1、使用安天木马防线可彻底清除此病毒(推荐)
2、手工清除请按照行为分析删除对应文件,恢复相关系统设置。
(1) 打开“我的电脑”找到“工具”选项进行如下设置,打开查看隐藏文件选项:
(2) 使用安天木马防线“进程管理”关闭病毒进程
lexplore.exe
iexplo0re.EXE
SVCH0ST.EXE
(3) 删除病毒释放文件
%Documents and Settings%\当前用户名\Local Settings
\Temp\mh1\iexpl0re.EXE
%Documents and Settings%\当前用户名\Local Settings
\Temp\mh2\iexpl0re.EXE
%Documents and Settings%\当前用户名\Local Settings
\Temp\Wl2\lexplore.exe
%Documents and Settings%\当前用户名\Local Settings
\Temp\Zt2\SVCH0ST.exe
%Documents and Settings%\当前用户名\Local Settings
\Temp\Mhgx.dll
%Documents and Settings%\当前用户名\Local Settings
\Temp\Mhgl.dll
%Documents and Settings%\当前用户名\Local Settings
\Temp\Mhgy.dll
%Documents and Settings%\当前用户名\Local Settings
\Temp\Wlgx.dll
%Documents and Settings%\当前用户名\Local Settings
\Temp\ZtgL.dll
%Documents and Settings%\当前用户名\Local Settings
\Temp\ZtgQ.dll
(4) 恢复可能被病毒修改的注册表项目,删除病毒添加的注册表项
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run\myMH1键值: 字符串: " %Documents
and Settings%\当前用户名\Local Settings\Temp\mh1\iexpl0re.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run\myMH2键值: 字符串: " %Documents
and Settings%\当前用户名\Local Settings\Temp\mh2\iexpl0re.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run\myW12键值: 字符串: " %Documents and Settings%\当前用户名\Local Settings\Temp\mh2\lexplore.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run\myZt2键值: 字符串: " %Documents and Settings%\当前用户名\Local Settings\Temp\mh2\svch0st.exe"