baohe - 2006-6-2 16:40:00
Backdoor.Win32.RBot.aym的查杀
1、结束后门进程hpms2wtn.exe
2、删除后门文件:
C:\WINDOWS\system32\hpms2wtn.exe
3、用记事本打开C:\WINDOWS\system32\drivers\etc\hosts
删除
127.0.0.1 localhost后面的所有信息。
保存hosts
4、清理注册表:
展开:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices,
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\,
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\,
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKEY_CURRENT_USER\Software\Microsoft\OLE
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
展开:HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
删除:"Windows Virtual Assistance"="hpms2wtn.exe"
5、运行WINDOWS UPDATE,去微软打补丁。
© 2000 - 2025 Rising Corp. Ltd.