本文目录一览:
怎么杀这些病毒(木马)?
你可以用这个软件到安全模式下去处理试试:
按杀毒软件提供的路径,记下来
1.下载一个软件:冰刃()
这是一个绿色软件,下载解压缩后即可使用。
如果杀软提供的病毒文件是一个dll的话,点击:进程 逐个右击右侧的进程--模块信息,仔细查看这个dll到底对哪些进程进行了插入(特别是那些系统进程),尝试用右侧的“强制解除”试试,能不能将这个dll文件从进程中解除出来(可能会碰上在某个进程中强制解除时机器会重启的现象)。
如果不行,请先运行regsvr32 /u 这个dll文件,将它从系统中反注册。
2.如果杀软提供的病毒文件是一个非dll文件的话,直接在冰刃左侧的栏里通过“文件”直接定位到这个文件所在的文件夹下,找到这个文件(木马文件一般在system32下)
3.通过按钮“创建时间”对这个文件夹下的文件进行排序,仔细查看与这个文件在创建时间是同一天的所有文件(但是不是都是与它一样是病毒文件,需要你判断)。右击它们一一删除。
4.搜索注册表里这个文件的键值,删除搜索到的。
5.重启电脑,这个东西应该清除干净了。
木马病毒如何破解(源代码破解)
@echo off
echo ------------U盘杀毒------------
@echo.
@echo.
pause
@echo.
@echo.
echo 正在清除病毒
taskkill /F /IM winservice.exe
@echo.
@echo.
echo 请稍等5秒钟
pause
rd /S /Q C:\WINDOWS\winsystem
@echo.
@echo.
rem 删除病毒文件
echo 正在恢复文件夹
@echo.
@echo.
rem 取消属性
dir /a:ds /b dir.txt
for /f "tokens=* delims= " %%i in (dir.txt) do call :ss "%%i"
del dir.txt
attrib -s -h -r open*.exe
del open*.exe
del "*.lnk"
attrib +s +h "System Volume Information"
attrib +s +h ""
@echo.
@echo.
@echo.
@echo.
echo 清除成功。。。
pause
goto :eof
:ss
set var=%1
echo 正在修复文件夹 %var% ...
attrib -s -h -r %var%
goto :e
求杀死global.exe木马的 *** 啊,,受不了这病毒了,,,
Global.exe 是一种U盘病毒,病症表现为创建名为 Global.exe 进程的木马病毒综合体,使电脑速度明显下降,不能切换中英文输入。
病毒资料
病毒资料 U盘病毒
病症:创建 Global.exe 进程! 木马病毒综合体 电脑速度明显下降,不能切换中英文输入。
危险程度:高
病毒:是
木马:是
恶意软件:否
建议:下载安装所有系统安全补丁
一种病毒进程,现象是每隔30秒有个飘动的图片写的your computer is being attacked(翻译成中文为:您的计算机受到攻击),,还不停地发出噔噔的声音。
因为是U盘传播,建议关闭自动播放并且开启杀软(360、金山等)的实时防护
解决办法:
复制以下代码到记事本,然后改名为 *.bat 双击运行即可!
-------------------------------开始--------------------------------
@echo off
title Eyeson软件工作室 Global.exe病毒专杀工具
color 0a
taskkill /im Global.exe /t /f
taskkill /im tskmgr.exe /t /f
attrib -s -h -r c:\autorun.inf
attrib -s -h -r C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
attrib -s -h -r C:\WINDOWS\pchealth\Global.exe
attrib -s -h -r C:\WINDOWS\system32\dllcache\Default.exe
attrib -s -h -r C:\WINDOWS\pchealth\Global.exe
attrib -s -h -r C:\WINDOWS\system\KEYBOARD.exe
attrib -s -h -r C:\WINDOWS\Fonts\Fonts.exe
attrib -r -s -h C:\MS-DOS.com
attrib -r -s -h C:\WINDOWS\Cursors\Boom.vbs
attrib -r -s -h C:\windows\fonts\tskmgr.exe
attrib -r -s -h C:\windows\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\global.exe
attrib -r -s -h C:\windows\system32\dllcache\rndll32.exe
attrib -r -s -h C:\windows\system32\drivers\drivers.cab.exe
del c:\autorun.inf
del C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
del C:\WINDOWS\pchealth\Global.exe
del C:\WINDOWS\system32\dllcache\Default.exe
del C:\WINDOWS\pchealth\Global.exe
del C:\windows\fonts\tskmgr.exe
del C:\WINDOWS\system\KEYBOARD.exe
del C:\WINDOWS\Fonts\Fonts.exe
del C:\MS-DOS.com
del C:\WINDOWS\Cursors\Boom.vbs
del C:\windows\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\global.exe
del C:\windows\system32\dllcache\rndll32.exe
del C:\windows\system32\drivers\drivers.cab.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\autorun.inf attrib -s -h -r %%d:\autorun.inf
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\autorun.inf del %%d:\autorun.inf /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com attrib -s -h -r %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\Global.exe attrib -s -h -r %%d:\WINDOWS\pchealth\Global.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system32\dllcache\Default.exe attrib -s -h -r %%d:\WINDOWS\system32\dllcache\Default.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system\KEYBOARD.exe attrib -s -h -r %%d:\WINDOWS\system\KEYBOARD.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\Fonts\Fonts.exe attrib -s -h -r %%d:\WINDOWS\Fonts\Fonts.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\MS-DOS.com attrib -s -h -r %%d:\MS-DOS.com
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com del %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\Global.exe del %%d:\WINDOWS\pchealth\Global.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system32\dllcache\Default.exe del %%d:\WINDOWS\system32\dllcache\Default.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system\KEYBOARD.exe del %%d:\WINDOWS\system\KEYBOARD.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\Fonts\Fonts.exe del %%d:\WINDOWS\Fonts\Fonts.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\MS-DOS.com del %%d:\MS-DOS.com /q
'cls
set rg = createobject("wscript.shell")
on error resume next
rg.regwrite "HKCR\.vbs\", "VBSFile"
rg.regwrite "HKCU\Control Panel\Desktop\SCRNSAVE.EXE", ""
rg.regwrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut", "30"
rg.regwrite "HKCR\MSCFile\Shell\Open\Command\", ""
rg.regwrite "HKCR\regfile\Shell\Open\Command\", ""
rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", ""
rg.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", ""
rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", ""
rg.regwrite "HKEY_CLASSES_ROOT\MSCFile\Shell\Open\Command\", ""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\DisplayName","Local Group Policy"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\FileSysPath",""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\GPO-ID","LocalGPO"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\GPOName","Local Group Policy"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\SOM-ID","Local"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0\Parameters",""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0\Script",""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\DisplayName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\FileSysPath", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\GPO-ID", "LocalGPO"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\GPOName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\SOM-ID", "Local"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Parameters", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Script", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\DisplayName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\FileSysPath", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\GPO-ID", "LocalGPO"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\GPOName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\SOM-ID", "Local"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\0\Parameters", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\0\Script", ""
cls
set /p tmp=C盘该病毒清除完毕,如果其它盘符存在无法打开的现象,请按回车开始删除其他分区病毒。
cls
-------------------------------结束--------------------------------
