中毒了..T_T..怎麼辦....

我中毒了~早上起來開電腦時NORTON顯示中毒警示,
病毒名稱Backdoor.Graybird,無法存取檔案也無法刪除
檔案~那我該怎麼辦啊~怎麼刪都刪不掉,有哪位大大可以
教教我吗~謝謝...
ps.該病毒在C:\WINDOWS\SYSTEM32\SVCHOST.EXE

[不知道]

隔離...
然後再到隔離區刪除這檔案

<試試吧>

http://securityresponse.symantec.com....graybird.html

[quote]原文由 不知道 所發表
隔離...
然後再到隔離區刪除這檔案

<試試吧>

沒辦法耶~謝謝大大~

引用:

原文由 不飛 所發表
http://securityresponse.symantec.com....graybird.html

不好意思大大,我看不懂英文,不過還是謝謝您~

引用:

原文由 q48019 所發表
這是中文的.參考看看
http://www.symantec.com.tw/region/tw...ter/index.html

謝謝您..可是我怎麼找就是找不到解決方法,真是急死我了~
唉~

http://www.so-net.net.tw/service/announcement/virus/
這個網址看看,應該是疾風的變種
如果你沒有在執行輸入 shutdown -a
你從裝置管理員關掉它就會重新啟動電腦
很難搞的,如果你的作業系統沒有更新
殺掉病毒後馬上又會中

[不知道]

建議您先將病毒碼更新,然後整各系統掃掃看...

<先試試>

[不知道]

Click Start, and then click Run. (The Run dialog box appears.)

Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to each of these the keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

NOTE: All the keys do not exist on all the systems.


For each one, in the right pane, delete any of the following values:

"svchost"="%System%\Svch0st.exe"
"winlogon"="%System%\Winlogon.exe"
"system"="%System%\Explorer.exe"


If you are running Windows NT/2000/XP, navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows


In the right pane, delete the value:

run %system%\svch0st.EXE


Exit the registry editor.

4. Reversing the changes made to the Win.ini file
If you are running Windows 95/98/Me, follow these steps:

The function you perform depends on your operating system:
Windows 95/98: Go to step b.
Windows Me: If you are running Windows Me, the Windows Me file-protection process may have made a backup copy of the Win.ini file that you need to edit. If this backup copy exists, it will be in the C:\Windows\Recent folder. Symantec recommends deleting this file before continuing with the steps in this section. To do this:
Start Windows Explorer.
Browse to and select the C:\Windows\Recent folder.
In the right pane, select the Win.ini file and delete it. The Win.ini file will be regenerated when you save your changes to it in step f.

For each one, in the right pane, delete any of the following values:

"svchost"="%System%\Svch0st.exe"
"winlogon"="%System%\Winlogon.exe"
"system"="%System%\Explorer.exe"


If you are running Windows NT/2000/XP, navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

In the right pane, delete the value:

run %system%\svch0st.EXE

Exit the registry editor.

開始->執行->regedit
然後到
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
這三各地方看看有無以下直,若有按滑鼠右鍵刪除
"svchost"="%System%\Svch0st.exe"
"winlogon"="%System%\Winlogon.exe"
"system"="%System%\Explorer.exe"
若是NT/2000/XP則到
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
刪除以下值
run %system%\svch0st.EXE

離開



Click Start, and then click Run.

Type the following:

edit c:\windows\win.ini

and then click OK. (The MS-DOS Editor opens.)

NOTE: If Windows is installed in a different location, make the appropriate path substitution.

In the [windows] section of the file, look for a line similar to:

run=C:\WINDOWS\SYSTEM\SVCH0ST.EXE


If this line exists, delete the entire line.

Click File, and then click Save.

Click File, and then click Exit.

開始->執行->edit c:\windows\win.ini
到[windows]這區找找有無此行run=C:\WINDOWS\SYSTEM\SVCH0ST.EXE?
若有刪除此行,然後存檔,注意win.ini是隱藏加唯讀檔喔

<參考看看啦,因為小弟也是各英痴>

引用:

原文由 ccl5988 所發表
http://www.so-net.net.tw/service/announcement/virus/
這個網址看看,應該是疾風的變種
如果你沒有在執行輸入 shutdown -a
你從裝置管理員關掉它就會重新啟動電腦
很難搞的,如果你的作業系統沒有更新
殺掉病毒後馬上又會中

太謝謝了,我又上了一課了~

引用:

原文由 不知道 所發表
[color=red]Click Start, and then click Run. (The Run dialog box appears.)

Type regedit .........



<參考看看啦,因為小弟也是各英痴>

謝謝版主...謝謝您的
熱心相助~