|
 | 作者: share [share]
 论坛用户 |
登录 |
| WORM_SDBOT.CGL 我的机器种了此中病毒,这两天一直机器特别的慢 ,用杀毒软件杀也不管用知道的请帮忙!! 在线等 ~~~ |
| 地主 发表时间: 05-11-28 16:42 |
 | 回复: pjstart [pjstart]  论坛用户 |
登录 |
|
现在也没有太好清除方法,我在网上找到个清除方法,你只能试试看!!! (转 载) 以下修改方式�m用於WindowsXP SP2 1.��重新�⒛愕碾��X���屿栋踩�模式(重�_後按F8�M入安全模式[不含�W路功能]) 2.�_始功能表===>�绦�===>在空白����入regedit===>�_定 3.在HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services 在左���ふ� TESV �⒅�移除掉 4.在HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Security Center 找到以下三行: FirewallDisableNotify = "dword:00000001" UpdatesDisableNotify = "dword:00000001" AntiVirusDisableNotify = "dword:00000001" �⒅蹈��槿缦滤�示: FirewallDisableNotify = "dword:00000000" UpdatesDisableNotify = "dword:00000000" AntiVirusDisableNotify = "dword:00000000" 5.在HKEY_CURRENT_USER>Software>Microsoft>Security Center 找到以下三行: FirewallDisableNotify = "dword:00000001" UpdatesDisableNotify = "dword:00000001" AntiVirusDisableNotify = "dword:00000001" �⒅蹈��槿缦滤�示: FirewallDisableNotify = "dword:00000000" UpdatesDisableNotify = "dword:00000000" AntiVirusDisableNotify = "dword:00000000" 6.在HKEY_LOCAL_MACHINE>System>CurrentControlSet>Services>lanmanserver>parameters �h除�@��值: AutoShareWks = "dword:00000000" 7.在HKEY_LOCAL_MACHINE>System>CurrentControlSet> Services>lanmanserver>parameters �h除�@��值: AutoShareServer = "dword:00000000" 8.在HKEY_LOCAL_MACHINE>System>CurrentControlSet> Services>lanmanworkstation>parameters �h除�@��值: AutoShareWks = "dword:00000000" 9.在HKEY_LOCAL_MACHINE>System>CurrentControlSet> Services>lanmanworkstation>parameters �h除�@��值: AutoShareServer = "dword:00000000" 10.在HKEY_LOCAL_MACHINE>System>CurrentControlSet> Services>RemoteRegistry 找到�@��值: Start = "dword:00000004" 修改成: Start = "dword:00000002" 11.在HKEY_LOCAL_MACHINE>System>CurrentControlSet> Services>TlntSvr 找到�@��值: Start = "dword:00000004" 修改成: Start = "dword:00000003" 12.在HKEY_LOCAL_MACHINE>System>CurrentControlSet> Services>wscsvc 找到�@��值: Start = "dword:00000004" 修改成: Start = "dword:00000002" 13.在HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Ole 找到: EnableDCOM = "N" 修改成: EnableDCOM = "Y" 14.�⑾到y的自�舆�原�P�] 方法: 我的���X===>右�I===>�热�===>系�y��原===>�㈥P�]所有磁碟上的系�y��原打勾 15.重新�_�C到正常�绦�XP 你�����@�硬《臼遣皇沁���在 |
| B1层 发表时间: 05-11-28 17:54 |
| 回复: zch001 [zch001] 论坛用户 |
登录 |
|
我在这里加几个: 1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control WaitToKillServiceTimeout = "7000" 原始的是 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control WaitToKillServiceTimeout = "20000" 2. AntiVirusOverride = "dword:00000001" FirewallOverride = "dword:00000001" 原始的是 AntiVirusOverride = "dword:00000000" FirewallOverride = "dword:00000000" 3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\wscsvc Start = "dword:00000004" 原始的是 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\wscsvc Start = "dword:00000002" 4.共享有没有被打开: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ lanmanserver\parameters AutoShareWks = "dword:00000000" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ lanmanserver\parameters AutoShareServer = "dword:00000000" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ lanmanworkstation\parameters AutoShareWks = "dword:00000000" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ lanmanworkstation\parameters AutoShareServer = "dword:00000000" 有可能的共享名是下面的几个,你查一下!! ADMIN$ ADMIN$\system32 C$\Windows\system32 C$\WINNT\system32 D$\Windows\system32 D$\WINNT\system32 IPC$ |
| B2层 发表时间: 05-11-29 16:31 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 电脑门诊
标题: 这个病毒的手动清楚方法?