 ¡m¤À¨É¡nn©RªºÀH¨ºÐ¯f¬rkavo.exe |       |
³o°}¤l¦ü¥G¤S¬y¦æ°_¤@ºØÀHµÛUSBÀH¨ºÐ´²§Gªº·s¯f¬r¡Ðkavo.exe¡C
¤¤¬r«á¡A¦³¤@Ó©úÅ㪺¯S¼x¡A¨º´N¬OµLªkÅã¥ÜÁôÂÃÀÉ¡I
¦Ó¥B§Y¨Ï¦b¸ê®Æ§¨¿ï¶µ¤¤¶}±Ò¡§Åã¥Ü©Ò¦³ÀɮשM¸ê®Æ§¨¡¨¿ï¶µ¤]¨S§@¥Î¡A°¨¤W´N·|³Q¯f¬rקï¦^¥h...
§óÂ÷ÃЪº¬O¡A§Y¨Ï«Äé§@·~¨t²Î¤§«á¡A°ÝÃD¤´µMµLªk¸Ñ¨M¡H
¤@¼ËµLªkÅã¥ÜÁôÂÃÀÉ¡H
«z¡I¡I¡I
¦³¨S¦³³o»ò¼F®`¡H
«Äé³£¨S¦³¥Î¡H¡H¡H
¨ä¹ê«Äé§@·~¨t²ÎªÖ©w¬O¦³¥Îªº¡C
¥u¤£¹L¤¤¬r«á¡A³o°¦¯f¬r·|¦b©Ò¦³ºÏºÐ¤À³Î°Ï¤¤¯d¤U¿ò¬r¤Îautorun.inf¾É¤ÞÀÉ¡C
¦Ó¤@¯ë¤H¾Þ§@¶}±ÒºÏºÐ¤À³Î°Ïªº¤èªk³£¬O¥´¶}¡§§Úªº¹q¸£¡¨¡AµM«á³sÂI¨â¤U±ý¶}±ÒªººÏºÐ¤À³Î°Ï¡C
¥¿¦n³o¼Ëªº¶}±Ò°Ê§@¡A¹q¸£·|¥ýcheck¸ÓºÏºÐ¤À³Î°Ï¬O§_¦³autorun.inf¡H
¦pªG¦³ªº¸Ü¡A·|¥ý°õ¦æautorun.inf¤¤ªº§å¦¸¤º®e¡C
ÁöµM»¡§@·~¨t²Î¦w¸ËºÐ(CºÐ)¡A«·s¦w¸Ë¹L«OÃÒ¨S¦³°ÝÃD¡C
¤£¹L¡A¨ä¥¦¤À³Î°Ï¨Ã¥¼«·s®æ¦¡¤Æ¡A©Ò¥H¤´Â´ݯd¦³¯f¬r¿ò¬r¡C
¦b¸g¹Lautorun.inf³o»ò©I¥s«á¡A¯f¬r¤S«·s¸ü¤J¨t²Î¤¤...
³o¤]¬O¬°¤°»ò«Ä餧«á¡AÁÙ¬O¨S¦³¥Î¡A¤´µMµLªkÅã¥ÜÁôÂÃÀɪº¥Dnì¦]¤F¡C
n¸Ñªk³oÓkavo.exe¯f¬rÁÙ¯u¬O¦³ÂI³Â·Ð¡C
ÁöµM§Ú̲M·¡ªºª¾¹D°ÝÃD®Ú¥»´N¦bautorun.inf³oÓÁôÂÃÀÉ¡A
¤£¹L¡A°ÝÃD¬O¥¦³QÁôÂÃÄÝ©Ê«OÅ@µÛ¡A¤@¯ë¨Ï¥ÎªÌÁÙ¬O¨S¦³¯à¤O¥h§R°£¬Ý¤£¨ìªº¥¦¡C
¶â¡A¼o¸Ü¤£¦h»¡¡A¥H¤U¶}©l»¡©ú¸Ñ¬rì²z¡C
1.«³]©Ò¦³ºÏºÐ¤¤autorun.infªºÀÉ®×ÄÝ©Ê¡A±NÁôÂÃÄݩʸѰ£¡AµM«á§R°£autorun.inf³oÓÀɮסC
2.§R°£ÁôÂ꺯f¬r¤À¨Ntdelect.com¡F¦P¼Ëªº¸Ñ°£¨äÁôÂÃÄݩʵM«á§R°£¡C
3.¦bµù¥U¾÷½X¤¤²M°£¯f¬r©Ò¼W¥[ªº¾÷½X¡AµM«á¦^´_³Q¯f¬r°±¥Îªº¡§Åã¥ÜÁôÂÃÀɮס¨ªº¥\¯à¡C
4.§R°£¯f¬r¥»ÅéC:\WINDOWS\system32\¥Ø¿ý¤Uªºkavo.exe¤Îkavo0.dll¡C
5.«¶}¾÷«á¡AÀ³¸Ó´N¯àÂ\²ækavo.exeªº«Â¯Ù¤F¡C
¥H¤Uµ{¦¡½X¬O¤Wz1¨ì4ÂI¸Ñ¬rì²zªº¹ê§@§å¦¸ÀÉ¡C
@echo off
cls
echo ²M°£¦UºÏºÐ¤Î¸ê·½¦^¦¬µ©¤ºªº¯f¬rÀɤÎautorun.inf
echo ¦pn¤¤Â_µ{§Ç¡A½Ð«öCtrl+C
echo .
pause
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
echo ²M°£%%aºÐ¤¤...
for %%b in (EXE COM PIF) do (
attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul
attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul
del %%a:\recycler\*.%%b /s /q /f >nul 2>nul
del %%a:\recycled\*.%%b /s /q /f >nul 2>nul
)
attrib -r -s -h -a /D /S %%a:\autorun.inf >nul 2>nul
attrib -r -s -h -a /D /S %%a:\ntdelect.com >nul 2>nul
del %%a:\autorun.inf /s /q /f >nul 2>nul
del %%a:\ntdelect.com /s /q /f >nul 2>nul
)
echo ²M°£¯f¬rªºµù¥U¾÷½X
@echo Windows Registry Editor Version 5.00 >c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\fix.reg
@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] >>c:\fix.reg
@echo "kava"=- >>c:\fix.reg
@echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] >>c:\fix.reg
@echo "{27E1C1B0-7117-4582-8565-682E569810D2}"=- >>c:\fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\fix.reg
@echo "CheckedValue"=dword:00000001 >>c:\fix.reg
regedit.exe /s c:\fix.reg
del c:\fix.reg >nul 2>nul
echo ²M°£kavo¬ÛÃö¯f¬rÀÉ
attrib -s -h -r %windir%\system32\kavo.exe >nul 2>nul
attrib -s -h -r %windir%\system32\kavo0.dll >nul 2>nul
del %windir%\system32\kav*.* >nul 2>nul
echo "²M°£§¹¦¨¡A½Ð«·s¶}¾÷¡C"
pause
±N³o¨Çµ{¦¡½X½Æ»s¤U¨Ó¡A¶K¦b°O¨Æ¥»³oÃþªº¯Â¤å¦r½s¿è¾¹¤¤¡AµM«á¥t¦s¬°°ÆÀɦW¬°batªº§å¦¸ÀÉ¡A
¦A¥H·Æ¹«³sÂI¨â¤U°õ¦æ¥¦¡A´N¥i¥Hµo´§¸Ñ¬r¥\®Ä¡C
¦pªGı±o³Â·Ðªº¸Ü¡A´N¥Î¶¶¤l¼g¦nªº§å¦¸Àɧa¡ã
¤U¸ü¥»¤å³Ì«áªºªþ¥[ÀÉ delkavo.zip ¡A¸ÑÁYÀ£«á°õ¦æ¥¦¤]¨ã¦³¦P¼Ë®ÄªG¡I
¶¶¤l«Øij±z¦b¸Ñ¬r®É¡A±NUSBÀH¨ºÐ¤@¨Ö±µ´¡¤W¡A¤~¯à³s¦PÀH¨ºÐ¤@°_¸Ñ¬r¡A¹ý©³¸Ñ¨M°ÝÃD¡I
¨ä¥¦¸É¥R- ¦pªG¦b¡§§Úªº¹q¸£¡¨¤¤ª½±µ¶}±ÒDºÐ´N·|¤¤¬rªº¸Ü¡A¨ºn¦p¦óÂsÄýDºÐ¤¤ªº¸ê®Æ©O¡H
¶¶¤l«Øij¥H¡§WindowsÀÉ®×Á`ºÞ¡¨¨ÓÀ˵øºÞ²zÀɮסC
³z¹L¡§ÀÉ®×Á`ºÞ¡¨¥ª°¼ªº¾ðª¬µ²ºc¤¤¨Ó¶}±Ò¤À³Î°Ï©Î¬O¥Ø¿ý¡A´N¤£·|¥h¦Û°Ê°õ¦æautorun.inf³oÃþÀɮסC
- ¦pªG¤£½T©w§O¤HªºÀH¨ºÐ¬O§_¦³¯f¬r¡A¥i¬O¤S¥²»ÝÀ˵øùرªº¸ê®Æ®É¡A¸Ó«ç»ò¿ì¡H
¤@¯ë¨Ó»¡¡A´¡¤JUSBÀH¨ºÐ«á¡Awindows§@·~¨t²Î·|¦Û°Ê±½´y¡AµM«á¦Û°Ê°õ¦æautorun.inf¡C
¨ä¤U³õ´N¬O¤¤¬r...
³o¤]¬O¬°¤°»òUSBÀH¨ºÐ³o»ò®e¶Ç¼½¯f¬rªºì¦]¡C
¹J¨ì³oºØ±¡ªp®É¡A½Ð«öµÛÁä½L¤Wªº¡§Shift¡¨Á䤣©ñ¡AµM«á¦A´¡¤JÀH¨ºÐ¡C
³o¼Ë²³æªº¤@Ӱʧ@´N¥i¥HÅýwindows²¤¹L¦Û°Ê°õ¦æªº¥\¯à¡C
(·íµM¡A³oÓ¥\¯à¹ï¥úºÐ¤]¦³®Ä¡ã)
- ¬JµMAutorun.inf³o»ò°Q¹½¡A¨º¦³¨S¦³¿ìªk³]©w¹q¸£¥H«á³£¤£n¥h°õ¦æ¥¦¡H
¿ìªk¬O¦³ªº¡A¤£¹L¦p¦¹³]©w«á¡A¥]¬A¥úºÐ¦b¤º¡A©Ò¦³µ{¦¡³£¤£·|¦Û°Ê°õ¦æ...
«Øij´«Ó¤è¦¡¡A¦b©Ò¦³ºÏºÐ¤À³Î°Ïªº®Ú¥Ø¿ý¤¤(¥]¬AÀH¨ºÐ)¡A³£¥[¤J¤@Ó¦W¬°autorun.infªº¸ê®Æ§¨¡C
³o¼Ë¤@Ó¸ê®Æ§¨¦s¦b«á¡A¯f¬r´NµLªk¦A¼W¥[¤@Ó¬Û¦P¦WºÙªºÀɮסA¦P®É¤]¤£·|¼vÅT¥úºÐªº¦Û°Ê°õ¦æµ{¦¡¡C
³oºØ¤è¦¡¦ü¥G²³æ¥i¦æ¦h¤F¡ã
♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
2007-09-08, 20:43
¡mª`·N¡nNtdelect.com«Y½¼¦Ì
