注册 登录  
 加关注
查看详情
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

小崔讲课

有舍有得,谓之舍得

 
 
 

日志

 
 

如何手工删除host.exe和Xcopy.exe病毒  

2008-07-01 08:08:46|  分类: 电脑常识 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

     方法一::

1、   开机按F8进入安全模式。打开我的电脑,工具,文件夹选项,查看:“隐藏保护的系统文件”勾去掉,再选中“显示所有文件和文件夹”。

2、打开任务管理器,中止“temp1.exe”,“temp2.exe”进程

3、删除c:/windows/下面的xcopy.exe,svshost.exe

4、删除c:/windows/system32 下面的temp1.exe temp2.exe

5、删除每个磁盘根目录下面的autorun.ini copy.exe host.exe 这三个文件

 

方法二:

taskkill /f /im temp1.exe /im temp2.exe

if exist c:\autorun.inf attrib c:\autorun.inf -a -r -s -h

if exist d:\autorun.inf attrib d:\autorun.inf -a -r -s -h

if exist e:\autorun.inf attrib e:\autorun.inf -a -r -s -h

if exist f:\autorun.inf attrib f:\autorun.inf -a -r -s -h

if exist g:\autorun.inf attrib g:\autorun.inf -a -r -s -h

if exist h:\autorun.inf attrib h:\autorun.inf -a -r -s -h

if exist i:\autorun.inf attrib i:\autorun.inf -a -r -s -h

if exist c:\copy.exe attrib c:\copy.exe -a -r -s -h

if exist d:\copy.exe attrib d:\copy.exe -a -r -s -h

if exist e:\copy.exe attrib e:\copy.exe -a -r -s -h

if exist f:\copy.exe attrib f:\copy.exe -a -r -s -h

if exist g:\copy.exe attrib g:\copy.exe -a -r -s -h

if exist h:\copy.exe attrib h:\copy.exe -a -r -s -h

if exist i:\copy.exe attrib i:\copy.exe -a -r -s -h

if exist c:\host.exe attrib c:\host.exe -a -r -s -h

if exist d:\host.exe attrib d:\host.exe -a -r -s -h

if exist e:\host.exe attrib e:\host.exe -a -r -s -h

if exist f:\host.exe attrib f:\host.exe -a -r -s -h

if exist g:\host.exe attrib g:\host.exe -a -r -s -h

if exist h:\host.exe attrib h:\host.exe -a -r -s -h

if exist i:\host.exe attrib i:\host.exe -a -r -s -h

if exist %systemroot%\system32\temp1.exe attrib %systemroot%\system32\temp1.exe -a -r -s -h

if exist %systemroot%\system32\temp2.exe attrib %systemroot%\system32\temp2.exe -a -r -s -h

if exist %systemroot%\xcopy.exe attrib %systemroot%\xcopy.exe -a -r -s -h

if exist %systemroot%\system32\svshost.exe attrib %systemroot%\system32\svshost.exe -a -r -s -h

f exist c:\copy.exe del c:\copy.exe

if exist d:\copy.exe del d:\copy.exe

if exist e:\copy.exe del e:\copy.exe

if exist f:\copy.exe del f:\copy.exe

if exist g:\copy.exe del g:\copy.exe

if exist h:\copy.exe del h:\copy.exe

if exist i:\copy.exe del i:\copy.exe

if exist c:\host.exe del c:\host.exe

if exist d:\host.exe del d:\host.exe

if exist e:\host.exe del e:\host.exe

if exist f:\host.exe del f:\host.exe

if exist g:\host.exe del g:\host.exe

if exist h:\host.exe del h:\host.exe

if exist i:\host.exe del i:\host.exe

if exist c:\autorun.inf del c:\autorun.inf

if exist d:\autorun.inf del d:\autorun.inf

if exist e:\autorun.inf del e:\autorun.inf

if exist f:\autorun.inf del f:\autorun.inf

if exist g:\autorun.inf del g:\autorun.inf

if exist h:\autorun.inf del h:\autorun.inf

if exist i:\autorun.inf del i:\autorun.inf

if exist %systemroot%\system32\temp1.exe del /f /s /q %systemroot%\system32\temp1.exe

if exist %systemroot%\system32\temp2.exe del /f /s /q %systemroot%\system32\temp2.exe

if exist %systemroot%\xcopy.exe del %systemroot%\xcopy.exe

if exist %systemroot%\svshost.exe del %systemroot%\svshost.exe

把上面的东西保存在del的文本文件里,把扩展名改成bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]

"Text"="@shell32.dll,-30499"

"Type"="group"

"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\

00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\

48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\

00

"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]

"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"

"Text"="@shell32.dll,-30501"

"Type"="radio"

"CheckedValue"=dword:00000002

"ValueName"="Hidden"

"DefaultValue"=dword:00000002

"HKeyRoot"=dword:80000001

"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]

"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"

"Text"="@shell32.dll,-30500"

"Type"="radio"

"CheckedValue"=dword:00000001

"ValueName"="Hidden"

"DefaultValue"=dword:00000002

"HKeyRoot"=dword:80000001

"HelpID"="shell.hlp#51105"

把上面的东西保存成hidden.reg

然后运行就好了

  评论这张
 
阅读(1442)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018