1.exe进程详细介绍
1.exe is a process which is registered as the TROJ_SUA.A worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has its own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system.
进程分析: 在安全模式下删除以下病毒文件. 1.exe 2.exe 3.exe 4.exe病毒,在C:\Documents and Settings\用户名\Local Settings\Temp文件夹里 C:\Program Files\Microsoft 文件svhost32.exe C:\WINDOWS\command 文件rundll32.exe c:\windows\qq.exe 服务 windows 格式 hack*.com.cn.ini名字不清楚了 windows updata 格式 c:\windows\qq.exe 两个服务用第三放软件删除 msconfig启动项svhost32 C:\Program Files\Microsoft\svhost32.exe rundll32 C:\WINDOWS\command\rundll32.dll 可以的加载项HLM\SOFTWARE\microsoft\windows nt\currentversion\policies\explorer\run checkfaultkenel----c:\windows\system32\mswdm.exe 然后用防火墙软件禁止c:\windows\explorer.exe防问网络.即可防止再次下载此木马. 以木马下载文件有: C:\Documents and Settings\adminstrator\Local Settings\Temp\dns.exe C:\Documents and Settings\adminstrator\Local Settings\Temp\1.exe C:\Documents and Settings\adminstrator\Local Settings\Temp\2.exe C:\Documents and Settings\adminstrator\Local Settings\Temp\3.exe C:\Documents and Settings\adminstrator\Local Settings\Temp\4.exe C:\Documents and Settings\adminstrator\Local Settings\Temp\js.dll C:\Program Files\Microsoft\svhost32.exe C:\Program Files\command\svhost32.exe C:\windows\command\rundll32.exec:\windows\qq.exe C:\Program Files\svhost32.exe
病毒位置:win临时文件和系统文件夹(system_32)。
C:\WINDOWS\system32 C:\Program Files\WindowsUpdate
之后册除1.exe-26.exe-a.exe程序 解决方法删除即可。
病毒1.exe 2.exe 3.exe 4.exe病毒解决办法
在安全模式下删除以下病毒文件.
1.exe 2.exe 3.exe 4.exe病毒,在C:\Documents and Settings\用户名\Local Settings\Temp文件夹里
C:\Program Files\Microsoft 文件svhost32.exe
C:\WINDOWS\command 文件rundll32.exe
c:\windows\qq.exe
服务
windows 格式 hack*.com.cn.ini名字不清楚了
windows updata 格式 c:\windows\qq.exe
两个服务用第三放软件删除
msconfig启动项svhost32 C:\Program Files\Microsoft\svhost32.exe
rundll32 C:\WINDOWS\command\rundll32.dll
可以的加载项HLM\SOFTWARE\microsoft\windows nt\currentversion\policies\explorer\run
checkfaultkenel----c:\windows\system32\mswdm.exe
然后用防火墙软件禁止c:\windows\explorer.exe防问网络.即可防止再次下载此木马.
以木马下载文件有:
C:\Documents and Settings\adminstrator\Local Settings\Temp\dns.exe
C:\Documents and Settings\adminstrator\Local Settings\Temp\1.exe
C:\Documents and Settings\adminstrator\Local Settings\Temp\2.exe
C:\Documents and Settings\adminstrator\Local Settings\Temp\3.exe
C:\Documents and Settings\adminstrator\Local Settings\Temp\4.exe
C:\Documents and Settings\adminstrator\Local Settings\Temp\js.dll
C:\Program Files\Microsoft\svhost32.exe
C:\Program Files\command\svhost32.exe
C:\windows\command\rundll32.exec:\windows\qq.exe
C:\Program Files\svhost32.exe
1.exe手动清除方法
主程序1.exe运行后释放%System%\1.dLl,创建ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}"=""
[HKEY_CLASSES_ROOT\CLSID\{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}\InPrOcservEr32]
@="%System%\1.dLl"
使用delxxzt.BaT删除自身:
:Try
dEl "1.exe"
if exist "1.exe" Goto try
Del %0
清除步骤
1. 删除病毒创建的ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}"=""
[HKEY_CLASSES_ROOT\CLSID\{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}\InPrOcservEr32]
@="%System%\1.dLl"
2. 重新启动计算机
3. 删除病毒文件:
%System%\1.dll