Board logo

标题: 杀不掉的毒 急急急!!! [打印本页]
作者: 江山    时间: 2005-5-9 13:05     标题: 杀不掉的毒 急急急!!!

我的 电脑有 trljan/hosts.qhost 病毒怎么都杀不掉 有好的办法么
有朋友介绍改hosts文件 我试了不行啊 改完又变回来了
还有个 reper.a 是个优盘感染病毒也很烦 有知道怎么清除的吗  
作者: skyxhc    时间: 2005-5-9 13:22     标题: 杀不掉的毒 急急急!!!

你实在搞不定就下个木马克星吧,这有http://down.thysea.com
作者: 漫天樱舞    时间: 2005-5-9 16:12     标题: 杀不掉的毒 急急急!!!

[这个贴子最后由漫天樱舞在 2005/05/09 04:27pm 第 4 次编辑]

reper.a
会在个驱动器根目录下生成 reper.exe autorun.inf 等隐藏蠕虫文件,删除不了.
ctrl+ alt+ del 热键被锁,不能查看进程.
开机时执行viewer.exe 等病毒程序,无法去除.

用VBS运行就可杀除

L_Welcome_MsgBox_Message_Text    = "是否运行Reper专杀工具?"
L_Welcome_MsgBox_Title_Text      = "Damn Reper v1.2"
Call Welcome()
On error resume next
Set objfso = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("Wscript.Network")
set sysroot=objfso.getspecialfolder(0)
set sys32=objfso.getspecialfolder(1)
set coldrives = objfso.drives
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcessList1 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';reper.exe';")
For Each objProcess in colProcessList1
    objProcess.Terminate()
Next
Set colProcessList2 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';system.exe';")
For Each objProcess in colProcessList2
    objProcess.Terminate()
Next
Set colProcessList3 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';tsoner.exe';")
For Each objProcess in colProcessList3
    objProcess.Terminate()
Next
Set colProcessList4 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';viewer.exe';")
For Each objProcess in colProcessList4
    objProcess.Terminate()
Next
Set colProcessList5 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';N0TEPAD.EXE';")
For Each objProcess in colProcessList5
    objProcess.Terminate()
Next
Set colProcessList6 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';rund1l32.exe';")
For Each objProcess in colProcessList6
    objProcess.Terminate()
Next
Set colProcessList7 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';svchost.exe';")
For Each objProcess in colProcessList7
    objProcess.Terminate()
Next
Set colProcessList8 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';startup.pif';")
For Each objProcess in colProcessList8
    objProcess.Terminate()
Next
Set colProcessList9 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';login.pif';")
For Each objProcess in colProcessList9
    objProcess.Terminate()
Next
Set colProcessList0 = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = ';readme.scr';")
For Each objProcess in colProcessList0
    objProcess.Terminate()
Next
for each objdrive in coldrives
    letter = objdrive.DriveLetter
    If objDrive.IsReady = True Then
    objFSO.DeleteFile(letter&":\reper.exe")
    end if
next
for each objdrive in coldrives
    letter = objdrive.DriveLetter
    If objDrive.IsReady = True Then
    objFSO.DeleteFile(letter&":\system.exe")
    end if
next
for each objdrive in coldrives
    letter = objdrive.DriveLetter
    If objDrive.IsReady = True Then
    objFSO.DeleteFile(letter&":\autorun.inf")
    end if
next
objfso.deletefile("C:\Documents and Settings\All Users\「开始」菜单\程序\启动\startup.pif")
objfso.deletefile("C:\Documents and Settings\All Users\「开始」菜单\程序\启动\login.pif")
objfso.deletefile("C:\Documents and Settings\All Users\桌面\readme.scr")
objfso.DeleteFile(sysroot&"\viewer.exe")
objfso.DeleteFile(sysroot&"\svchost.exe")
objfso.deletefile(sys32&"\tsoner.exe")
objfso.deletefile(sys32&"\N0TEPAD.exe")
objfso.deletefile(sys32&"\rund1l32.exe")
objfso.deletefile("C:\autoexec.bat")
objfso.deletefile("C:\readme.txt")

strComputer = objNetwork.ComputerName
Set colAccounts = GetObject("WinNT://" & strComputer & "")
colAccounts.Filter = Array("user")
For Each objUser In colAccounts
        objFSO.DeleteFile("c:\Documents and Settings\"&objUser.Name&"\「开始」菜单\程序\启动\login.pif")
Next
For Each objUser In colAccounts
        objFSO.DeleteFile("C:\Documents and Settings\"&objUser.Name&"\桌面\desktop.bat")
Next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath1 = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
strStringValueName1 = "runreper"
strStringValueName2 = "RUNEXE"
strStringValueName3 = "Services"
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath1,strStringValueName1
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath1,strStringValueName2
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath1,strStringValueName3
const HKEY_CLASSES_ROOT = &H80000000
strKeyPath2 = "txtfile\shell\open\command"
strValueName = ""
strValue = "notepad.exe %1"
oReg.SetExpandedStringValue HKEY_CLASSES_ROOT,strKeyPath2,strValueName,strValue
L_Done_MsgBox_Message_Text    = "所有的Reper病毒都已清除!"
L_Done_MsgBox_Title_Text      = "Damn Reper v1.2"
Call Done()
L_Done_MsgBox_Message_Text    = "Copyright (C) 2004 Liontooth"
L_Done_MsgBox_Title_Text      = "Damn Reper v1.2"
Call Done()
Sub Welcome()
    Dim intWel
    intWel =  MsgBox(L_Welcome_MsgBox_Message_Text, _
                      vbOKCancel + vbQuestion,    _
                      L_Welcome_MsgBox_Title_Text )
    If intWel = vbCancel Then
        WScript.Quit
    End If
End Sub
Sub Done()
    Dim intDone
    intDone =  MsgBox(L_Done_MsgBox_Message_Text, _
                      vbOKOnly + vbExclamation,    _
                      L_Done_MsgBox_Title_Text )
End Sub
';------------code end---------------





欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/) Powered by Discuz! 7.2