很简单,先进安全模式,进注册表直接删除; 想简单点就用 冰刃 直接解除HOOK ,再删除病毒文件就行了
传播途径:QQ网络传播,恶意网页,其他病毒传播。
最近频繁发作,中毒者若再次上QQ,盗你没商量。
病毒采用动态进程名,生成文件名可能不同
==============================================
在当前系统区创建文件:
C:\ADSAL.EXE
C:\WINDOWS\Help\ADSAL.CHM
C:\WINDOWS\system32\verclsid.exe
C:\Program Files\Common Files\SYSTEM\adsal.dll
C:\Program Files\Common Files\SYSTEM\adsal.dat
X:\AUTORUN.INF
C:\Documents and Settings\用户名\「开始」菜单\程序\启动\129015.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\129015.exe
注册表创建:
CLSID\{D18E336D-8C58-0615-8133-E6B60112AA06}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{D18E336D-8C58-0615-8133-E6B60112AA06}
Software\Microsoft\Installer\Products\FD81FABA512C494448F1E4AA647C611B
==============================================
删除以下ShellExecuteHooks:
{32CD708B-60A7-4C00-9377-D73EAA495F0F} WINDOWS\system32\RavExt.dll
{42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} KV2006\KVBHO.dll
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} KV2004\KvShell.dll
{B5A34A93-D538-43A7-8371-864CB6148D12} KV2006\KvShell.dll
{55302805-482E-470E-8A57-6795A1487F90} KAV2007\KAVAFish.DLL
==============================================
检查以下注册表(难道互斥,附上了此前的病毒文件目录及文件名)
{08315C1A-9BA9-4B7C-A432-26885F78DF28} Program Files\Common Files\Microsoft Shared\MSINFO\rejoi.vxd
{02315C1A-9BA9-4B7C-A432-29995F78DF28} Program Files\Internet Explorer\Connection Wizard\xiaran.vxd
{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB} Program Files\Internet Explorer\PLUGINS\new123.sys
{18B07788-52BE-48FC-A0B7-4823C449323B} WINDOWS\inf\mutou328.dll
{79BB2EA7-2ADB-4CB4-AF95-373AD4993F00} Program Files\Common Files\Microsoft Shared\MSINFO\MSIOFF0.SYS
{08315C1A-9BA9-4B7C-A432-26885F78DF29} Program Files\Common Files\Microsoft Shared\MSINFO\winrar.lmz
{25E1EECB-E580-4032-97A2-A456D33820D1} Program Files\Outlook Express\mqq.dll
{471E7641-6365-43FE-8464-37DEF8335FB0} WINDOWS\system32\qqdll.dll
{08315C1A-9BA9-4B7C-A432-26885F7QQDSQ} Program Files\Common Files\Microsoft Shared\MSINFO\qqdsq.lmz
{08315C1A-9BA9-4B7C-A432-26885F3QQDSQ} Program Files\Common Files\Microsoft Shared\MSINFO\qqdsq2.lmz
==============================================
删除以下启动项:
SoftWare\Microsoft\Windows\CurrentVersion\Run KWatch9x
SoftWare\Microsoft\Windows\CurrentVersion\RunServices
==============================================
创建/修改以下程序:
KvNative.bak \KvNative.exe
UpdateX.bak \UpdateX.dll
KvfwUtl.bak \KvfwUtl.dll
RsGuiLib.bak \RsGuiLib.dll
KAConfig.bak \KAConfig.DLL
rpt.bak \rpt.dll
unins000.bak \unins000.dll
shutil.bak \shutil.dll
npkcrypt.bak \npkcrypt.sys
==============================================
处理建议:
1、终止explorer.exe & ADSAL.EXE
2、改ShellExecuteHooks的相关文件名
3、删除注册表中的ShellExecuteHooks相关项目
4、(重启动)删除相关病毒文件
5、恢复安全软件设置,QQ程序文件、其他修改过的程序文件(有些被修改过的程序建议重新下载后安装)
标签:ShellExecuteHooks,解决办法,最好
