| 引用: |
【天天泡泡的贴子】个人建议,仅供参考:
1.将HijackThis解压到本地文件夹中,运行。
2.终止进程:
C:\windows\system32\alg32.exe
C:\WINDOWS\explorer.com
3.关闭所有窗口,修复:
所有O1项
O4 - HKLM\..\Run: [Net] C:\WINDOWS\explorer.com
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [vga32] c:\windows\system32\alg32.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\spcustom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
4.重启到安全模式,删除:
C:\WINDOWS\explorer.com
C:\windows\system32\alg32.exe
C:\$NtUninstallQ5926809$文件夹
5.另:
O4 - HKLM\..\Run: [proxysm] C:\DOCUME~1\0\LOCALS~1\Temp\Rar$EX32.813\发布\proxysm.exe
这项请你自行确认。
........................... |
你好,补充一下,请修改一下HOST文件
1 进入C:\WINNT\system32\drivers\etc(或者是C:\windows\system32\drivers\etc\)目录下
2 用记事本打开hosts文件,把文件修改成以下形式(把内容复制即可),然后保存
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
