Simone解决fun.xls.exe病毒的高手来
的有关信息介绍如下:
fun.xle.exe是一种叫做U盘病毒tel.xls.exe的变种,会在电脑里注入文件,这个病毒目前应该有四个变种.用记事本打开AUTORUN是如下代码:[AutoRun] open=fun.xls.exe shellexecute=fun.xls.exe shell\Auto\command=fun.xls.exe shell=Auto [VVflagRun] aabb=kdkfjdkfk1系统症状每次双击盘符出现一个新窗口鼠标右键点盘符出现"Auto"字样无法显示隐藏文件样本分析注册表中添加HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[IMJPMIG8.2]msime82.exe{0x00}{0x00}{0x00}.HKCU\Software\Microsoft\Windows\CurrentVersion\Run[MsServer]msfun80.exe{0x00}{0x00}{0x00}.修改注册表HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL[CheckedValue] 被清空..释放文件C:\Documents and Settings\mopery\Local Settings\Temp\~DFA4C3.tmpC:\Documents and Settings\mopery\Local Settings\Temp\~DFC86B.tmpC:\WINDOWS\system32\algsrvs.exeC:\WINDOWS\system32\msfun80.exeC:\WINDOWS\system32\msime82.exeC:\WINDOWS\ufdata2000.log每个盘符下释放AUTORUN.INFfun.xls.exeAUTORUN.INF文件内容[AutoRun]open=fun.xls.exeshellexecute=fun.xls.exeshell\Auto\command=fun.xls.exeshell=Auto[VVflagRun]aabb=kdkfjdkfk1autorun.inf fun.xls.exe的批文件清除方法将下面这段代码保存为sha.bat (保存类型要在显示后缀名情况下才能修改!在窗口-工具-文件夹-查看-高级设置-隐藏已知文件类型的扩展名(勾去掉))双击即可@echo offtitle autorun专杀工具color 9Aecho 欢迎使用autorun专杀工具!echo ------------------------echo 如果你的光驱中有光盘请先弹出然后继续!:necho 您要继续吗?输入y整机杀毒开始,输入u只杀u盘,输入n退出!:retryset /p c=请输入您的选择(y/u/n):if "%c%"=="y" goto sif "%c%"=="u" goto bif "%c%"=="n" goto tgoto retry:bset /p a=请输入你要查杀的盘符(e f g...):if "%a%"=="e" goto eif "%a%"=="f" goto fif "%a%"=="g" goto gif "%a%"=="h" goto hif "%a%"=="i" goto iif "%a%"=="j" goto jif "%a%"=="k" goto kif "%a%"=="l" goto lecho 输入错误!请重新输入!&&goto b:staskkill /im explorer.exe /ftaskkill /im wscript.exe /ftaskkill /im algsrvs.exe /fstart reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v IMJPMIG8.2 /fstart reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsServer /fstart reg DELETE HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /fstart reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXplorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /fstart reg add HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /fstart reg import kill.regattrib c:\fun.xls.exe -h -r -a -sattrib c:\autorun.* -h -r -a -sdel c:\autorun.* c:fun.xls.exe /fattrib %SYSTEMROOT%\system32\fun.xls.exe -h -r -a -sattrib %SYSTEMROOT%\system32\autorun.* -h -r -a -sdel %SYSTEMROOT%\system32\autorun.* %SYSTEMROOT%\system32\msime82.exe %SYSTEMROOT%\system32\algsrvs.exe %SYSTEMROOT%\system32\fun.xls.exe %SYSTEMROOT%\system32\msfun80.exe /fdel %temp%\~DF8785.tmp %temp%\~DFD1D6.tmp %temp%\~DFA4C3 %temp%\~DFC86B.tmp /f /q /asdel %systemroot%\ufdata2000.log /fattrib d:\fun.xls.exe -h -r -a -sattrib d:\autorun.* -h -r -a -sdel d:\autorun.* d:\fun.xls.exe /fattrib e:\fun.xls.exe -h -r -a -sattrib e:\autorun.* -h -r -a -sdel e:\autorun.* e:\fun.xls.exe /fattrib f:\fun.xls.exe -h -r -a -sattrib f:\autorun.* -h -r -a -sdel f:\autorun.* f:\fun.xls.exe /fattrib g:\fun.xls.exe -h -r -a -sattrib g:\autorun.* -h -r -a -sdel g:\autorun.* g:\fun.xls.exe /fattrib h:\fun.xls.exe -h -r -a -sattrib h:\autorun.* -h -r -a -sdel h:\autorun.* h:\fun.xls.exe /fattrib i:\fun.xls.exe -h -r -a -sattrib i:\autorun.* -h -r -a -sdel i:\autorun.* i:\fun.xls.exe /fattrib j:\fun.xls.exe -h -r -a -sattrib j:\autorun.* -h -r -a -sdel j:\autorun.* j:\fun.xls.exe /fattrib k:\fun.xls.exe -h -r -a -sattrib k:\autorun.* -h -r -a -sdel k:\autorun.* k:\fun.xls.exe /fattrib l:\fun.xls.exe -h -r -a -sattrib l:\autorun.* -h -r -a -sdel l:\autorun.* l:\fun.xls.exe /fstart explorer.execlsif exist c:\autorun.reg echo 病毒没有清除!&&goto nif exist c:\fun.xls.exe echo 病毒没有清除!&&goto necho 杀毒成功!set /p d=现在重新启动系统确定吗?(y/n):if "%d%"=="y" shutdown -r -t 0exitif "%d%"=="n"echo 按任意键退出。pauseexit:techo 多谢您的支持!按任意键退出。pauseexit:eattrib e:\fun.xls.exe -h -r -a -sattrib e:\autorun.* -h -r -a -sclsif not exist e:\autorun.* echo 您的u盘没有病毒!&&goto tdel e:\autorun.* e:\fun.xls.exe /fclsif exist e:\autorun.reg echo 病毒没有清除!&&goto nif exist e:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:fattrib f:\fun.xls.exe -h -r -a -sattrib f:\autorun.* -h -r -a -sclsif not exist f:\autorun.* echo 您的u盘没有病毒!&&goto tdel f:\autorun.* f:\fun.xls.exe /fclsif exist f:\autorun.reg echo 病毒没有清除!&&goto nif exist f:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:hattrib h:\fun.xls.exe -h -r -a -sattrib h:\autorun.* -h -r -a -sclsif not exist h:\autorun.* echo 您的u盘没有病毒!&&goto tdel h:\autorun.* h:\fun.xls.exe /fclsif exist h:\autorun.reg echo 病毒没有清除!&&goto nif exist h:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:iattrib i:\fun.xls.exe -h -r -a -sattrib i:\autorun.* -h -r -a -sclsif not exist i:\autorun.* echo 您的u盘没有病毒!&&goto tdel i:\autorun.* i:\fun.xls.exe /fclsif exist i:\autorun.reg echo 病毒没有清除!&&goto nif exist i:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:jattrib j:\fun.xls.exe -h -r -a -sattrib j:\autorun.* -h -r -a -sclsif not exist j:\autorun.* echo 您的u盘没有病毒!&&goto tdel j:\autorun.* j:\fun.xls.exe /fclsif exist j:\autorun.reg echo 病毒没有清除!&&goto nif exist j:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:kattrib k:\fun.xls.exe -h -r -a -sattrib k:\autorun.* -h -r -a -sclsif not exist k:\autorun.* echo 您的u盘没有病毒!&&goto tdel k:\autorun.* k:\fun.xls.exe /fclsif exist k:\autorun.reg echo 病毒没有清除!&&goto nif exist k:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:lattrib l:\fun.xls.exe -h -r -a -sattrib l:\autorun.* -h -r -a -sclsif not exist l:\autorun.* echo 您的u盘没有病毒!&&goto tdel l:\autorun.* l:\fun.xls.exe /fclsif exist l:\autorun.reg echo 病毒没有清除!&&goto nif exist l:\fun.xls.exe echo 病毒没有清除!&&goto ngoto m:mclsecho 杀毒成功,请重新弹出后在插入您的u盘!按任意键退出。pauseexit
