705A2">
</object>


</body>
</html>

B4层发表时间: 04-01-21 01:45

回复: pula [pula]

论坛用户

是欢乐时光。
我们学校有一大把。

B5层发表时间: 04-01-21 14:40

回复: tommy_he [tommy_he]

版主

金山有专门的工具，很多都中这个，就是速度慢了，其他没有什么！

B6层发表时间: 04-01-22 17:56

回复: moonbath [moonbath]

论坛用户

什么和什么呀!
这两个只是一般的系统文件
desktop.ini桌面配置文件
folder.htt文件夹超文本模版
因为每个文件夹里都有这两个文件，所以才把病毒附在这两个文件里，这样可以加快传播速度。
这两个文件本身不是病毒，先用杀毒软件查一下看是不是。不要看见这两个文件就以为是病毒。

B7层发表时间: 04-01-22 23:44

论坛: 病毒专区