昨天晚上就中了,没以为有什么了不起,没理他,找到病毒文件,C:\WINNT\system32\drivers\exoowk26.sys 换操作系统;改名字。ok;搞定。 �+
bA�Ef�L
y=:5�kbi^�
今天白天看这么多帖子,也没注意,我今天一直用xp;刚刚回家,开2000,才发现,哦,昨天中的就是它。 }/UH2�1}`
=iW;E��T�
这个病毒文件大小是14.8kB, 15232字节,版本说明:disk driver;产品名称:Microsoft(R) Windows(R) Operating System y?rdJ%H^�I
�!�`eC?%$i
还有,此文件是8位sys 文件位于\system32\drivers\目录下,后2位是数字,用unlocker删除;或进dos删除。 ]_B3�trir6
/j�n�rV:)8
重要补充:此文件在system32目录下还有一个同名dll文件,一起删除。大小:52kB 53248字节 版本说明:Battery Meter Helper DLL �k j`$~xZ�
SK�pttTh�,
hg#�=L� >]
加载到注册表的项: vTo(b�h{yv
��FP-1�K��
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exoowk26] mq�rN;�xeU
"Type"=dword:00000001 tU���AX]�N
"Start"=dword:00000000 08�.����X>
"ErrorControl"=dword:00000001 $[4h?6i{rH
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 2x1qv��� W
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,65,00,78,00,6f,00,6f,00,77,00,6b,\ �~=l3>Y+ )
00,32,00,36,00,2e,00,73,00,79,00,73,00,00,00 �n`z��e1O�
"DisplayName"="exoowk26" d};uk
b�}y
"Group"="System Bus Extender" a;�m�".�X�
sb�mFbvKY�
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exoowk26\Security] �@nB6/�|d,
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ a;d�ms�Mr@
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ `3C Lf��?E
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ �<�xxzFljW
05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ >0��8c-��Z
20,00,00,00,20,02,00,00,d2,33,bc,8e,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ �yz>�r�#�f
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ $}�\=Nxt�k
00,05,20,00,00,00,23,02,00,00,d2,33,bc,8e,01,01,00,00,00,00,00,05,12,00,00,\ �!�P\f3��b
00,01,01,00,00,00,00,00,05,12,00,00,00 �55<X�Rx|D
$��KwKf�5Z
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exoowk26\Enum] ,gkc}b1'�t
"0"="Root\\LEGACY_EXOOWK26\\0000" RT�y4Gj;I:
"Count"=dword:00000001 �p���*J��
"NextInstance"=dword:00000001 Y����@&Q��
h20MoZ�X�T
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\exoowk26] P$&L0<sFm#
"Type"=dword:00000001 G@#>Lx>�P�
"Start"=dword:00000000 ��Z
t`6t�"
"ErrorControl"=dword:00000001 Y7J�3��� h
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ <��])um�kS
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,65,00,78,00,6f,00,6f,00,77,00,6b,\ ��HD[�@q�T
00,32,00,36,00,2e,00,73,00,79,00,73,00,00,00 �
<_ fa���
"DisplayName"="exoowk26" =^.�M��H/
"Group"="System Bus Extender" Kpt��t9�$2
\8^/�bSOhb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\exoowk26\Security] V�%%9�{�iC
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ ���(�S4�'�
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ �KpU��cg��
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ �#qaL�f�Gr
05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ s�OWr�v�M7
20,00,00,00,20,02,00,00,d2,33,bc,8e,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ �2� ��l%�\
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ FH"Gk�Ntv�
00,05,20,00,00,00,23,02,00,00,d2,33,bc,8e,01,01,00,00,00,00,00,05,12,00,00,\ H<�B^a{@+R
00,01,01,00,00,00,00,00,05,12,00,00,00 W-0�106��
k^jX%ND�/u
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exoowk26] m&��<sts�"
"Type"=dword:00000001 \ oA��ex�
"Start"=dword:00000000 ~%G@�!xA�W
"ErrorControl"=dword:00000001 �n�U-=@& (
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ |vG5#e��l9
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,65,00,78,00,6f,00,6f,00,77,00,6b,\ z>[n�W<|�L
00,32,00,36,00,2e,00,73,00,79,00,73,00,00,00 *t\*W:��A�
"DisplayName"="exoowk26" eM+!h"A�Eg
"Group"="System Bus Extender" �p`�dyA�@1
�!_Tjc0�[]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exoowk26\Security] j P\p�^���
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ �""PX0ea+
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ .s)�\yG}}\
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\ ���gD, 3�
05,12,00,00,00,00,00,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ <<.t\>2_H^
20,00,00,00,20,02,00,00,d2,33,bc,8e,00,00,18,00,8d,01,02,00,01,01,00,00,00,\ Vn�Nx�2W��
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\ D/,wd8P���
00,05,20,00,00,00,23,02,00,00,d2,33,bc,8e,01,01,00,00,00,00,00,05,12,00,00,\ )q�G&~hWa
00,01,01,00,00,00,00,00,05,12,00,00,00 ?�1}+.r��
d+7�ik5C0r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exoowk26\Enum] A +2kJ�Q�x
"0"="Root\\LEGACY_EXOOWK26\\0000" iJnS�s��EU
"Count"=dword:00000001 @rG�:&=+
4
"NextInstance"=dword:00000001 LXfD�nK��@
o�",��Rhhn
此病毒文件的查杀和删除办法,参见查杀ALLXUN的办法。 0�>jd~~V�]
Bk^MC��g�H
