教你自己动手清除file.exe病毒 - 网络安全

文件: file.exe
大小: 91655 字节
MD5: 16C19952EAF5D2FB117B03F1D697D8DD
SHA1: E0588E5B87D09AFB2033DEF29B78D22565D1E20E
CRC32: 47719D2F
释放文件：C:\Program Files\Common Files\System\svchost.exe
C:\Program Files\Common Files\System\sys_vd4.dat
2.注册表修改
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects\{C44Ad542-3B2E-ab42-32ba-a11651A36980}
注册表名称:[Key]

注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects\{C44Ad542-3B2E-ab42-32ba-a11651A36980}

注册表名称:[Key]
注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
注册表名称:Shell
更改后: explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
更改前:Explorer.exe

注册表路径:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG "Seed"
更改前: 2B, 77, 7A, 5D, A7, 96, 9A, 1B, C5, A0, DC, 02, 16, E7, 47, F9, 69, C3, D8, 58, 2A, 89, 21, C8, 60, 0E, 98, 3F, 36, 8B, 0F, 4D, 8E, 33, 2B, 13, 4F, 54, B9, 1F, 3F, 81, 32, EB, A5, A3, 5F, 9E, B5, 54, 56, 50, A3, 55, 42, 5A, 89, A2, 9C, FA, AF, 3F, 7A, 19, E3, A0, AF, A7, 62, 68, D9, 01, B5, A2, D8, 15, 58, 4E, 7F, 21
更改后: 7C, B2, 7F, 92, 3C, 55, 40, 13, FF, C7, 34, 73, 92, 3B, 74, FA, A3, 98, F3, 47, 59, 6D, 43, E3, 7E, 59, E5, 54, A0, 0F, D7, 7F, A8, C4, C2, 6B, 9F, C1, 34, 88, F1, 2A, 65, 47, 7D, E7, 1C, 01, 4A, 80, 2C, 1D, 06, 19, 64, 3F, E3, 0D, 1E, 3A, C5, BB, 9F, 42, 41, 4D, 29, 84, 6F, 7A, 91, C9, C6, A2, 81, C6, DA, B1, 36, DB
3访问网络

进程：
路径： C:\Documents and Settings\user\桌面\file.exe
PID: 1132

网络信息：
   IP 地址： 193.111.244.21
   信任的区域：是
   协议： TCP

您查询的IP：193.111.244.21 来自：芬兰

解决：

删除C:\Program Files\Common Files\System\svchost.exe
C:\Program Files\Common Files\System\sys_vd4.dat
删除注册表中(开始菜单－运行－输入“regedit”进入注册表依次找到说明选项并按提示操作)：HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C44Ad542-3B2E-ab42-32ba-a11651A36980}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C44Ad542-3B2E-ab42-32ba-a11651A36980}

将HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
值修改为:Explorer.exe