记事本U盘病毒 Notepad.exe查杀方法_病毒查杀

特征:
1,运行Notepad.exe后,%SYSTEMROOT%system32建立随机命名文件夹935F0D,释放C:\WINDOWS\system32\935F0D\96B69A.EXE,

2,在%USERPROFILE%「开始」菜单\程序\启动中建立图标为文件夹文件名为空格的快捷方式,指向c:\windows\system32\935f0d\96b69a.exe

3,添加启动到HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,指向c:\windows\system32\935f0d\96b69a.exe

4,下载病毒yun_qi_img/o.gif并随机命名为NT-EEA96FB9.EXE,释放到c:\windows\system32\935f0d\winocreg.exe,c:\windows\system32\935f0d\F0D363.EXE
5,访问2个网页
http://hidatabase.cn/ul.htm
dfg4tgurl{79,38,44,193,0,102,174,46,250,134,104,116,161,192,40,11,51,233,229,224,121,219,205,183,163,35,204,225,220,222,174,125,238,187,143,193,26,194,177,227,55,191,10,174,79,28,172,239,36,220,70,223,215,86,58,23,74,35,20,232,138,210,134,173,17,27,15,16,189,21,156,102,252,9,207,87,164,143,209,186,55,14,51,106,208,84,13,236,77,171,193,46,229,125,119,94,215,107,239,195,221,237,40,244,246,57,147,63,58,19,200,120,21,148,21,214,170,229,2,251,37,54,199,140,35,172,25,69,236,48,19,170,42,80,226,236,143,254,44,129,11,242,101,31}
http://hidatabase.cn/ol.htm
5rtgfforder{177,224,116,197,104,196,222,40,140,201,129,57,168,216,162,249,154,30,11,158,63,92,206,13,158,57,188,43,158,85,148,241,175,135,213,100,155,32,56,138,48,234,95,0,7,228,74,23,151,108,110,120,61,31,85,92,185,60,224,197,6,55,58,202,250,134,104,116,161,192,40,11,182,253,207,106,61,166,112,31,77,202,130,87,52,173,95,139,231,111,218,104,57,244,147,66,114,77,39,114,228,65,93,176,80,47,8,2,143,150,51,49,71,85,49,12,62,90,102,129,51,178,97,164,100,75,196,99,134,44,139,54,204,69,7,244,246,107,133,174,101,253,189,232,57,127,204,15,135,36,50,180,227,227,8,99,152,119,55,130,180,9,65,49,159,151,49,71,102,235,187,198,97,160,94,188,42,192,171,27,161,142,191,186,238,187,77,203,201,61,143,99,221,134,191,215,193,231,200,252,100,36,200,130,86,240,77,99,6,242,0,211,33,44,186,95,36,134,120,91,89,127,216,47,194,242,85,62,228,161,250,51,15,131,105,70,63,60,105,204,173,59,114,89,163,158,147,230,244,125,8,54,13,26,56,87,242,101,189,204,8,138,39,65,27,50,207,75,19,48,172,199,42,16,207,42,152,134,180,17,247,199,108,5,178,238,216,71,7,133,50,7,19,173,175,133,137,182,109,222,93,242,158,52,160,185,249,65,248,193,0,220,198,33,108,31,224,233,86,244,215,128,110,170,227,149,63,232,145,21,199,181,200,205,202,73,111,135,42,181,101,110,140,123,99,67,48,42,162,229,70,209,20,81,63,23,22,128,132,226,48,51,131,169,204,50,207,245,220,156,188,108,39,100,195,192,199,24,160,95,126,97,29,247,201,42,13,26,230,255,51,134,148,113,244,184,82,118,11,203,136,162,242,63,62,67,82,242,0,180,175,155,23,230,64,134,45,36,184,196,5,79,90,17,95,235,184,110,90,124,232,250,252,240,158,81,255,6,192,222,222,12,1,118,49,149,137,42,49,232,229,133,3,12,110,195,79,208,41,215,250,86,7,85,207,113,71,44,14,33,15,174,165,129,41,64,132,22,111,96,250,17,249,86,47,60,212,148,79,219,123,156,9,171,241,3,146,106,244,44,92,114,74,141,77,141,35,196,15,67,67,107,11,133,82,183,45,97,217,221,153,191,60,94,227,9,39,217,156,220,41,45,107,85,18,145,63,48,121,227,24,225,49,140,167,187,232,6,28,228,43,167,137,42,72,37,134,4,217,228,211,113,63,107,71,178,52,30,0,152,224,254,183,123,83,67,190,72,92,165,13,140,241,112,201,50,229,106,0,194,169,126,43,41,231,87,188,103,24,88,149,206,248,87,216,193,216,220,202,120,242,98,52,41,54,133,183,111,219,191,116,236,156,72,84,124,204,178,162,107,149,73,84,227,233,212,22,21,248,250,127,151,32,46,213,226,226,182,50,213,92,20,144,137,209,19,26,18,241,12,220,125,174,104,228,81,225,207,247,52,87,222,100,36,200,130,86,240,77,99,35,69,192,201,111,154,148,247,5,178,132,16,112,203,235,250,14,91,57,77,28,205,191,15,65,239,70,101,110,151,218,43,90,72,12,130,205,108,3,220,154,240,13,68,150,17,62,115,233,118,221,192,35,70,151,199,141,234,171,75,87,52,54,116,109,132,77,185,145,181,132,98,84,57,125,171,194,2,241,173,46,168,229,158,125,171,24,99,3,108,79,111,215,63,49,239,128,224,54,106,37,101,86,154,116,249,219,115,25,101,180,220,238,246,164,226,176,93,235,71,146,118,235,131,66,4,4,74,183,241,159,237,189,98,93,124,135,122,75,84,57,131,34,115,143,198,70,45,149,19,100,144,206,234,238,158,147,254,76,127,191,56,80,43,245,55,225,223,39,109,59,71,244,175,142,59,234,220,172,149,27,166,244,4,117,29,70,226,192,240,12,33,248,144,110,85,130,84,111,147,213,47,139,218,17,159,159,15,13,84,175,121,130,16,205,150,150,38,63,50,222,56,114,160,232,220,22,33,195,13,105,84,39,138,173,92,164,141,64,61,250,175,145,154,109,19,60,132,50,107,134,4,174,168,54,100}
奇怪的2个网页文件。

用icesword删除之就ok了.

时间: 2024-09-11 11:53:23

记事本U盘病毒 Notepad.exe查杀方法_病毒查杀的相关文章

U盘病毒vistaAA.exe的手动查杀方法_病毒查杀

Modified: 2008年5月8日, 18:52:32 MD5: 7009AC302C6D2C6AADEDE0D490D5D843 SHA1: 0E10DA72367B8F03A4F16D875FEA251D47908E1E CRC32: DCE5AE5A 病毒运行后: 1.释放一个sbl.sys到%system32%\drivers下面,并拷贝一份覆盖beep.sys,之后加载该驱动,恢复SSDT钩子,导致某些杀毒软件的主动防御功能失效. 2.结束很多杀毒软件和安全工具的进程 诸如: Qu

u盘病毒清除 Discovery.exe查杀方法_病毒查杀

这是之前niu.exe病毒的最新变种,最近该病毒的新变种传播又有所抬头,希望大家注意. Quote: File: Discovery.exe Size: 74240 bytes Modified: 2008年2月2日, 0:03:34 MD5: 2DA55F2A36E852EE6FC96D34DD520979 SHA1: 44CE8F1C1A02591A88867F421C0C658B200D94C1 CRC32: E20E292D 1.病毒运行后,衍生如下副本及文件: Quote: %syst

最新病毒变种sxs.exe及xeklsk.exe(柯南病毒)查杀方法_病毒查杀

通过u盘传播的病毒sxs.exe威力向来很大,曾经n个计算机被他搞垮~~其变种也日益翻新,花样白出~~机房电脑又中毒了...各盘符下有隐藏的文件,图标是柯南头像的sxs.exe及autorun,病毒系统进xeklsk.exe. 通过文件夹选项不能显示隐藏文件. 经过反复查找,此病毒乃最新变种,网上给出查杀方法的很少~现提供如下,仅作参考: ---- 解决方案: ***提示:杀毒过程中注意盘符不要双击,点鼠标右键"打开"!*** 1.结束进程xeklsk.exe,sxs.exe及其他可疑

中了桌面上的ie.exe的解决方法_病毒查杀

目前杀毒软件还不能彻底清除  病毒除了在C盘产生病毒文件IE.EXE等等外,会修改游戏启动文件 如原文件名是 jxonline.exe 病毒就改了原来的文件名成为 jxonline~.exe,然后生成感染病毒的jxonline.exe  在第8次重装完系统后终于. 当我装好系统,心想终于可以玩游戏了,  结果一运行游戏,马上防火墙就检测到有一堆不知道那里冒出来的程序要求访问网络,接着就不断的弹出一大堆广告网业,主业跟着被修改.且每次重新打开IE主业都被改一次(厉害,主业也做到自动切换)   救命

SysLoad3.exe木马病毒的分析及清除方法_病毒查杀

使用前,请先断网,删除系统目录下的SysLoad3.exe以及1.exe,2.exe,...,7.exe,用IceSword删除临时目录下的那几个动态库.当任务管理器里没有iexplore.exe和notepad.exe的进程时,就可以运行这个恢复程序了.        特别注意:运行过程中,不要去运行其他程序,有可能你运行的那个程序就是带毒的!!  [b]二:以下是分析和手动清除方法:      昨天下午加班回来,发现本本的行为相当诡异.看了看任务管理器,有几个Ie的进程和几个Notepad的

md9.exe scvhost.exe 只木马下载者查杀方法_病毒查杀

从http://www.ittool.cn/d123.exe 下载病毒文件 它使用rar自解压文件,广告,病毒 等很多垃圾软件,很恶心 查杀方法:www.360safe.com 下载即可删除

recycle.exe(Trojan-Dropper.Win32.VB.rj)病毒的查杀方法_病毒查杀

一.病毒描述:         病毒通过U盘传播,运行后复制自身到系统目录并释放一个灰鸽子木马.为增强隐蔽性,生成的病毒文件有回收站和安         装程序两种图标.          二.病毒基本情况:         病毒名称:Trojan-Dropper.Win32.VB.rj         病毒别名:无         病毒类型:病毒         危害级别:3         感染平台:Windows         病毒大小:458,752(字节)         SHA1

Windows提示找不到文件“chkfat.exe”的解决方法_病毒查杀

尽管已经中毒,但卡巴斯基对这一个进程,一个文件,只能循环连续地报毒,再报杀毒成功,一个chkfat.exe需要重启后删除.          在msconfig启动中关了可疑进程后,重启卡巴斯基提示仍然!察看进程仍可以看到chkfat.exe的运行.结束进程后它随即又启动,卡巴斯基提示仍然!          在window的system32中找到chkfat.exe文件,用unlocker删除,按提示重启电脑,在再开机后弹出提示说,Windows找不到文件"chkfat.exe",请

美女游戏病毒iwbkvd.exe查杀方法_病毒查杀

按下F8進入安全模式. 一,運行PowerRmv,點擊"鎖定目標"在路徑c:\winnt\system32或者c:\windows\system32下找到severe.exe的文件,進行殺滅.iwbkvd.exe同樣.powerrmv網上有得下,您可以下載一個. 二,使用卡卡的IE修復功能進行IE修復 三,使用卡卡的啟動項管理功能查看病毒的登陸項進行刪除,并找到對應的病毒程序文件進行清除. 四,使用卡卡的啟動項管理功能查看病毒的應用程式劫持項進行刪除. 五,使用SREng修復系統的文件