msn photo.zip 病毒怎么杀掉
发布网友
发布时间:2024-10-18 11:33
共2个回答
热心网友
时间:2024-11-07 03:04
%Windows%\photo album.zip
另外释放一个dll文件注入Explorer.exe进程:
%System%\rdshost.dll
在注册表中创建ShellServiceObjectDelayLoad启动方式:
[Copy to clipboard]CODE:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rdshost"="{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}"
[HKEY_CLASSES_ROOT\CLSID\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\InProcServer32]
@="rdshost.dll"
注:{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}为一串CLSID,病毒产生的这段CLSID不固定,如:{3CBAEB1E-422A-495D-A45F-5D9E10AACD4B}
向MSN好友发送信息:
QUOTE:
HEY lol i've done a new photo album !:) Second ill find file and send you it.
Hey wanna see my new photo album?
Hey accept my photo album, Nice new pics of me and my friends and stuff and when i was young lol...
Hey just finished new photo album! :) might be a few nudes ;) lol...
hey you got a photo album? anyways heres my new photo album :) accept k?
hey man accept my new photo album.. :( made it for yah, been doing picture story of my life lol..
同时将%Windows%\photo album.zip发送过去。
连接的IRC:darkjester.xplosionirc.net
热心网友
时间:2024-11-07 02:57
1,断网(拨掉网线、禁用网卡都行)
2,取消MSN的自动运行(打开MSN-工具-选项-常规-取消“当我登录到Windows时自动运行……”)
3,重启(进不进安全模式都行,我没有进)
4,打开注册表(开始-运行-输入“regedit”-回车)
5,在注册表中搜索“photo album”,并将之删除(在注册表中按下F3键,文本框中输入“photo album”,回车,搜索到相关项,删除;再按F3,继续搜索,并删除……直到显示“注册表搜索完毕”)
6,删除接收到的文件,并重启计算机
7,可重复第5步,以查是否还有相关项(我重复了几次,没有发现)
8,运行MSN(我测试了20分钟,没有发现异常,发消息没有异常)
以上为公司某同事电脑初中此毒时采取此操作,有效。
