病毒特征：在每个盘根目录下自动生成sxs.exe,autorun.inf文件，有的还在windowssystem32下生成SVOHOST.exe或sxs.exe，文件属性为隐含属性。自动禁用杀毒软件。

sxs.exe病毒手动删除方法

Ctrl+Alt+Del任务管理器，在进程中查找sxs或SVOHOST（不是SVCHOST，相差一个字母），有的话就将它结束掉（并不是所有的系统都显示有这个进程，没有的就略过此步）。

显示隐藏文件，如果显示不了，则打开写字板将以下代码另存为“显示出被隐藏的系统文件.reg”文件，然后运行！

复制代码 代码如下:WindowsRegistryEditorVersion5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL]

"RegPath"="SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced"

"CheckedValue"=dword:00000001

(删除病毒自启动项)打开注册表运行——regedit

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run

下找到SVOHOST.exe或sxs.exe或SoundMam（注意不是soundman,只差一个字母）键值，可能有两个，删除其中的键值为C:WINDOWSsystem32SVOHOST.exe的项。

打开记事本将以下代码复制后另存为“橙色八月sxs专杀工具.bat”文件，然后运行！

复制代码 代码如下:

echo.

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

@echo::停止正在运行的SXS.EXE和SVOHOST.EXE进程，请稍侯......

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

TASKKILL/F/T/IMSXS.EXE

TASKKILL/F/T/IMSVOHOST.EXE

TASKKILL/F/T/IMROSE.EXE

color4F

color0C

color4F

color0C

color4F

color0C

echo.

echo.

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

@echo::恢复注册表中不给设置显示隐藏文件的项目,请稍侯

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ECHOWindowsRegistryEditorVersion5.00>SHOWALL.reg

ECHO[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL]>>SHOWALL.reg

ECHO"CheckedValue"=->>SHOWALL.reg

ECHO[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL]>>SHOWALL.reg

ECHO"CheckedValue"=dword:00000001>>SHOWALL.reg

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

@echo::删除系统目录下的SXS.EXE、SVOHOST.EXE和WINSCOK.DLL文件,请稍侯......

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ATTRIB-R-H-S-A%SystemRoot%System32SXS.EXE

ATTRIB-R-H-S-A%SystemRoot%System32SVOHOST.EXE

ATTRIB-R-H-S-A%SystemRoot%System32WINSCOK.DLL

DEL/F/Q/A-R-H-S-A%SystemRoot%System32SXS.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%System32SVOHOST.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%System32WINSCOK.DLL

ATTRIB-R-H-S-A%SystemRoot%SXS.EXE

ATTRIB-R-H-S-A%SystemRoot%SVOHOST.EXE

ATTRIB-R-H-S-A%SystemRoot%WINSCOK.DLL

DEL/F/Q/A-R-H-S-A%SystemRoot%SXS.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%SVOHOST.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%WINSCOK.DLL

ATTRIB-R-H-S-A%SystemRoot%SystemSXS.EXE

ATTRIB-R-H-S-A%SystemRoot%SystemSVOHOST.EXE

ATTRIB-R-H-S-A%SystemRoot%SystemWINSCOK.DLL

DEL/F/Q/A-R-H-S-A%SystemRoot%SystemSXS.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%SystemSVOHOST.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%SystemWINSCOK.DLL

ATTRIB-R-H-S-A%SystemRoot%System32dllcacheSXS.EXE

ATTRIB-R-H-S-A%SystemRoot%System32dllcacheSVOHOST.EXE

ATTRIB-R-H-S-A%SystemRoot%System32dllcacheWINSCOK.DLL

DEL/F/Q/A-R-H-S-A%SystemRoot%System32dllcacheSXS.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%System32dllcacheSVOHOST.EXE

DEL/F/Q/A-R-H-S-A%SystemRoot%System32dllcacheWINSCOK.DLL

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

@echo::删除每个分区下的SXS.EXE和AUTORUN.INF文件，请稍侯.......

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

FOR%%aIN(C:D:E:F:G:H:I:J:K:L:M:N:O:P:Q:R:S:T:U:V:W:X:Y:Z:)DOATTRIB-R-H-S-A%%aSXS.EXE&DEL/F/Q/A-R-H-S-A%%aSXS.EXE&ATTRIB-R-H-S-A%%aAUTORUN.INF&DEL/F/Q/A-R-H-S-A%%aAUTORUN.INF

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

@echo::删除注册表中自启动项，请稍侯......

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ECHOWindowsRegistryEditorVersion5.00>SoundMam.reg

ECHO[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunSoundMam]>>SoundMam.reg

ECHO[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]>>SoundMam.reg

ECHO"SoundMam"=->>SoundMam.reg

REGEDIT/SSoundMam.reg

DEL/F/QSoundMam.reg

REGEDIT/SSHOWALL.reg

DEL/F/QSHOWALL.reg

color3f

echo.

@echo病毒文件已清除!

echo.

echo.

echo.

@echo

@echo

@echo

@echo

@echo

@echo

@echo

echo.

@echo

echo.

@echo

echo.

@echo

echo.

@echo

echo.

echo.

echo.

echo.

pause

echo.

echo.

echo.

echo.

echo.

echo.

echo.

删除各盘病毒文件的BAT：

复制代码 代码如下:

cd

c:

attribsxs.exe-a-h-s

del/s/q/fsxs.exe

attribautorun.inf-a-h-s

del/s/q/fautorun.inf

D:

attribsxs.exe-a-h-s

del/s/q/fsxs.exe

attribautorun.inf-a-h-s

del/s/q/fautorun.inf

E:

attribsxs.exe-a-h-s

del/s/q/fsxs.exe

attribautorun.inf-a-h-s

del/s/q/fautorun.inf

F:

attribsxs.exe-a-h-s

del/s/q/fsxs.exe

attribautorun.inf-a-h-s

del/s/q/fautorun.inf

G:

attribsxs.exe-a-h-s

del/s/q/fsxs.exe

attribautorun.inf-a-h-s

del/s/q/fautorun.inf