威金变种rundl132.exeRichDll.dll解决方法

该变种暂时还没被江民和卡巴查杀，并用了几个专杀就找到一个可查杀修复EXE文件！

病毒运行后，访问网络下载多个木马程序(f1.exe,f2.exe,f3.exe,f4.exe,f5.exe,f6.exe,f7.exe,f8.exe,f9.exe,f10.exe,f11.exe)并运行！生成以下病毒文件（感觉现在的病毒真是变态）：

C:DocumentsandSettings你的用户名LocalSettingsTempjts0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempmhso.exe

C:DocumentsandSettings你的用户名LocalSettingsTempmhso0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempmyso.exe

C:DocumentsandSettings你的用户名LocalSettingsTempmyso0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempqqs0.dll

C:DocumentsandSettings你的用户名LocalSettingsTemprxso.exe

C:DocumentsandSettings你的用户名LocalSettingsTemprxso0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempwgs0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempwls0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempwms0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempwos0.dll

C:DocumentsandSettings你的用户名LocalSettingsTempztso.exe

C:DocumentsandSettings你的用户名LocalSettingsTempztso0.dll

C:ProgramFilesInternetExplorerRUNDLL32.exe

C:ProgramFilesInternetExplorerSMSS.EXE

C:WINDOWSjts3.exe

C:WINDOWSqqs3.exe

C:WINDOWSRichDll.dll

C:WINDOWSuninstallrundl132.exe

C:WINDOWSwgs3.exe

C:WINDOWSwls3.exe

C:WINDOWSwms3.exe

C:WINDOWSwos3.exe

添加注册表项：

HKEY_LOCAL_MACHINESOFTWARESoftDownloadWWW

auto＝"1"

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

进程文件

load＝"C:windowsuninstallrundl132.exe"

wos3＝"C:windowswos3.exe"

ztsa＝"C:DOCUME~1你的用户名LOCALS~1Tempztso.exe"

rxsa＝"C:DOCUME~1你的用户名LOCALS~1Temprxso.exe"

mhsa＝"C:DOCUME~1你的用户名LOCALS~1Tempmhso.exe"

wls3＝"C:windowswls3.exe"

mysa＝"C:DOCUME~1adminLOCALS~1Tempmyso.exe"

wgs3＝"C:windowswgs3.exe"

wms3＝"C:windowswms3.exe"

jts3＝"C:windowsjts3.exe"

qqs3＝"C:windowsqqs3.exe"

并感染除系统文件外所有的.exe文件，大小为：72418字节！