|
80. ShadowPhyre v2.12.38 - 2.X 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:WinZipp = "C:WINDOWSSYSTEMWinZipp.exe /nomsg" 或者WinZip =
"C:WINDOWSSYSTEMWinZip.exe /nomsg" 關(guān)閉保存Regedit,重新啟動(dòng)Windows 刪除C:WINDOWS
WinZipp.exe或者C:WINDOWS WinZip.exe OK
81. Share All 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionNetworkLanMan
這里你將看到所有被木馬共享出來(lái)的你的硬盤(pán)符號(hào),把它們一個(gè)個(gè)刪除掉。
82. ShitHeap 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
刪除右邊的項(xiàng)目:recycle-bin = "c:windowssystem ecycle-bin.exe" 或者recycle-bin =
"c:windowssystem.exe" 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除c:windowssystem ecycle-bin.exe或者c:windowssystem.exe OK
83. Snid v1 - 2 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:System-tray = 'c:windows emp$01.exe' 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除c:windows emp$01.exe OK
84. Softwarst 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 刪除右邊的項(xiàng)目:NetApp
= C:windowssystemwinserv.exe 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除C:windowssystemwinserv.exe OK
85. Spirit 2000 Beta - v1.2 (fixed) 清除木馬v Beta版本: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:internet = "c:windows etip.exe " 關(guān)閉保存Regedit 打開(kāi)win.ini文件
查找到run=c:windows etip.exe 更改為:run= 關(guān)閉保存win.ini,重新啟動(dòng)Windows
刪除c:windows etip.exe和c:windows etip.exe OK
清除木馬v 1.2版本: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:SystemTray = "c:windowswindown.exe " 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除c:windowswindown.exe OK
清除木馬v 1.2(fixed)版本: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 刪除右邊的項(xiàng)目:Server
1.2.exe = "c:windowsserver 1.2.exe" 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除c:windowsserver 1.2.exe OK
86. Stealth v2.0 - 2.16 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:Winprotect System = "C:WINDOWSwinprotecte.exe 關(guān)閉保存Regedit,重新啟動(dòng)Windows 刪除C:WINDOWSwinprotecte.exe OK
87. SubSeven - Introduction 清除木馬v1.0 - 1.1: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:SystemTrayIcon = "C:WINDOWSSysTrayIcon.Exe" 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除C:WINDOWSSysTrayIcon.Exe OK
清除木馬v1.3 - 1.4 - 1.5: 打開(kāi)win.ini文件 查找到run=nodll 更改為run= 關(guān)閉保存win.ini,重新啟動(dòng)Windows 刪除c:windows odll.exe OK
清除木馬v1.6: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:SystemTray = "SysTray.Exe" 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除C:windowssystray.exe OK
清除木馬v1.7: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
查找到右邊的項(xiàng)目:C:windowskernel16.dl,并刪除 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除C:windowskernel16.dl OK
清除木馬v1.8: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun和
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
查找到右邊的項(xiàng)目:c:windowssystem.ini.,并刪除 關(guān)閉保存Regedit。 打開(kāi)win.ini文件 查找到run= kernel16.dl
更改為run= 關(guān)閉保存win.ini。 打開(kāi)system.ini文件 查找到shell=explorer.exe kernel32.dl
更改為shell=explorer.exe 關(guān)閉保存system.ini,重新啟動(dòng)Windows 刪除C:windowskernel16.dl OK
清除木馬v1.9 - 1.9b: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun和
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
刪除右邊的項(xiàng)目:RegistryScan = "rundll16.exe" 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除C:windows undll16.exe OK
清除木馬v2.0: 打開(kāi)system.ini文件 查找到shell=explorer.exe trojanname.exe
更改為shell=explorer.exe 關(guān)閉保存system.ini,重新啟動(dòng)Windows 刪除c:windows undll16.exe OK
清除木馬v2.1 - 2.1 Gold + SubStealth- 2.1.3 Mod + 2.1.3 MUIE + 2.1 Bonus:
打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun和
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
刪除右邊的項(xiàng)目:WinLoader = MSREXE.EXE hkey_classes_rootexefileshellopencommand
將右邊的項(xiàng)目更改為:@=""%1" %*" 關(guān)閉保存Regedit。 打開(kāi)win.ini文件 查找到run=msrexe.exe和
load=msrexe.exe 更改為run= load= 關(guān)閉保存win.ini。 打開(kāi)system.ini文件 查找到shell=explore.exe
msrexe.exe 更改為shell=explorer.exe 關(guān)閉保存system.ini,重新啟動(dòng)Windows 刪除C:windows
msrexe.exe C:windowssystemsystray.dll OK
清除木馬v2.2b1: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun和 刪除右邊的項(xiàng)目:加載器 =
"c:windowssystem***" 注:加載器和文件名是隨意改變的 關(guān)閉保存Regedit。 打開(kāi)win.ini文件 更改為run=
關(guān)閉保存win.ini。 打開(kāi)system.ini文件 更改為shell=explorer.exe 關(guān)閉保存system.ini,重新啟動(dòng)Windows
刪除相對(duì)應(yīng)的木馬程序 OK
88. Telecommando 1.54 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:SystemApp="ODBC.EXE" 關(guān)閉保存Regedit,重新啟動(dòng)Windows 刪除C:windowssystem
ODBC.EXE OK --
89. The Unexplained 清除木馬的步驟: 打開(kāi)注冊(cè)表Regedit 點(diǎn)擊目錄至:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
刪除右邊的項(xiàng)目:InetB00st = "C:WINDOWSTEMPINETB00ST.EXE" 關(guān)閉保存Regedit,重新啟動(dòng)Windows
刪除C:WINDOWSTEMPINETB00ST.EXE OK |
|