怎样预防熊猫烧香?
急,急,急!!!哪位大侠知道怎样预防熊猫烧香?1000多部电脑啊
[解决办法]
关注
[解决办法]
熊猫烧香?
[解决办法]
@echo off
title 清除威金(logo_1,熊猫烧香)病毒最新变种工具
@echo 清除VIKING病毒最新变种工具
@echo -------------------------------------------------------
@echo by:http://www.9java.com
@echo VIKLIG病毒,专杀工具,请复制此代码 保存为.bat后缀的批处理文件双击运行即可.
@echo --------------------
pause
if exist %windir%\rundl132.exe echo ---报告,发现有威金病毒
if exist %windir%\logo_1.exe echo ---报告,发现有威金病毒
//杀viking进程
tskill logo_1
tskill rundl132
tskill zt
tskill wow
tskill logo1_
tskill Ravmon
tskill Eghost
tskill Mailmon
tskill KAVPFW
tskill IPARMOR
tskill Ravmond
taskkill /f /im 0sy.exe
taskkill /f /im 1sy.exe
taskkill /f /im 2sy.exe
taskkill /f /im 3sy.exe
taskkill /f /im 4sy.exe
taskkill /f /im 5sy.exe
taskkill /f /im 6sy.exe
taskkill /f /im 7sy.exe
taskkill /f /im 8sy.exe
taskkill /f /im 9sy.exe
//删除木马
del d:\_desktop.ini /f/s/q/a
del c:\Program Files\_desktop.ini
del %Windir%\MickNew\MickNew.dll
del %Windir%\MH_FILE\MH_DLL.dll
del %Windir%\_desktop.ini
del %Windir%\TODAYZTKING\TODAYZTKING.DLL
attrib -h -r -s c:\go.exe
del c:\go.exe
del c:\setup.exe
attrib -h -s -r c:\autorun.inf
del c:\autorun.inf
attrib -h -r -s d:\go.exe
del d:\go.exe
del d:\setup.exe
attrib -h -s -r d:\autorun.inf
del d:\autorun.inf
del e:\setup.exe
attrib -h -r -s e:\go.exe
del e:\go.exe
attrib -h -s -r e:\autorun.inf
del e:\autorun.inf
attrib -h -r -s f:\autorun.inf
del f:\go.exe
del f:\setup.exe
attrib -h -s -r f:\autorun.inf
del f:\autorun.inf
attrib -h -r -s g:\go.exe
del g:\go.exe
del g:\setup.exe
attrib -h -s -r g:\autorun.inf
del g:\autorun.inf
del h:\go.exe
del h:\setup.exe
attrib -h -s -r g:\autorun.inf
del h:\autorun.inf
del i:\go.exe
attrib -h -s -r g:\autorun.inf
del i:\autorun.inf
del i:\setup.exe
del j:\go.exe
attrib -h -s -r g:\autorun.inf
del j:\autorun.inf
del j:\setup.exe
del %windir%\system\Logo1_.exe
del %windir%\rundl132.exe
del %windir%\vDll.dll
del %windir%\Dll.dll
del %windir%\0Sy.exe
del %windir%\1Sy.exe
del %windir%\2Sy.exe
del %windir%\3Sy.exe
del %windir%\5Sy.exe
del %windir%\1.com
@echo ^_^ 报告老大,VIKING已经全都被处死,有空多来我blog看看哦,地址是www.9java.com
@echo 真累哈,再给你的系统免疫下,不需要的话请直接退出
pause
//免疫系统
echo > %windir%\Logo1_.exe
echo > %windir%\rundl132.exe
echo > %windir%\0Sy.exe
echo > %windir%\vDll.dll
echo > %windir%\1Sy.exe
echo > %windir%\2Sy.exe
echo > %windir%\rundll32.exe
echo > %windir%\3Sy.exe
echo > %windir%\5Sy.exe
echo > %windir%\1.com
echo > %windir%\exerouter.exe
echo > %windir%\EXP10RER.com
echo > %windir%\finders.com
echo > %windir%\Shell.sys
echo > %windir%\kill.exe
echo > %windir%\sws.dll
echo > %windir%\sws32.dll
echo > %windir%\uninstall\rundl132.exe
echo > %windir%\SVCHOST.exe
echo > %windir%\WINLOGON.exe
echo > %windir%\RUNDLL32.EXE
echo > C:\ "Program Files "\svchost.exe
echo > C:\ "Program Files "\ "Internet Explorer "\svchost.exe
echo > %windir%\Download\svchost.exe
echo > %windir%\system32\wldll.dll
attrib %windir%\Logo1_.exe +s +r +h
attrib %windir%\rundl132.exe +s +r +h
attrib %windir%\0Sy.exe +s +r +h
attrib %windir%\vDll.dll +s +r +h
attrib %windir%\1Sy.exe +s +r +h
attrib %windir%\2Sy.exe +s +r +h
attrib %windir%\rundll32.exe +s +r +h
attrib %windir%\3Sy.exe +s +r +h
attrib %windir%\5Sy.exe +s +r +h
attrib %windir%\1.com +s +r +h
attrib %windir%\exerouter.exe +s +r +h
attrib %windir%\EXP10RER.com +s +r +h
attrib %windir%\finders.com +s +r +h
attrib %windir%\Shell.sys +s +r +h
attrib %windir%\kill.exe +s +r +h
attrib %windir%\sws.dll +s +r +h
attrib %windir%\sws32.dll +s +r +h
attrib %windir%\uninstall\rundl132.exe +s +r +h
attrib %windir%\SVCHOST.exe +s +r +h
attrib %windir%\WINLOGON.exe +s +r +h
attrib %windir%\RUNDLL32.EXE +s +r +h
attrib C:\ "Program Files "\svchost.exe +s +r +h
attrib C:\ "Program Files "\ "Internet Explorer "\svchost.exe +s +r +h
attrib %windir%\Download\svchost.exe +s +r +h
attrib %windir%\system32\wldll.dll +s +r +h
net share c$ /del
net share d$ /del
net share e$ /del
net share f$ /del
net share admin$ /del
net share ipc$ /del
cls
@echo -------------------------------------
@echo viking已经全部被我杀完拉,哈,厉害吧
@echo 系统已经成功免疫!
@echo 谢谢你的使用,请重启您的电脑!
@echo -------------------------------------
pause
=========================
禁止运行
=========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"DisallowRun "=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\DisallowRun]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"**delvals. "= " "
"1 "= "0Sy.exe "
"2 "= "1.com "
"3 "= "1Sy.exe "
"4 "= "2Sy.exe "
"5 "= "3Sy.exe "
"6 "= "5Sy.exe "
"7 "= "dll.dll "
"8 "= "logo1_.exe "
"9 "= "rundl132.exe "
"10 "= "vdll.dll "
==================================
清除残留
==================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SH
OWALL]
"RegPath "= "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "
"Text "= "@shell32.dll,-30500 "
"Type "= "radio "
"CheckedValue "=dword:00000001
"ValueName "= "Hidden "
"DefaultValue "=dword:00000002
"HKeyRoot "=dword:80000001
"HelpID "= "shell.hlp#51105 "
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions "= "2048 "
"Documents "= " "
"DosPrint "= "no "
"load "=-
"NetMessage "= "no "
"NullPort "= "None "
"Programs "= "com exe bat pif cmd "
"Device "= " "
========================
------解决方案--------------------
@echo off
title 清除威金(logo_1,熊猫烧香)病毒最新变种工具
@echo 清除VIKING病毒最新变种工具
@echo -------------------------------------------------------
@echo by:http://www.9java.com
@echo VIKLIG病毒,专杀工具,请复制此代码 保存为.bat后缀的批处理文件双击运行即可.
@echo --------------------
pause
if exist %windir%\rundl132.exe echo ---报告,发现有威金病毒
if exist %windir%\logo_1.exe echo ---报告,发现有威金病毒
//杀viking进程
tskill logo_1
tskill rundl132
tskill zt
tskill wow
tskill logo1_
tskill Ravmon
tskill Eghost
tskill Mailmon
tskill KAVPFW
tskill IPARMOR
tskill Ravmond
taskkill /f /im 0sy.exe
taskkill /f /im 1sy.exe
taskkill /f /im 2sy.exe
taskkill /f /im 3sy.exe
taskkill /f /im 4sy.exe
taskkill /f /im 5sy.exe
taskkill /f /im 6sy.exe
taskkill /f /im 7sy.exe
taskkill /f /im 8sy.exe
taskkill /f /im 9sy.exe
//删除木马
del d:\_desktop.ini /f/s/q/a
del c:\Program Files\_desktop.ini
del %Windir%\MickNew\MickNew.dll
del %Windir%\MH_FILE\MH_DLL.dll
del %Windir%\_desktop.ini
del %Windir%\TODAYZTKING\TODAYZTKING.DLL
attrib -h -r -s c:\go.exe
del c:\go.exe
del c:\setup.exe
attrib -h -s -r c:\autorun.inf
del c:\autorun.inf
attrib -h -r -s d:\go.exe
del d:\go.exe
del d:\setup.exe
attrib -h -s -r d:\autorun.inf
del d:\autorun.inf
del e:\setup.exe
attrib -h -r -s e:\go.exe
del e:\go.exe
attrib -h -s -r e:\autorun.inf
del e:\autorun.inf
attrib -h -r -s f:\autorun.inf
del f:\go.exe
del f:\setup.exe
attrib -h -s -r f:\autorun.inf
del f:\autorun.inf
attrib -h -r -s g:\go.exe
del g:\go.exe
del g:\setup.exe
attrib -h -s -r g:\autorun.inf
del g:\autorun.inf
del h:\go.exe
del h:\setup.exe
attrib -h -s -r g:\autorun.inf
del h:\autorun.inf
del i:\go.exe
attrib -h -s -r g:\autorun.inf
del i:\autorun.inf
del i:\setup.exe
del j:\go.exe
attrib -h -s -r g:\autorun.inf
del j:\autorun.inf
del j:\setup.exe
del %windir%\system\Logo1_.exe
del %windir%\rundl132.exe
del %windir%\vDll.dll
del %windir%\Dll.dll
del %windir%\0Sy.exe
del %windir%\1Sy.exe
del %windir%\2Sy.exe
del %windir%\3Sy.exe
del %windir%\5Sy.exe
del %windir%\1.com
@echo ^_^ 报告老大,VIKING已经全都被处死,有空多来我blog看看哦,地址是www.9java.com
@echo 真累哈,再给你的系统免疫下,不需要的话请直接退出
pause
//免疫系统
echo > %windir%\Logo1_.exe
echo > %windir%\rundl132.exe
echo > %windir%\0Sy.exe
echo > %windir%\vDll.dll
echo > %windir%\1Sy.exe
echo > %windir%\2Sy.exe
echo > %windir%\rundll32.exe
echo > %windir%\3Sy.exe
echo > %windir%\5Sy.exe
echo > %windir%\1.com
echo > %windir%\exerouter.exe
echo > %windir%\EXP10RER.com
echo > %windir%\finders.com
echo > %windir%\Shell.sys
echo > %windir%\kill.exe
echo > %windir%\sws.dll
echo > %windir%\sws32.dll
echo > %windir%\uninstall\rundl132.exe
echo > %windir%\SVCHOST.exe
echo > %windir%\WINLOGON.exe
echo > %windir%\RUNDLL32.EXE
echo > C:\ "Program Files "\svchost.exe
echo > C:\ "Program Files "\ "Internet Explorer "\svchost.exe
echo > %windir%\Download\svchost.exe
echo > %windir%\system32\wldll.dll
attrib %windir%\Logo1_.exe +s +r +h
attrib %windir%\rundl132.exe +s +r +h
attrib %windir%\0Sy.exe +s +r +h
attrib %windir%\vDll.dll +s +r +h
attrib %windir%\1Sy.exe +s +r +h
attrib %windir%\2Sy.exe +s +r +h
attrib %windir%\rundll32.exe +s +r +h
attrib %windir%\3Sy.exe +s +r +h
attrib %windir%\5Sy.exe +s +r +h
attrib %windir%\1.com +s +r +h
attrib %windir%\exerouter.exe +s +r +h
attrib %windir%\EXP10RER.com +s +r +h
attrib %windir%\finders.com +s +r +h
attrib %windir%\Shell.sys +s +r +h
attrib %windir%\kill.exe +s +r +h
attrib %windir%\sws.dll +s +r +h
attrib %windir%\sws32.dll +s +r +h
attrib %windir%\uninstall\rundl132.exe +s +r +h
attrib %windir%\SVCHOST.exe +s +r +h
attrib %windir%\WINLOGON.exe +s +r +h
attrib %windir%\RUNDLL32.EXE +s +r +h
attrib C:\ "Program Files "\svchost.exe +s +r +h
attrib C:\ "Program Files "\ "Internet Explorer "\svchost.exe +s +r +h
attrib %windir%\Download\svchost.exe +s +r +h
attrib %windir%\system32\wldll.dll +s +r +h
net share c$ /del
net share d$ /del
net share e$ /del
net share f$ /del
net share admin$ /del
net share ipc$ /del
cls
@echo -------------------------------------
@echo viking已经全部被我杀完拉,哈,厉害吧
@echo 系统已经成功免疫!
@echo 谢谢你的使用,请重启您的电脑!
@echo -------------------------------------
pause
=========================
禁止运行
=========================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"DisallowRun "=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\DisallowRun]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"**delvals. "= " "
"1 "= "0Sy.exe "
"2 "= "1.com "
"3 "= "1Sy.exe "
"4 "= "2Sy.exe "
"5 "= "3Sy.exe "
"6 "= "5Sy.exe "
"7 "= "dll.dll "
"8 "= "logo1_.exe "
"9 "= "rundl132.exe "
"10 "= "vdll.dll "
==================================
清除残留
==================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SH
OWALL]
"RegPath "= "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "
"Text "= "@shell32.dll,-30500 "
"Type "= "radio "
"CheckedValue "=dword:00000001
"ValueName "= "Hidden "
"DefaultValue "=dword:00000002
"HKeyRoot "=dword:80000001
"HelpID "= "shell.hlp#51105 "
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions "= "2048 "
"Documents "= " "
"DosPrint "= "no "
"load "=-
"NetMessage "= "no "
"NullPort "= "None "
"Programs "= "com exe bat pif cmd "
"Device "= " "
========================
[解决办法]
病毒?
[解决办法]
不给熊猫打火机,看他怎么烧!
[解决办法]
用放大镜引火
------解决方案--------------------
mark
[解决办法]
我这边也有不少人中,不过我的电脑没事,这个病毒也有有些历史了,应该有不少预防措施
[解决办法]
我自己整理的专杀工具+防范,已经搞定,最新!
http://007spy.cn/dispbbs.asp?boardID=2&ID=33&page=1
[解决办法]
金山的专杀工具或者安装金山毒霸2007试用版也可以。
[解决办法]
不要用国产杀毒软件,效果不好
[解决办法]
用杀毒软件是预防,是中了毒后的事了
预防是修补系统漏洞使它无法感染
[解决办法]
殺毒軟件只會等中招後再報告,不會提前將其卡死掉。
[解决办法]
對DOS這麼熟悉,肯定是高手。
[解决办法]
不要上网
[解决办法]
不要上网
[解决办法]
做个bat,开机启动加载,首先把共享给去掉,否则可能会感染,不要开共享,服务器最好用ftp,不要共享目录
unshare.bat
net share admin$ /delete
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share IPC$ /delete
然后下载熊猫专杀工具,杀所有机器
安装最新的杀毒软件
[解决办法]
听说这个东东是delphi 写的!
为delphi 顶顶
[解决办法]
真的吗?
