瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 致:“ 乖乖小白”——宰你那只垃圾“鸽子”
baohe - 2006-1-11 19:59:00
1、打开注册表编辑器,展开:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
删除左栏中的SVCHOST

2、重启系统 ,找到并删除:
C:\WINDOWS\SVCHOST.exe
C:\WINDOWS\SVCHOST.DLL
下列文件需IceSword找到并删除:
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
C:\Documents and Settings\LocalService\Favorites\链接


此外,这只垃圾鸽子还对注册表做了下列N处改动(真够变态!!):
HKU\.DEFAULT\Software\Microsoft\Internet Connection Wizard\\Completed
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Check_Associations
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Desktop
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\B\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\\BaseClass
HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\\@shell32.dll,-12693
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Favorites
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\\Settings
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\\FullPath
HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\BagMRU\\NodeSlots
HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\BagMRU\\MRUListEx
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\\Locked
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Cache
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\\Directory
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\\Paths
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\\CachePath
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\\CachePath
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\\CachePath
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\\CachePath
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\\CacheLimit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\\CacheLimit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\\CacheLimit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\\CacheLimit
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Cookies
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\History
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\AppData
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\链接\\Order
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00C6482D-C502-44C8-8409-FCE54AD9C208}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00C6482D-C502-44C8-8409-FCE54AD9C208}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00C6482D-C502-44C8-8409-FCE54AD9C208}\iexplore\\Time
HKU\.DEFAULT\Software\TechSmith\SnagIt\7\Addins
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\iexplore\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\iexplore\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Start Menu
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Start Menu
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Desktop
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common AppData
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\My Pictures
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\CommonPictures
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Personal
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Documents
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\CommonMusic
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\CommonVideo
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\链接\\Order
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ITBarLayout
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}
HKU\.DEFAULT\Software\TechSmith\SnagIt\7\Addins\Internet Explorer\\ForceToolbarOn
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54EBD53A-9BC1-480B-966A-843A333CA162}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54EBD53A-9BC1-480B-966A-843A333CA162}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54EBD53A-9BC1-480B-966A-843A333CA162}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5366673-E8CA-11D3-9CD9-0090271D075B}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5366673-E8CA-11D3-9CD9-0090271D075B}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5366673-E8CA-11D3-9CD9-0090271D075B}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157B}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157B}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157B}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore\\Type
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore\\Count
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore\\Time
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProxyBypass
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\IntranetName
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\UNCAsIntranet
1
查看完整版本: 致:“ 乖乖小白”——宰你那只垃圾“鸽子”
© 2000 - 2025 Rising Corp. Ltd.