è½éª 1,é¦å
ç»æç
æ¯è¿ç¨(ç±äºç
æ¯å
³èäºexeæ件,è¿è¡exeæ件ä¼æ¿æ´»ç
æ¯,éè¦ç¨ç¬¬ä¸æ¹è¿ç¨ç®¡ç软件并æ¹åè¿è¡æ¥ç»æç
æ¯è¿ç¨,å¦å°å,å°å
¶ä¸»æ件*.exeæ¹å为*.comè¿è¡)
ç»æè¿ç¨:
&Windows%\CSRSS.exe(æservices.exeãwinlogon.exeãlsass.exe çç)
%Windows%\ExERoute.exe
2,ç¹å»ä¸è½½Regfix.rarå°éè¾¹ç Regfix.exeæ¹å为Regfix.comåè¿è¡å¹¶ä¿®å¤exeå
³è.
3,è¿å被ç
æ¯ä¿®æ¹ç注å表å
容:
注å表æå¼æ¹æ³ï¼å¼å§----è¿è¡----è¾å
¥ regedit --ç¹ç¡®å®
æå¼æ³¨å表ç¼è¾å¨,éè¦ä¿®æ¹ä»¥ä¸å
容:
HKEY_CLASSES_ROOT\.lnk\ShellNew\\command
HKEY_CLASSES_ROOT\.bfc\ShellNew\\command
HKEY_CLASSES_ROOT\cplfile\Shell\cplopen\command\\
HKEY_CLASSES_ROOT\dunfile\Shell\open\command\\
HKEY_CLASSES_ROOT\file\Shell\open\command\\
HKEY_CLASSES_ROOT\htmlfile\Shell\Print\command\\
HKEY_CLASSES_ROOT\inffile\Shell\Install\command\\
HKEY_CLASSES_ROOT\InternetShortcut\Shell\open\command\\
HKEY_CLASSES_ROOT\scrfile\Shell\Install\command\\
HKEY_CLASSES_ROOT\telnet\Shell\open\command\\
HKEY_CLASSES_ROOT\InternetShortcut\Shell\open\command\\
HKEY_CLASSES_ROOT\scrfile\Shell\Install\command\\
HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\command\\
HKEY_CLASSES_ROOT\Unknown\Shell\openas\command\\
HKEY_CLASSES_ROOT\dunfile\Shell\open\command\\
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Shared Tools\MSInfo\ToolSets\MSInfo\hdwwiz\\command
å°ä»¥ä¸æ³¨å表é®å¼ä¸ç"rundll32.com","finder.com","command.pif"æ¹ä¸º"rundll32.exe"
HKEY_CLASSES_ROOT\htmlfile\Shell\open\command\\
HKEY_CLASSES_ROOT\Applications\iexplore.exe\Shell\open\command\\
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\command\\
HKEY_CLASSES_ROOT\ftp\Shell\open\command\\
å°ä»¥ä¸é®å¼ä¸ç"iexplore.com"æ¹ä¸º"iexplore.exe"
HKEY_CLASSES_ROOT\htmlfile\Shell\opennew\command\\
HKEY_CLASSES_ROOT\http\Shell\open\command\\
å°ä»¥ä¸é®å¼ä¸å
容修æ¹ä¸º"%SystemRoot%\Program Files\Internet Explorer\iexplore.exe"
HKEY_CLASSES_ROOT\Drive\Shell\find\command\\
å°ä»¥ä¸é®å¼ä¸ç"explorer1.com"æ¹ä¸º"iexplore.exe"
HKEY_CLASSES_ROOT\.exe\\
å°ä»¥ä¸é®å¼ä¸ç"(é»è®¤)"ä¿®æ¹ä¸º"exefile"
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Winlogon\\Shell
å°ä»¥ä¸é®å¼ä¸ç"Explorer.exe 1"ä¿®æ¹ä¸º"Explorer.exe"
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\Internet Explorer\Main\\Check_Associations
å°ä»¥ä¸é®å¼ä¸ç"No"ä¿®æ¹ä¸º"Yes"
å é¤HKCR\winfiles
å é¤ç
æ¯èªå¯å¨é¡¹åç
æ¯ä¿¡æ¯:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN\\Torjan Program
"%Windows%\CSRSS.exe" (æservices.exe)
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings
å é¤HKLM\SOFTWARE\MICROSOFT\Windows\CURRENT VERSIONåé®(注æä¸æ¯CURRENTVERSIONåé®ï¼å ä¸é´æç©ºæ ¼çé£ä¸ªï¼å«å éäº!)
4,æåå é¤ç
æ¯æ件:
C:\WINDOWS\finder.com
C:\WINDOWS\explorer.com
C:\WINDOWS\1.com
C:\WINDOWS\ExERoute.exe
C:\WINDOWS\system32\rundll32.com
C:\WINDOWS\system32\finder.com
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\MSCONFIG.COM
C:\WINDOWS\system32\dxdiag.com
C:\WINDOWS\system32\regedit.com
D:\autorun.inf
D:\pagefile
D:\command.com
c:\windows\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.com
C:\WINDOWS\Debug\DebugProgram.exe
C:\WINDOWS\system32\MSWINSCK.OCX
C:\Program Files\Common Files\iexplore.pif
D:\command.com
C:\WINDOWS\EXERT.exe
C:\WINDOWS\LSASS.exe
温馨提示:内容为网友见解,仅供参考