病毒檔案
病毒名稱:MSN照片(Worm.IRC.MyPhoto.a)
病毒類型:蠕蟲病毒
病毒危害級別:★★★☆
病毒發作現象及危害:
該病毒會通過MSN發送內容為“HEY lol i've done a new photo album !
Second ill find file and send you it.”、“Hey wanna see my new photo album?”等內容的消息,同時附帶一個名為photo album.zip的壓縮文件。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654250.png');}" onmousewheel="return imgzoom(this);" alt="" />
用戶運行該壓縮文件中的程序即會被病毒感染。病毒還會在用戶電腦裏釋放一個後門程序,黑客可以利用IRC軟件遠程控製中毒電腦,竊取個人資料,從而使用戶麵臨極大的安全威脅。
手工刪除:
一、刪除病毒的注冊表啟動項目
1、運行regedit,打開注冊表編輯器。打開HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionShellServiceObjectDelayLoad,找到“rdshost”一項,將其值記錄下來,並將該項刪除。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654251.gif');}" onmousewheel="return imgzoom(this);" alt="" />
注意:“rdshost”項的值為一個CLSID。病毒產生的這段CLSID不固定,本例中為:{C7B4EE78-A8FB-4C16-AE1F-C1A568949825}。
2、打開HKEY_CLASSES_ROOTCLSID,找到剛才記錄下的CLSID項,本例為:{C7B4EE78-A8FB-4C16-AE1F-C1A568949825},將其刪除。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654252.gif');}" onmousewheel="return imgzoom(this);" alt="" />
二、重新啟動計算機
由於該病毒駐留內存,因此,清除掉啟動項目後必須重新啟動計算機才能夠刪除病毒文件。
三、刪除病毒文件
1、進入Windows,默認為C:windows,找到名為“photo album.zip”的文件並刪除。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654253.gif');}" onmousewheel="return imgzoom(this);" alt="" />
2、進入係統目錄,默認為C:windowssystem32,找到名為“rdshost.dll”文件並刪除(注意是DLL文件不是EXE)。
3、重新啟動計算機,檢查這幾個文件是否存在,如果不存在,則病毒已被清除幹淨。
病毒名稱:MSN照片(Worm.IRC.MyPhoto.a)
病毒類型:蠕蟲病毒
病毒危害級別:★★★☆
病毒發作現象及危害:
該病毒會通過MSN發送內容為“HEY lol i've done a new photo album !
Second ill find file and send you it.”、“Hey wanna see my new photo album?”等內容的消息,同時附帶一個名為photo album.zip的壓縮文件。 screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654250.png');}" onmousewheel="return imgzoom(this);" alt="" />用戶運行該壓縮文件中的程序即會被病毒感染。病毒還會在用戶電腦裏釋放一個後門程序,黑客可以利用IRC軟件遠程控製中毒電腦,竊取個人資料,從而使用戶麵臨極大的安全威脅。
手工刪除:
一、刪除病毒的注冊表啟動項目
1、運行regedit,打開注冊表編輯器。打開HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
CurrentVersionShellServiceObjectDelayLoad,找到“rdshost”一項,將其值記錄下來,並將該項刪除。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654251.gif');}" onmousewheel="return imgzoom(this);" alt="" />注意:“rdshost”項的值為一個CLSID。病毒產生的這段CLSID不固定,本例中為:{C7B4EE78-A8FB-4C16-AE1F-C1A568949825}。
2、打開HKEY_CLASSES_ROOTCLSID,找到剛才記錄下的CLSID項,本例為:{C7B4EE78-A8FB-4C16-AE1F-C1A568949825},將其刪除。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654252.gif');}" onmousewheel="return imgzoom(this);" alt="" />二、重新啟動計算機
由於該病毒駐留內存,因此,清除掉啟動項目後必須重新啟動計算機才能夠刪除病毒文件。
三、刪除病毒文件
1、進入Windows,默認為C:windows,找到名為“photo album.zip”的文件並刪除。
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new windownCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://pfw.sky.net.cn/upimg/allimg/070329/1654253.gif');}" onmousewheel="return imgzoom(this);" alt="" />2、進入係統目錄,默認為C:windowssystem32,找到名為“rdshost.dll”文件並刪除(注意是DLL文件不是EXE)。
3、重新啟動計算機,檢查這幾個文件是否存在,如果不存在,則病毒已被清除幹淨。
選擇“Disable on www.wenxuecity.com”
選擇“don't run on pages on this domain”
