病毒名称:N/A(AVP)
　　病毒类型:下载者
　　加壳信息:N/A
　　编写语言:Borland Delphi 6.0 - 7.0
　　病毒来源:飞羽提供

　　病毒将会打开:
　　"http://www.coolmelife.com/ad/left.htm"
　　"http://www.coolmelife.com/ad/receive.htm"
　　"http://www.coolmelife.com/ad/right.htm"
　　并且采用此命令打开主页:explorer.exe http://www.coolmelife.com
　　病毒将从以下地址下载病毒文件:
　　http://www.coolmelife.com/download/Project1.exe
　　http://www.coolmelife.com/download/Project2.exe
　　http://www.coolmelife.com/download/a.dll
　　http://www.coolmelife.com/download/b.dll
　　http://www.coolmelife.com/download/srv.exe      (其实是个网页...)

　　病毒将生成以下文件:

%windir%\system32\AutoCML.exe    418KB   %windir%\system32\misser.exe    449KB    %windir%\system32\npcdll.DLL    15KB    %windir%\system32\NPMIS.EXE    446KB    %windir%\system32\MicKon.Dll    15KB    %windir%\system32\drivers\NHDLL.DLL 15KB   %windir%\system32\drivers\vplose.exe 446KB   %windir%\system32\wbem\svchost.exe 443KB   %windir%\system32\usmt\mig_hy.bk 443KB  %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\89S9EFUZ\srv[1].exe 418KB %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\89S9EFUZ\Project1[1].exe 443KB %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\216ZG9CT\a[1].dll 15KB %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\216ZG9CT\Project2[1].exe 76KB %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\216ZG9CT\b[2].dll 15KB

添加注册表项:

HKEY_USERS\S-1-5-21-1482476501-1993962763-842925246-500\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\wbem\svchost.exe "Generic Host Process for Win32 Service" HKEY_USERS\S-1-5-21-1482476501-1993962763-842925246-500\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\misser.exe "Microsoft(R) Connection Manager" HKEY_USERS\S-1-5-21-1482476501-1993962763-842925246-500\Software\Microsoft\Windows\ShellNoRoam\MUICache E:\InstallWatch Pro\Micnbio.exe "Microsoft(R) Connection Manager" HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\wbem\svchost.exe "Generic Host Process for Win32 Service" HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\misser.exe "Microsoft(R) Connection Manager" HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache E:\InstallWatch Pro\Micnbio.exe "Microsoft(R) Connection Manager"

　　解决方案:
　　1.使用Icesword(该软件可到down.45its.com下载)强行删除一下文件:

%windir%\system32\AutoCML.exe %windir%\system32\misser.exe %windir%\system32\npcdll.DLL %windir%\system32\NPMIS.EXE %windir%\system32\MicKon.Dll %windir%\system32\drivers\NHDLL.DLL %windir%\system32\drivers\vplose.exe %windir%\system32\wbem\svchost.exe %windir%\system32\usmt\mig_hy.bk

2.清空IE临时文件夹:
IE图标上点右键选择属性→Internet 属性→Internet 临时文件→单击"删除文件"
3.删除以下注册表项:
打开SREng－启动项目－注册表(该软件可到down.45its.com下载)

HKEY_USERS\S-1-5-21-1482476501-1993962763-842925246-500\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\wbem\svchost.exe "Generic Host Process for Win32 Service" HKEY_USERS\S-1-5-21-1482476501-1993962763-842925246-500\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\misser.exe "Microsoft(R) Connection Manager" HKEY_USERS\S-1-5-21-1482476501-1993962763-842925246-500\Software\Microsoft\Windows\ShellNoRoam\MUICache E:\InstallWatch Pro\Micnbio.exe "Microsoft(R) Connection Manager" HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\wbem\svchost.exe "Generic Host Process for Win32 Service" HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache C:\WINDOWS\system32\misser.exe "Microsoft(R) Connection Manager" HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache E:\InstallWatch Pro\Micnbio.exe "Microsoft(R) Connection Manager"

重启一下即可...