|
| [原创]盗Q木马 NTdhcp.exe 解决方法 |
| 作者 myljty 查看 1453 发表时间 2006/12/2 19:21 【论坛浏览】 |
|
该木马比较老了,比较好解决的,就是恢复它破坏的信息比较麻烦一点罢了~yauguuhdm 木马运行后生成:yauguuhdm C:\WINDOWS\system32\NTdhcp.exe (记事本图标、隐藏、系统文件)yauguuhdm yauguuhdm yauguuhdm 禁用以下服务:yauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgryauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ccProxyyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ccSetMgryauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireSvcyauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvcyauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KPfwSvcyauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KVSrvXPyauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KVWSCyauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KWatchSvcyauguuhdm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeFrameworkyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McShieldyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McTaskManageryauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MskServiceyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\navapsvcyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NPFMntoryauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RfwServiceyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RsCCenteryauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RsRavMonyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNDSrvcyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPBBCSvcyauguuhdm HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Symantec Core LCyauguuhdm yauguuhdm yauguuhdm 重命名QQ目录下的“npkcrypt.sys”为“npkcrypt.bak”达到禁用QQ键盘保护的功能yauguuhdm yauguuhdm yauguuhdm 手工清除方法:yauguuhdm 1.打开任务管理器,结束NTdhcp.exe进程yauguuhdm 2.删除病毒文件C:\WINDOWS\system32\NTdhcp.exeyauguuhdm 3.启动自己反病毒的服务yauguuhdm 4.把QQ目录下的“npkcrypt.bak”重命为“npkcrypt.sys”yauguuhdm yauguuhdm yauguuhdm OK此病毒算完整清除完毕yauguuhdm yauguuhdm |
| 序号 | 评论者 | 共有评论 0 【论坛浏览】 【发表评论】 | 评论时间 |
| 当前无任何评论,或评论已被禁止显示 | |||
共有评论数 0 每页显示 10
|
|||
