电脑软硬件应用网
当前位置: 电脑软硬件应用网 > 电脑学院 > 网络安全 > 正文
kvdxsfma.dll等木马群的清除指南
kvdxsfma.dll等木马群的清除指南
2007-10-30 14:04:32  文/崔衍渠   出处:天下无毒   

  进行如下操作前,请不要进行任何双击打开磁盘的操作。所有下载的工具都直接放桌面上。

  1.建议使用XDelBox删除以下文件:(可到http://down.45its.com下载)
  使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

  c:\windows\system32\kvdxsfma.dll
  c:\windows\system32\rsmygpm.dll
  c:\windows\system32\avzxemn.dll
  c:\windows\system32\kvmxfma.dll
  c:\windows\system32\wsmsazx.dll
  c:\program files\internet explorer\plugins\winsys8z.sys
  c:\windows\system32\kvdxsfma.dll
  c:\windows\system32\kajzcaz.exe
  c:\program files\common files\microsoft shared\yedeayu.exe
  c:\program files\common files\system\ewwwoxi.exe
  C:\autorun.inf
  d:\autorun.inf
  e:\autorun.inf
  f:\autorun.inf
  C:\mcqdvnc.exe
  d:\mcqdvnc.exe
  e:\mcqdvnc.exe
  f:\mcqdvnc.exe

  2.删除重启后使用SREng修复下面各项:

  启动项目 -- 注册表之如下项删除:
[{6D561258-45F3-A451-F908-A258458226D6}]      <C:\WINDOWS\system32\kvdxsfma.dll>
[{7E32FA58-3453-FA2D-BC49-F340348ACCE7}]      <C:\WINDOWS\system32\rsmygpm.dll>
[{5859245F-345D-BC13-AC4F-145D47DA34F5}]      <C:\WINDOWS\system32\avzxemn.dll>
[{6D47B341-43DF-4563-753F-345FFA3157D6}]      <C:\WINDOWS\system32\kvmxfma.dll>
[{392FADFA-BCDE-ACDF-CDEF-21054865CBA3}]      <C:\WINDOWS\system32\wsmsazx.dll>
[{F81F75C9-F974-4772-B72D-F28CBCD98C5F}]      <C:\Program Files\Internet Explorer\PLUGINS\WinSys8z.Sys>

  注意该项[AppInit_DLLs]修改:把<kvdxsfma.dll>修改为<>即清空

[kajzcaz]      <C:\WINDOWS\system32\kajzcaz.exe>
[mcqdvnc]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[fjmnjay]      <C:\Program Files\Common Files\System\ewwwoxi.exe>
[IFEO[360rpt.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[360Safe.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[360tray.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[adam.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AgentSvr.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AppSvc32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[ArSwp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AST.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[autoruns.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AvastU3.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avconsol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avgrssvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AvMonitor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avp.com]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[CCenter.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[ccSvcHst.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[EGHOST.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[FileDsty.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[FTCleanerShell.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[FYFireWall.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[ghost.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[HijackThis.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[IceSword.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[iparmo.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Iparmor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[irsetup.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[isPwdSvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kabaload.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KaScrScn.SCR]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KASMain.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KASTask.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAV32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVDX.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVPF.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVPFW.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVSetup.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVStart.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KISLnchr.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KMailMon.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KMFilter.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KPFW32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KPFW32X.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KPfwSvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KRegEx.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KRepair.com]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KsLoader.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVCenter.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvDetect.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvfwMcl.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVMonXP.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVMonXP_1.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvolself.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvReport.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVScan.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVSrvXP.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVStub.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvupload.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvwsc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvXP.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvXP_1.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KWatch.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KWatch9x.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KWatchX.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[loaddll.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[MagicSet.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[mcconsol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[mmqczj.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[mmsk.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Navapsvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Navapw32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[nod32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[nod32krn.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[nod32kui.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[NPFMntor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[PFW.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[PFWLiveUpdate.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QHSET.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QQDoctor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QQKav.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QQSC.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Ras.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Rav.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavMon.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavMonD.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavStub.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavTask.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RegClean.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rfwcfg.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rfwmain.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rfwsrv.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RsAgent.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Rsaupd.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rstrui.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[runiep.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[safelive.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[scan32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[shcfg32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[SmartUp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[SREng.EXE]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[symlcsvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[SysSafe.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[TrojanDetector.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Trojanwall.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[TrojDie.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UIHost.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxAgent.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxAttachment.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxCfg.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxFwHlp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxPol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[upiea.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UpLive.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[USBCleaner.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[vsstat.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[webscanx.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[WoptiClean.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[zjb.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>

  3 最后用windows清理助手或者金山清理专家等工具清理 。
  • 上一篇文章:

  • 下一篇文章:
    • 最新热点 最新推荐 相关文章
    删不掉的"淘宝图标"来侵 教你删"淘宝…
    微软高危漏洞"快捷方式自动执行"手工…
    acad.vlx删除方法
    360se.exe病毒清除解决方案
    regedit32.exe 病毒清除解决方案
    3874jr98.exe,long.exe等病毒清除解…
    RG8.tmp病毒清除解决方案
    139ujf939.exe,2.exe等病毒清除解决…
    EntSoQn.exe病毒清除解决方案
    360safess.net.exe等病毒清除解决方…
    关于45IT | About 45IT | 联系方式 | 版权声明 | 网站导航 |

    Copyright © 2003-2011 45IT. All Rights Reserved 浙ICP备09049068号