昨天晚上就中了,没以为有什么了不起,没理他,找到病毒文件,C:\WINNT\system32\drivers\exoowk26.sys 换操作系统;改名字。ok;搞定。 u8pt0��%,�
L��ZsQZi:
今天白天看这么多帖子,也没注意,我今天一直用xp;刚刚回家,开2000,才发现,哦,昨天中的就是它。 ��z&_�^79[
�� >N}yYj=
这个病毒文件大小是14.8kB, 15232字节,版本说明:disk driver;产品名称:Microsoft(R) Windows(R) Operating System ~J�6�0~uA+
t;TLlxg�V�
还有,此文件是8位sys 文件位于\system32\drivers\目录下,后2位是数字,用unlocker删除;或进dos删除。 Z�>�_zd��T
K$w#bd�O-^
重要补充:此文件在system32目录下还有一个同名dll文件,一起删除。大小:52kB 53248字节 版本说明:Battery Meter Helper DLL .t�G�6�*�
HL�$D�rj`T
x>e;r�g8&:
加载到注册表的项: y�;�7{8>>�
adsf"�'BU9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exoowk26] EE���f9k=A
"Type"=dword:00000001 ��P<�oZ�,R
"Start"=dword:00000000 W92�T@ex}!
"ErrorControl"=dword:00000001 [3~��kYEcj
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ g]@ Z�C���
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,65,00,78,00,6f,00,6f,00,77,00,6b,\ L520EHhvmG
00,32,00,36,00,2e,00,73,00,79,00,73,00,00,00 E�";Qt�P[�
"DisplayName"="exoowk26" �6��tJn z�
"Group"="System Bus Extender" /0a$�E!uZk
?�J7JIE0&X
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exoowk26\Security] ikRe�yEh�$
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ Y�m{Mq%(�8
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 91�4-Hu9$Y
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ |�Huf�7(��
05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ Qc���Ui�bK
20,00,00,00,20,02,00,00,d2,33,bc,8e,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ cXrO�H|^iG
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ :;A�U_wbwF
00,05,20,00,00,00,23,02,00,00,d2,33,bc,8e,01,01,00,00,00,00,00,05,12,00,00,\ I~��9[D)�}
00,01,01,00,00,00,00,00,05,12,00,00,00 �CS�� 5��1
v��T�Gu@V-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exoowk26\Enum] byzYX�r`�{
"0"="Root\\LEGACY_EXOOWK26\\0000" |�`>�%*� J
"Count"=dword:00000001 *=Cb�[\��
"NextInstance"=dword:00000001 W��L~zlfZi
;[�e�?2;lo
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\exoowk26] OYcIa8OxO{
"Type"=dword:00000001 @sgNjM�(�9
"Start"=dword:00000000 cb~+{f�<1|
"ErrorControl"=dword:00000001 Fjgc��yOn
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ R�[~[s5P~D
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,65,00,78,00,6f,00,6f,00,77,00,6b,\ Ac1\�<x>4�
00,32,00,36,00,2e,00,73,00,79,00,73,00,00,00 o;1r*c ian
"DisplayName"="exoowk26" sxv/'D< &
"Group"="System Bus Extender" O�<uG�7b[D
� Av+�*xz�
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\exoowk26\Security] �|Wj/#,�Mk
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ �a�B�a�8
�
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ t�~9;VoTFt
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ �RF;^TBD��
05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ N��5�7I`f:
20,00,00,00,20,02,00,00,d2,33,bc,8e,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ bEL�3 ED&T
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ B �6�m�n3{
00,05,20,00,00,00,23,02,00,00,d2,33,bc,8e,01,01,00,00,00,00,00,05,12,00,00,\ yY�'�U[d��
00,01,01,00,00,00,00,00,05,12,00,00,00 fgu@ �]eN
r|
$9#w S2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exoowk26] Tz'�cM�u �
"Type"=dword:00000001 ��.R`b2�\T
"Start"=dword:00000000 u~\�5]K�d%
"ErrorControl"=dword:00000001 0Oh�+w0�bY
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ Nxp=tZA��R
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,65,00,78,00,6f,00,6f,00,77,00,6b,\
g{o[�H&Q
00,32,00,36,00,2e,00,73,00,79,00,73,00,00,00 T1<. L�3M�
"DisplayName"="exoowk26" ��"E\�A���
"Group"="System Bus Extender" k+/�zX^)a=
|��=$iNH#.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exoowk26\Security] O%-��N�BIS
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ #S���"��qu
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ &�:�N<Eu\'
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ %]&2O4�mjk
05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ �~]�(tv�v:
20,00,00,00,20,02,00,00,d2,33,bc,8e,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ 6z����sFi
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ BR;M5COj�M
00,05,20,00,00,00,23,02,00,00,d2,33,bc,8e,01,01,00,00,00,00,00,05,12,00,00,\ U"��*.\�C.
00,01,01,00,00,00,00,00,05,12,00,00,00 ��\3�s���b
Dr`�k-�m�/
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exoowk26\Enum] �p7K,NBh#V
"0"="Root\\LEGACY_EXOOWK26\\0000" a6�;*�%B{*
"Count"=dword:00000001 M`_�$Lke��
"NextInstance"=dword:00000001 y`]iq��b"v
�ssT=nF�2I
此病毒文件的查杀和删除办法,参见查杀ALLXUN的办法。 �c3#Zj1BA'
�c?t-j�z�N
