神马品牌网dnf四姨二觉原画:Hi jacker.Agent.a是什么病毒啊!
来源:百度文库 编辑:神马品牌网 时间:2024/05/06 04:34:00
手工删除
按照以下步骤从您的机器删除Unknown Hijacker。先备份您的注册表和系统,并设置一个还原点,防止发生错误。
停止运行进程:
利用任务管理器停止以下运行进程:
my2ns.exe
ovfm.exe
reg32.exe
cpcfjmps.exe
eilo.exe
撤消 DLL 的注册:
使用 Regsvr32 撤销以下 DLLs 的注册,然后重启:
%system%\bho1.dll
ip.dll
drmv2iclt.dll
bpv1a.dll
%windows%\system\zestyfind.dll
%windows%\system\wstart.dll
%windows%\system\pwrsc037.dll
%windows%\system\mshtmpre.dll
%windows%\system\gamhelper.dll
%windows%\system\e2bho.dll
%windows%\system\bho1.dll
%system%\zestyfind.dll
%system%\pwrsc037.dll
%system%\mshtmpre.dll
%system%\gamhelper.dll
%system%\e2bho.dll
toolbar.dll
mybar.dll
mswsc10.dll
删除自动运行的引用:
访问 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
如果找到值 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run host,立即删除并重启机器
清除注册表:
使用注册表编辑器清除以下注册项(如果存在):
HKEY_CLASSES_ROOT\clsid\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_CLASSES_ROOT\clsid\{5cf8a355-f8c6-4883-9c25-49d01a7d25be}
HKEY_CLASSES_ROOT\clsid\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_CLASSES_ROOT\clsid\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{9896231a-c487-43a5-8369-6ec9b0a96cc0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_CURRENT_USER\software\bssgglgllllfrie
HKEY_CURRENT_USER\software\srng
HKEY_CURRENT_USER\software\uckgrsgryvyieoa
HKEY_LOCAL_MACHINE\software\classes\clsid\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5cf8a355-f8c6-4883-9c25-49d01a7d25be}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000ef1-0786-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9c691a33-7dda-4c2f-be4c-c176083f35cf}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d61570b1-61e1-6851-cbf7-b7915cbdfa4e}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{ef86873f-04c2-4a95-a373-5703c08efc7b}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{f7adcfe3-aa28-f99e-e665-b13ac332d249}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {5cf8a355-f8c6-4883-9c25-49d01a7d25be}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run host
删除文件:
使用资源管理器删除以下文件(如果存在):
ip.dll
mswsc10.dll
my2ns.exe
mybar.dll
ovfm.exe
partner.dat
prevcfg.htm
reg32.exe
rw.wzg
%system%\bho1.dll
%system%\e2bho.dll
%system%\gamhelper.dll
%system%\hosts.vbs
%system%\mshtmpre.dll
%system%\pwrsc037.dll
%system%\zestyfind.dll
%windows%\favorites\ games.url
%windows%\favorites\links\aol search.url
%windows%\system\bho1.dll
%windows%\system\e2bho.dll
%windows%\system\zestyfind.dll
%windows%\system\gamhelper.dll
%windows%\system\mshtmpre.dll
%windows%\system\pwrsc037.dll
%windows%\system\wstart.dll
bpv1a.dll
cpcfjmps.exe
drmv2iclt.dll
eilo.exe
files.ini
hijackthis.log
toolbar.dll
uninstall.inf
xzxsv.wzg
yildhvi.olt
%favorites%\90. general\links\free aol & unlimited internet.url
%favorites%\asgo\adtactics login.url
%favorites%\asgo\regnow control panel.url
%favorites%\boner stuff\bignaturals.com - sexual content warning.url
%favorites%\channels\whatsnew.com channel\computers and technology\bonzi voice email.url
%favorites%\channels\whatsnew.com channel\search\looksmart.url
%favorites%\comic stuff\top 100 batman sites.url
%favorites%\computers and technology\bonzi voice email.url
%favorites%\cuba\msn search result for - cuba.url
%favorites%\flight\worldwide flight sim top sites.url
%favorites%\free strip poker.url
%favorites%\i-lookup favorites\black planet love.url
%favorites%\i-lookup favorites\college recruiter.url
%favorites%\i-lookup favorites\dating direct.url
%favorites%\i-lookup favorites\email psychic.url
%favorites%\i-lookup favorites\for sale by owner.url
%favorites%\i-lookup favorites\foreclosure free search.url
%favorites%\i-lookup favorites\gay.com.url
%favorites%\i-lookup favorites\hot jobs.url
%favorites%\i-lookup favorites\i connect here.url
%favorites%\i-lookup favorites\i-lookup.url
%favorites%\i-lookup favorites\life-answers.url
%favorites%\i-lookup favorites\move out.url
%favorites%\i-lookup favorites\music 123.url
%favorites%\i-lookup favorites\phone shark.url
%favorites%\i-lookup favorites\planet out.url
%favorites%\i-lookup favorites\private for sale.url
%favorites%\i-lookup favorites\room mate menu.url
%favorites%\i-lookup favorites\roommate.url
%favorites%\i-lookup favorites\tel 3.url
%favorites%\i-lookup favorites\the online psychic.url
%favorites%\links\like music - try aol!.url
%favorites%\links\search the web.url
%favorites%\links\searchnow.ws-the search portal.url
%favorites%\links\web search.url
%favorites%\mystuff\misc\ft.com.url
%favorites%\net search\looksmart.url
%favorites%\new stuff\free detergent.url
%favorites%\new stuff\free nokia cell phone.url
%favorites%\new stuff\free razors.url
%favorites%\new stuff\like music - try aol!.url
%favorites%\news\apbnews.com.url
%favorites%\search\looksmart.url
%favorites%\sex drugs - free!.url
%favorites%\stuff\affiliate program software.url
%favorites%\stuff\canadian topsites.url
%favorites%\web building stuff\products\affiliate program software.url
%favorites%\web building stuff\promotion and services\looksmart clicks - member login.url
%favorites%\web building stuff\promotion and services\looksmart shops looksmart backoffice.url
%favorites%\weight loss! new.url
%favorites%\writing link lists\looksmart - search results for writing.url
%favorites%\writing link lists\msn search result for - journalism jobs.url
%favorites%\writing link lists\screenwriting.com top sites.url
%favorites%\writing links\writers resources directory.url
未曾见过