本人中AV病毒之后
<P style="LINE-HEIGHT: 19.2pt"><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>上网时发现我的卡巴和</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">360</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>全部被关闭,然后卸载掉之后,再装也装不上去,安全模式也被屏蔽,进不去,浏览安全相关的网站时,总是突然被关掉</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">IE</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>,郁闷啊!幸亏系统以前做过备份,后来接着就</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">Ghost</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>了一把,但是后来一双击其它盘符,系统瞬间又被染毒,唉~不得不关机啊,因为电脑上重要资料比较多,不能丢失啊!接着换了一台没有中毒的电脑,上网查了查,才知道是中了</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">AV</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>病毒,接着就下载了一个</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">AV</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>病毒专杀的工具(</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">DubaTool_AV_Killer</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>,</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt"><A href="http://www.duba.net/zhuansha/259.shtml"><FONT color=#800080>http://www.duba.net/zhuansha/259.shtml</FONT></A></SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>),通过</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">U</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>盘</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">copy</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>到中毒的电脑上,在插</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">U</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>盘之前还要执行一项很重要的操作--关闭</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">windows</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>自动播放功能(开始</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">-</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>运行</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">-</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>输入</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">gpedit.msc</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>,打开组策略编辑器,查找计算机配置→管理模板→系统,在右边窗格中双击“关闭自动播放”,对话框中选择所有驱动器,确定即可),然后杀毒,病毒基本全部被清除,然后卡巴也可以装上去了,升级之后卡巴总是警报同一个病毒,但是又杀不了,没办法,找到路径之后删除它(</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">C:\WINDOWS\system32\drivers\00001001.sys</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>),但是一刷新,那个文件接着又重新出现,根本就删不掉,然后进到安全模式也删不掉(补充一下,专杀工具杀完之后,会自动修复安全模式),后来装了一个</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">MaxDOS</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>工具(给装好的</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">NT</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>系统加入</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">DOS</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>入口的软件,</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt"><A href="http://www.crsky.com/soft/7167.html"><FONT color=#800080>http://www.crsky.com/soft/7167.html</FONT></A></SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>),进入</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">DOS</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>手动删除了那个文件,然后回到系统卡巴恢复正常,到这里还没完,接着升级卡巴然后扫描全盘~没有病毒,升级</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">360</SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>扫描恶评软件~发现</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">3</SPAN><FONT face=宋体><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">个~立即清除,然后再用木马分析专家扫描系统盘,也没有发现病毒,机子到此算是恢复正常了。</SPAN><SPAN lang=EN-US style="FONT-SIZE: 9.5pt; FONT-FAMILY: Helvetica"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></FONT></P><P style="LINE-HEIGHT: 19.2pt"><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT face=宋体>对了,还有一点想说一下,在中病毒的时候,就只有卡巴和</FONT></SPAN><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt">360</SPAN><FONT face=宋体><SPAN style="FONT-SIZE: 10.5pt; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">崩溃,我的机子里还装了天网防火墙(正版)和木马分析专家(正版)没有崩溃,并不是因为是正版,而是这两款软件我全部设置了密码保护功能,均没有被病毒绑架。卡巴也有密码保护功能,建议大家设置一下,防患于未然!</SPAN><SPAN lang=EN-US style="FONT-SIZE: 9.5pt; FONT-FAMILY: Helvetica"><o:p></o:p></SPAN></FONT></P>
<P><SPAN lang=EN-US style="FONT-SIZE: 10.5pt; FONT-FAMILY: 'Times New Roman'; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-fareast-font-family: 宋体; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA"> </SPAN><SPAN style="FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA">由于本人处理中毒经验尚浅,难免有遗漏及谬误之处,恳切希望大侠们在交流的同时提出批评指正,谢谢!</SPAN><A href="http://bbs.cnhan.com/dispbbs.asp?boardid=129&Id=665066"></A></P> 最后一点,我想说下的是,AV终结者里面里面有一点代码,是专门对付一些常用杀软和辅助软件的,木马分析专家和天网之所以没被干掉,是因为病毒没有针对这些软件,设置密码固然有好处,但是若是病毒有意对该软件,那设置密码也是防不住的。。。 原来如此~谢谢斑竹指正! 写得很详细
页:
[1]