:流行木马(456).INI,无法彻底清除
下载XDelbox1.5删除工具
(必须安装在C盘): http://forum.ikaka.com/topic.asp?board=28&artid=8381032
把下列文件粘贴进入删除列表,删除
C:\WINDOWS\system32\avzxemn.dll> [N/A]
C:\WINDOWS\system32\kvdxsdma.dll> []
C:\WINDOWS\system32\kapjbzy.dll> []
C:\WINDOWS\system32\avwgemn.dll> []
C:\WINDOWS\system32\rsmyfpm.dll> []
C:\WINDOWS\system32\sidjazy.dll> [N/A]
C:\WINDOWS\system32\rsjzbpm.dll> [N/A]
C:\WINDOWS\system32\rsztdpm.dll> []
C:\WINDOWS\system32\rarjbpi.dll> [N/A]
C:\WINDOWS\system32\raqjcpi.dll> []
C:\WINDOWS\system32\kvdxdma.dll> [N/A]
C:\WINDOWS\system32\ratbfpi.dll> [N/A]
C:\WINDOWS\system32\avwlcmn.dll> [N/A]
C:\WINDOWS\system32\kaqhfzy.dll> [N/A]
C:\WINDOWS\system32\kawdbzy.dll> [N/A]
C:\WINDOWS\system32\serdst.exe
重起后不要动,让软件自己删除程序
打开SRENG删除
注册表:
<MSDEG32><LYLoader.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<{5859245F-345D-BC13-AC4F-145D47DA34F5}><C:\WINDOWS\system32\avzxemn.dll> [N/A]
<{4D561258-45F3-A451-F908-A258458226D4}><C:\WINDOWS\system32\kvdxsdma.dll> []
<{2A321487-4977-D98A-C8D5-6488257545A2}><C:\WINDOWS\system32\kapjbzy.dll> []
<{5A1247C1-53DA-FF43-ABD3-345F323A48D5}><C:\WINDOWS\system32\avwgemn.dll> []
<{6E32FA58-3453-FA2D-BC49-F340348ACCE6}><C:\WINDOWS\system32\rsmyfpm.dll> []
<{18847374-8323-FADC-B443-4732ABCD3781}><C:\WINDOWS\system32\sidjazy.dll> [N/A]
<{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}><C:\WINDOWS\system32\rsjzbpm.dll> [N/A]
<{434345F1-DACF-3452-CB7D-4620F34A1534}><C:\WINDOWS\system32\rsztdpm.dll> []
<{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\system32\rarjbpi.dll> [N/A]
<{34783410-4F90-34A0-7820-3230ACD05F43}><C:\WINDOWS\system32\raqjcpi.dll> []
<{4C87A354-ABC3-DEDE-FF33-3213FD7447C4}><C:\WINDOWS\system32\kvdxdma.dll> [N/A]
<{66650011-3344-6688-4899-345FABCD1566}><C:\WINDOWS\system32\ratbfpi.dll> [N/A]
<{3960356A-458E-DE24-BD50-268F589A56A3}><C:\WINDOWS\system32\avwlcmn.dll> [N/A]
<{67D81718-1314-5200-2597-587901018076}><C:\WINDOWS\system32\kaqhfzy.dll> [N/A]
<{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\system32\kawdbzy.dll> [N/A]
把[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><raqjcpi.dll> []设置为空
删除服务
[Telephotsgoogle / Wdswsdewn][Stopped/Auto Start]
<C:\WINDOWS\system32\serdst.exe><N/A>
重起进入安全模式(开机不停的按F8,选择安全模式启动)
清空临时文件夹:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
SRENG的使用方法在:http://forum.ikaka.com/topic.asp?board=28&artid=8270267&page=1
(必须安装在C盘): http://forum.ikaka.com/topic.asp?board=28&artid=8381032
把下列文件粘贴进入删除列表,删除
C:\WINDOWS\system32\avzxemn.dll> [N/A]
C:\WINDOWS\system32\kvdxsdma.dll> []
C:\WINDOWS\system32\kapjbzy.dll> []
C:\WINDOWS\system32\avwgemn.dll> []
C:\WINDOWS\system32\rsmyfpm.dll> []
C:\WINDOWS\system32\sidjazy.dll> [N/A]
C:\WINDOWS\system32\rsjzbpm.dll> [N/A]
C:\WINDOWS\system32\rsztdpm.dll> []
C:\WINDOWS\system32\rarjbpi.dll> [N/A]
C:\WINDOWS\system32\raqjcpi.dll> []
C:\WINDOWS\system32\kvdxdma.dll> [N/A]
C:\WINDOWS\system32\ratbfpi.dll> [N/A]
C:\WINDOWS\system32\avwlcmn.dll> [N/A]
C:\WINDOWS\system32\kaqhfzy.dll> [N/A]
C:\WINDOWS\system32\kawdbzy.dll> [N/A]
C:\WINDOWS\system32\serdst.exe
重起后不要动,让软件自己删除程序
打开SRENG删除
注册表:
<MSDEG32><LYLoader.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<{5859245F-345D-BC13-AC4F-145D47DA34F5}><C:\WINDOWS\system32\avzxemn.dll> [N/A]
<{4D561258-45F3-A451-F908-A258458226D4}><C:\WINDOWS\system32\kvdxsdma.dll> []
<{2A321487-4977-D98A-C8D5-6488257545A2}><C:\WINDOWS\system32\kapjbzy.dll> []
<{5A1247C1-53DA-FF43-ABD3-345F323A48D5}><C:\WINDOWS\system32\avwgemn.dll> []
<{6E32FA58-3453-FA2D-BC49-F340348ACCE6}><C:\WINDOWS\system32\rsmyfpm.dll> []
<{18847374-8323-FADC-B443-4732ABCD3781}><C:\WINDOWS\system32\sidjazy.dll> [N/A]
<{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}><C:\WINDOWS\system32\rsjzbpm.dll> [N/A]
<{434345F1-DACF-3452-CB7D-4620F34A1534}><C:\WINDOWS\system32\rsztdpm.dll> []
<{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\system32\rarjbpi.dll> [N/A]
<{34783410-4F90-34A0-7820-3230ACD05F43}><C:\WINDOWS\system32\raqjcpi.dll> []
<{4C87A354-ABC3-DEDE-FF33-3213FD7447C4}><C:\WINDOWS\system32\kvdxdma.dll> [N/A]
<{66650011-3344-6688-4899-345FABCD1566}><C:\WINDOWS\system32\ratbfpi.dll> [N/A]
<{3960356A-458E-DE24-BD50-268F589A56A3}><C:\WINDOWS\system32\avwlcmn.dll> [N/A]
<{67D81718-1314-5200-2597-587901018076}><C:\WINDOWS\system32\kaqhfzy.dll> [N/A]
<{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\system32\kawdbzy.dll> [N/A]
把[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><raqjcpi.dll> []设置为空
删除服务
[Telephotsgoogle / Wdswsdewn][Stopped/Auto Start]
<C:\WINDOWS\system32\serdst.exe><N/A>
重起进入安全模式(开机不停的按F8,选择安全模式启动)
清空临时文件夹:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
SRENG的使用方法在:http://forum.ikaka.com/topic.asp?board=28&artid=8270267&page=1
