最近电脑中了logo1_.exe文件
先运行下面的这个文件
复制代码 代码如下:
@echooff
ifexist%windir%rundl132.exeecho发现威金!
pause
taskkill/f/imrundl132.exe
taskkill/f/imlogo_1.exe
taskkill/f/imlogo1_.exe
taskkill/f/imRavmon.exe
taskkill/f/imEghost.exe
taskkill/f/imMailmon.exe
taskkill/f/imKAVPFW.EXE
taskkill/f/imIPARMOR.EXE
taskkill/f/imRavmond.exe
taskkill/f/im0sy.exe
taskkill/f/im1sy.exe
taskkill/f/im2sy.exe
taskkill/f/im3sy.exe
taskkill/f/im4sy.exe
taskkill/f/im5sy.exe
taskkill/f/im6sy.exe
taskkill/f/im7sy.exe
taskkill/f/im8sy.exe
taskkill/f/im9sy.exe
taskkill/f/im10sy.exe
taskkill/f/im11sy.exe
taskkill/f/im12sy.exe
taskkill/f/im13sy.exe
taskkill/f/im15sy.exe
taskkill/f/im25sy.exe
::以上为结束病毒进程.
attrib%windir%Logo1_.exe-s-r-h
attrib%windir%rundl132.exe-s-r-h
attrib%windir%Sy.exe-s-r-h
attrib%windir%vDll.dll-s-r-h
attrib%windir%1Sy.exe-s-r-h
attrib%windir%2Sy.exe-s-r-h
attrib%windir%rundll32.exe-s-r-h
attrib%windir%3Sy.exe-s-r-h
attrib%windir%5Sy.exe-s-r-h
attrib%windir%1.com-s-r-h
attrib%windir%exerouter.exe-s-r-h
attrib%windir%EXP10RER.com-s-r-h
attrib%windir%finders.com-s-r-h
attrib%windir%Shell.sys-s-r-h
attrib%windir%kill.exe-s-r-h
attrib%windir%sws.dll-s-r-h
attrib%windir%sws32.dll-s-r-h
attrib%windir%uninstallrundl132.exe-s-r-h
attribc:windowsSVCHOST.exe-s-r-h
attribc:windowsWINLOGON.exe-s-r-h
attribc:windowsRUNDLL32.EXE-s-r-h
attribC:"ProgramFiles"svchost.exe-s-r-h
attribC:"ProgramFiles""InternetExplorer"svchost.exe-s-r-h
attrib%windir%Downloadsvchost.exe-s-r-h
attrib%windir%system32wldll.dll-s-r-h
attribc:windowssystem32Microsoftsvchost.exe-s-r-h
del/f/s/q/a%systemdrive%rundl132.exe
del/f/s/q/a%systemdrive%rundll32.exe
del/f/s/q/a%systemdrive%Dll.dll
del/f/s/q/a%systemdrive%vdll.dll
del/f/s/q/a%systemdrive%logo_1.exe
del/f/s/q/a%systemdrive%Logo1_.exe
del/f/s/q/a%systemdrive%Logo1.exe
del/f/s/q/a%systemdrive%?sy.exe
del/f/s/q/a%windir%Logo1_.exe
del/f/s/q/a%windir%rundl132.exe
del/f/s/q/a%windir%Sy.exe
del/f/s/q/a%windir%vDll.dll
del/f/s/q/a%windir%1Sy.exe
del/f/s/q/a%windir%2Sy.exe
del/f/s/q/a%windir%rundll32.exe
del/f/s/q/a%windir%3Sy.exe
del/f/s/q/a%windir%5Sy.exe
del/f/s/q/a%windir%1.com
del/f/s/q/a%windir%exerouter.exe
del/f/s/q/a%windir%EXP10RER.com
del/f/s/q/a%windir%finders.com
del/f/s/q/a%windir%Shell.sys
del/f/s/q/a%windir%kill.exe
del/f/s/q/a%windir%sws.dll
del/f/s/q/a%windir%sws32.dll
del/f/s/q/a%windir%uninstallrundl132.exe
del/f/s/q/ac:windowsSVCHOST.exe
del/f/s/q/ac:windowsWINLOGON.exe
del/f/s/q/ac:windowsRUNDLL32.EXE
del/f/s/q/aC:"ProgramFiles"svchost.exe
del/f/s/q/aC:"ProgramFiles""InternetExplorer"svchost.exe
del/f/s/q/ac:windowsDownloadsvchost.exe
del/f/s/q/ac:windowssystem32Microsoftsvchost.exe
del/f/s/q/ac:windowssystem32wldll.dll
del/f/s/q/ac:_desktop.ini
del/f/s/q/ad:_desktop.ini
del/f/s/q/ae:_desktop.ini
del/f/s/q/af:_desktop.ini
::以上为删除病毒相关文件.
netsharec$/del
netshared$/del
netsharee$/del
netsharef$/del
netshareadmin$/del
netshareipc$/del
pause
taskkill/f/imconime.exe
exit
提供的文件包括,执行顺序KillLogo1.bat Logo1免疫补丁.bat 禁止运行logo1.exe病毒.reg
下载此文件
最主要的:
这个木马讨厌的地方就是,就算重做系统,该病毒仍然存在,它会把硬盘里的所有exe文件都进行和病毒体文件合并成一个文件,当你运行其它可执行文件的时候,它也会运行.所以当你看到你的原来的文件图标变的时候,那就说明你中招了, 不过,只要望下看,你就可以轻松的解决
升级你的杀毒软件到最近版本,可以清楚这个文件的东西,我用的是瑞星更新到12.1
1、操作系统的安全模式的方法:系统启动时按F8键,进入安全模式,因为进入安全模式可以加载最少的进程,也有效防止病毒的运行,
2、后启动你的杀毒软件,进行查杀,如果你的硬盘里的exe可执行文件比较多的话,会很慢,不过没办法,就得那么痛苦.