|
|
<BR><FONT color=#000000 size=2>PegeFile.pif病毒解决办法详细步骤:<BR> </FONT><FONT color=#000000 size=2> 一:1.到down.45it.com下载费尔木马强制删除器工具.zip,解压缩打开PowerRmv.exe,在文件名处<FONT color=#ff0000>依次</FONT>输入
<P>
<TABLE borderColor=#cccccc cellSpacing=0 cellPadding=3 width=500 align=center bgColor=#ffffff border=2 heihgt="">
<TBODY>
<TR>
<TD> <FONT color=#3366ff>C:\Program Files\Internet Explorer\PLUGINS\</FONT><STRONG><FONT color=#ff6600>NewTemp.bak</FONT></STRONG><BR><FONT color=#3366ff>C:\Program Files\Internet Explorer\PLUGINS\</FONT><STRONG><FONT color=#ff6600>NewTemp.dll</STRONG></FONT><BR>以及所有分区下的<FONT color=#ff6600><STRONG>PegeFile.pif</STRONG>和<STRONG>autorun.inf文件</STRONG></FONT></TD></TR></TBODY></TABLE></P>
<P>,并勾选"抑制文件再次生成"最后点击清除来删除该文件。</P>
<P> 二:ctrl+alt+del打开任务管理器,结束explorer.exe 进程然后删除以下文件(参考步骤一)</P>
<P>
<TABLE borderColor=#cccccc cellSpacing=0 cellPadding=3 width=500 align=center bgColor=#ffffff border=2 heihgt="">
<TBODY>
<TR>
<TD> <FONT color=#000000 size=1>C:\DOCUME~1\TestUser\LOCALS~1\Temp\2.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\1.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\mhso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\mhso0.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\3.exe<BR>C:\WINDOWS\system32\ztinetzt.exe<BR>C:\WINDOWS\system32\ztinetzt.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\4.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\rxso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\rxso0.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\5.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\6.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\qjso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\qjso0.dll<BR>C:\WINDOWS\system32\Ravasktao.exe<BR>C:\WINDOWS\system32\Ravasktao.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\7.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\tlso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\tlso0.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\8.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\daso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\daso0.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\7.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\8.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\9.exe<BR>C:\Program Files\Internet Explorer\PLUGINS\System64.Jmp<BR>C:\Program Files\Internet Explorer\PLUGINS\System64.Sys<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\10.exe<BR>C:\WINDOWS\system32\Drivers\usbinte.sys<BR>C:\WINDOWS\system32\visin.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\11.exe<BR>C:\WINDOWS\system32\mydata.exe<BR>C:\WINDOWS\system32\moyu103.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\13.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\wlso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\wlso0.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\14.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\wgso.exe<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\wgso0.dll<BR>C:\DOCUME~1\TestUser\LOCALS~1\Temp\15.exe<BR>C:\WINDOWS\system32\wuclmi.exe<BR>C:\WINDOWS\system32\wincfg.exe<BR>C:\WINDOWS\system32\mvdbc.exe<BR>C:\WINDOWS\system32\packet.dll<BR>C:\WINDOWS\system32\pthreadVC.dll<BR>C:\WINDOWS\system32\wanpacket.dll<BR>C:\WINDOWS\system32\wpcap.dll<BR>C:\WINDOWS\system32\drivers\npf.sys<BR>C:\WINDOWS\system32\npf_mgm.exe<BR>C:\WINDOWS\system32\daemon_mgm.exe<BR>C:\WINDOWS\system32\NetMonInstaller.exe<BR>C:\WINDOWS\system32\rpcapd.exe<BR>C:\WINDOWS\system32\capinstall.exe</FONT></TD></TR></TBODY></TABLE></P>
<P> 三:开始菜单-运行-输入“regedit”打开注册表删除以下标橙色的项</P>
<P>
<TABLE borderColor=#cccccc cellSpacing=0 cellPadding=3 width=500 align=center bgColor=#ffffff border=2 heihgt="">
<TBODY>
<TR>
<TD> <FONT size=1> </FONT><FONT color=#0000ff size=1>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run<BR></FONT><FONT color=#ff6600 size=1>"<STRONG>wosa</STRONG>" = %TEMP%WOSO.EXE<BR>"<STRONG>mhsa</STRONG>" = %TEMP%MHSO.EXE<BR>"<STRONG>Microsoft Autorun14</STRONG>" = %SYSTEM%\ZTINETZT.EXE<BR>"<STRONG>rxsa</STRONG>" = %TEMP%RXSO.EXE<BR>"<STRONG>qjsa</STRONG>" = %TEMP%QJSO.EXE<BR>"<STRONG>Microsoft Autorun9</STRONG>" = %SYSTEM%\RAVASKTAO.EXE<BR>"<STRONG>tlsa</STRONG>" = %TEMP%TLSO.EXE<BR>"<STRONG>dasa</STRONG>" = %TEMP%DASO.EXE<BR>"<STRONG>wlsa</STRONG>" = %TEMP%WLSO.EXE<BR>"<STRONG>wgsa</STRONG>" = %TEMP%WGSO.EXE</FONT>
<P><FONT size=1><FONT color=#0000ff> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run<BR></FONT>"<STRONG><FONT color=#ff6600>visin</FONT></STRONG>" = %SYSTEM%\VISIN.EXE</FONT></P>
<P><FONT size=1> <FONT color=#0000ff>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</FONT><BR>"{<STRONG><FONT color=#ff6600>0EA66AD2-CF26-2E23-532B-B292E22F3266</FONT></STRONG>}" = <BR>"{<STRONG><FONT color=#ff6600>754FB7D8-B8FE-4810-B363-A788CD060F1F</FONT></STRONG>}" = </FONT></P>
<P><FONT size=1> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<STRONG><FONT color=#ff6600>nm</FONT></STRONG><BR><STRONG><FONT color=#ff6600>(Display Name)Network Monitor Driver = (IMAGEPATH)SYSTEM32\DRIVERS\NMNT.SYS</FONT><BR></STRONG> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<FONT color=#ff6600>NPF</FONT><BR><FONT color=#ff6600><STRONG>(Display Name)NetGroup Packet Filter Driver = (IMAGEPATH)SYSTEM32\DRIVERS\NPF.SYS</STRONG></FONT><BR> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<FONT color=#ff6600>rpcapd</FONT><BR><FONT color=#ff6600>(Display Name)Remote Packet Capture Protocol v.0 (experimental) = (IMAGEPATH)"%PROGRAMFILES%\WINPCAP\RPCAPD.EXE" -D -F "%PROGRAMFILES%\WINPCAP\RPCAPD.INI"</FONT></FONT></P>
<P><FONT size=1> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\<FONT color=#ff6600>nm</FONT><BR> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\<FONT color=#ff6600>nm.sys</FONT></FONT></P>
<P><FONT size=1> HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<STRONG><FONT color=#ff6600>0EA66AD2-CF26-2E23-532B-B292E22F3266</FONT></STRONG>}<BR> HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<FONT color=#ff6600><STRONG>425882B0-B0BF-11CE-B59F-00AA006CB37D</STRONG></FONT>}<BR> HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<STRONG><FONT color=#ff6600>754FB7D8-B8FE-4810-B363-A788CD060F1F</FONT></STRONG>}<BR> HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<STRONG><FONT color=#ff6600>944AD531-B09D-11CE-B59C-00AA006CB37D</FONT></STRONG>}<BR> HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{<STRONG><FONT color=#ff6600>D413C502-3FAA-11D0-B254-444553540000</FONT></STRONG>}</FONT></P></TD></TR></TBODY></TABLE></P>
<P><FONT color=#0033ff>pegefile.pif病毒专杀工具下载地址:</FONT><A href="http://www.hotbus.cn/it/200706/2213.html"><FONT color=#0033ff>/it/200706/2213.html</FONT></A></P></FONT> <BR>
|
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡
