kvdxsfma.dll等木马群的清除指南

　　进行如下操作前，请不要进行任何双击打开磁盘的操作。所有下载的工具都直接放桌面上。

　　1.建议使用XDelBox删除以下文件：(可到http://down.45it.com下载)
　　使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

　　c:\windows\system32\kvdxsfma.dll
　　c:\windows\system32\rsmygpm.dll
　　c:\windows\system32\avzxemn.dll
　　c:\windows\system32\kvmxfma.dll
　　c:\windows\system32\wsmsazx.dll
　　c:\program files\internet explorer\plugins\winsys8z.sys
　　c:\windows\system32\kvdxsfma.dll
　　c:\windows\system32\kajzcaz.exe
　　c:\program files\common files\microsoft shared\yedeayu.exe
　　c:\program files\common files\system\ewwwoxi.exe
　　C:\autorun.inf
　　d:\autorun.inf
　　e:\autorun.inf
　　f:\autorun.inf
　　C:\mcqdvnc.exe
　　d:\mcqdvnc.exe
　　e:\mcqdvnc.exe
　　f:\mcqdvnc.exe

　　2.删除重启后使用SREng修复下面各项：

　　启动项目－－注册表之如下项删除：
[{6D561258-45F3-A451-F908-A258458226D6}]      <C:\WINDOWS\system32\kvdxsfma.dll>
[{7E32FA58-3453-FA2D-BC49-F340348ACCE7}]      <C:\WINDOWS\system32\rsmygpm.dll>
[{5859245F-345D-BC13-AC4F-145D47DA34F5}]      <C:\WINDOWS\system32\avzxemn.dll>
[{6D47B341-43DF-4563-753F-345FFA3157D6}]      <C:\WINDOWS\system32\kvmxfma.dll>
[{392FADFA-BCDE-ACDF-CDEF-21054865CBA3}]      <C:\WINDOWS\system32\wsmsazx.dll>
[{F81F75C9-F974-4772-B72D-F28CBCD98C5F}]      <C:\Program Files\Internet Explorer\PLUGINS\WinSys8z.Sys>

　　注意该项[AppInit_DLLs]修改：把<kvdxsfma.dll>修改为<>即清空

[kajzcaz]      <C:\WINDOWS\system32\kajzcaz.exe>
[mcqdvnc]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[fjmnjay]      <C:\Program Files\Common Files\System\ewwwoxi.exe>
[IFEO[360rpt.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[360Safe.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[360tray.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[adam.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AgentSvr.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AppSvc32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[ArSwp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AST.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[autoruns.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AvastU3.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avconsol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avgrssvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[AvMonitor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avp.com]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[avp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[CCenter.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[ccSvcHst.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[EGHOST.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[FileDsty.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[FTCleanerShell.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[FYFireWall.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[ghost.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[HijackThis.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[IceSword.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[iparmo.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Iparmor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[irsetup.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[isPwdSvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kabaload.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KaScrScn.SCR]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KASMain.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KASTask.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAV32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVDX.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVPF.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVPFW.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVSetup.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KAVStart.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KISLnchr.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KMailMon.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KMFilter.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KPFW32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KPFW32X.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KPfwSvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KRegEx.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KRepair.com]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KsLoader.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVCenter.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvDetect.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvfwMcl.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVMonXP.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVMonXP_1.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvolself.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvReport.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVScan.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVSrvXP.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KVStub.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvupload.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[kvwsc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvXP.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KvXP_1.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KWatch.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KWatch9x.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[KWatchX.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[loaddll.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[MagicSet.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[mcconsol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[mmqczj.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[mmsk.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Navapsvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Navapw32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[nod32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[nod32krn.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[nod32kui.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[NPFMntor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[PFW.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[PFWLiveUpdate.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QHSET.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QQDoctor.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QQKav.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[QQSC.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Ras.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Rav.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavMon.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavMonD.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavStub.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RavTask.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RegClean.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rfwcfg.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rfwmain.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rfwsrv.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[RsAgent.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Rsaupd.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[rstrui.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[runiep.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[safelive.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[scan32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[shcfg32.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[SmartUp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[SREng.EXE]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[symlcsvc.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[SysSafe.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[TrojanDetector.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[Trojanwall.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[TrojDie.kxp]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UIHost.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxAgent.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxAttachment.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxCfg.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxFwHlp.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UmxPol.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[upiea.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[UpLive.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[USBCleaner.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[vsstat.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[webscanx.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[WoptiClean.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>
[IFEO[zjb.exe]]      <C:\Program Files\Common Files\Microsoft Shared\yedeayu.exe>

　　3 最后用windows清理助手或者金山清理专家等工具清理。

搜索

kvdxsfma.dll等木马群的清除指南