史萊姆論壇

返回   史萊姆論壇 > 專業主討論區 > 一般電腦疑難討論區
忘記密碼?
論壇說明

歡迎您來到『史萊姆論壇』 ^___^

您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的!

請點擊這裡:『註冊成為我們的一份子!』

Google 提供的廣告


發文 回覆
 
主題工具 顯示模式
舊 2003-08-15, 09:03 PM   #1
babayu
註冊會員
榮譽勳章
UID - 10509
在線等級: 級別:5 | 在線時長:50小時 | 升級還需:10小時級別:5 | 在線時長:50小時 | 升級還需:10小時級別:5 | 在線時長:50小時 | 升級還需:10小時級別:5 | 在線時長:50小時 | 升級還需:10小時級別:5 | 在線時長:50小時 | 升級還需:10小時
註冊日期: 2002-12-12
VIP期限: 2010-06
住址: 天堂
文章: 252
精華: 0
現金: 6621 金幣
資產: 11621 金幣
預設 疾風病毒自動掃瞄移除工具---不止疾風病毒含其他蠕蟲病毒

疾風病毒自動掃瞄移除工具---不止疾風病毒含其他蠕蟲病毒
及變種

此程式FOR所有版本 NT/2000/XP/2003


程式
ftp://ftp.kaspersky.com/utils/clrav.com

用法說明及參數


****************************************************************************
Utility for cleaning infection by:
I-Worm.BleBla.b
I-Worm.Navidad
I-Worm.Sircam
I-Worm.Goner
I-Worm.Klez.a,e,f,g,h
Win32.Elkern.c
I-Worm.Lentin.a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p
I-Worm.Tanatos.a,b
Worm.Win32.Opasoft.a,b,c,d,e,f,g,h
I-Worm.Avron.a,b,c,d,e
I-Worm.LovGate.a,b,c,d,e,f,g,h,i,j,k,l
I-Worm.Fizzer
I-Worm.Magold.a,b,c,d,e
Worm.Win32.Lovesan
Version 10.0.5.2 Copyright (C) Kaspersky Lab 2000-2003. All rights reserved.
****************************************************************************
Command line:
/s[n] - to force scaning of hard drives. Program will scan hard
drive for I-Worm.Klez.a(e,f,g,h) infection in any case.
n - include scaning of mapped network drives.
/y - end program without pressing any key.
/i - show command line info.
/nr - do not reboot system automatically in any cases.
/Rpt[ao][=<Report file path>] - create report file
a - add report file
o - report only (do not cure/delete infected files)
Return codes:
0 - nothing to clean
1 - virus was deleted and system restored
2 - to finilize removal of virus you shold reboot system
3 - to finilize removal of virus you shold reboot system and start
program the second time
4 - programm error.
****************************************************************************

I-Worm.BleBla.b
---------------
If program find HKEY_CLASSES_ROOT\rnjfile key in registry it:
delete registry keys
HKEY_CLASSES_ROOT\rnjfile
HKEY_CLASSES_ROOT\.lha
repair registry key to default value
HKEY_CLASSES_ROOT\.jpg to jpegfile
HKEY_CLASSES_ROOT\.jpeg to jpegfile
HKEY_CLASSES_ROOT\.jpe to jpegfile
HKEY_CLASSES_ROOT\.bmp to Paint.Picture
HKEY_CLASSES_ROOT\.gif to giffile
HKEY_CLASSES_ROOT\.avi to avifile
HKEY_CLASSES_ROOT\.mpg to mpegfile
HKEY_CLASSES_ROOT\.mpeg to mpegfile
HKEY_CLASSES_ROOT\.mp2 to mpegfile
HKEY_CLASSES_ROOT\.wmf to empty
HKEY_CLASSES_ROOT\.wma to wmafile
HKEY_CLASSES_ROOT\.wmv to wmvfile
HKEY_CLASSES_ROOT\.mp3 to mp3file
HKEY_CLASSES_ROOT\.vqf to empty
HKEY_CLASSES_ROOT\.doc to word.document.8 or wordpad.document.1
HKEY_CLASSES_ROOT\.xls to excel.sheet.8
HKEY_CLASSES_ROOT\.zip to winzip
HKEY_CLASSES_ROOT\.rar to winrar
HKEY_CLASSES_ROOT\.arj to archivefile or winzip
HKEY_CLASSES_ROOT\.reg to regfile
HKEY_CLASSES_ROOT\.exe to exefile
try to delete file
c:\windows\sysrnj.exe

I-Worm.Navidad
--------------
If program find HKEY_CURRENT_USER\Software\Navidad,
HKEY_CURRENT_USER\Software\xxxxmas or HKEY_CURRENT_USER\Software\Emanuel key
in registry it:
delete registry keys
HKEY_CURRENT_USER\Software\Navidad
HKEY_CURRENT_USER\Software\xxxxmas
HKEY_CURRENT_USER\Software\Emanuel
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Win32BaseServiceMOD
repair registry key to default value
HKEY_CLASSES_ROOT\exefile\shell\open\command to "%1" %*
try to delete file
winsvrc.vxd
winfile.vxd
wintask.exe

I-Worm.Sircam
-------------
If program find HKEY_LOCAL_MACHINE\Software\SirCam key in registry,
"@win \recycled\sirc32.exe" in autoexec.bat or \windows\run32.exe and
\windows\rundll32.exe was created on Delphi it:
delete registry keys
HKEY_LOCAL_MACHINE\Software\SirCam
Software\Microsoft\Windows\CurrentVersion\RunServices
Driver32
repair registry key to default value
HKEY_CLASSES_ROOT\exefile\shell\open\command to "%1" %*
try to delete file
%Windows drive%:\RECYCLED\SirC32.exe
%Windows directory%\ScMx32.exe
%Windows system directory%\SCam32.exe
%Windows startup directory%\"Microsoft Internet Office.exe"
%Windows drive%:\windows\rundll32.exe
try to rename files
%Windows drive%:\windows\Run32.exe to
%Windows drive%:\windows\RunDll32.exe
try to repair files
autoexec.bat

In case program can not delete or rename any files (it may be used at
that moment) it set these files to queue to delete or rename during bootup
process and offer user to reboot system.

I-Worm.Goner
------------
If gone.scr process exist in memory, program will try to stop it.
if file %Windows system directory%\gone.scr exist on hard drive,
program will try to delete it.
If program find %Windows system directory%\gone.scr key in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run of system
registry, it will delete this key.

I-Worm.Klez.a,e-h, Win32.Elkern.c, I-Worm.Lentin.a-p, I-Worm.Tanatos.a-b,
-------------------------------------------------------------------------
Worm.Win32.Opasoft.a-h, I-Worm.Avron.a-e, I-Worm.LovGate.a-l, I-Worm.Fizzer,
----------------------------------------------------------------------------
I-Worm.Magold.a-e, Worm.Win32.Lovesan
-------------------------------------
If program find next processes in memory:
Krn132.exe
WQK.exe
or any processes, infected by these viruses, it will try to
unhook virus hooks and patch needed processes to stop reinfection and then
stop them and delete/cure their files on hard drive and delete links to their
files from system registry and other startup places.
If program find that WQK.DLL library has been loaded by any processes
it will rename file of this library and will remove it after system reboot.
In case program find such library in memory of your PC you should reboot your
PC when program finish and start it the second time after reboot to clean your
system registry.
If program find any infected processes in memory it will start scan of
your hard drive (and all mapped network drives if you specify /netscan in
command line). It will check only infection by these viruses.
If you specify /s key in command line program will scan your hard drive
(and all mapped network drives if you specify /sn) in all cases.
If Win32.Elkern.c virus create memory mapping, program will disinfect
this memory area.
Program can restore next startup links used by viruses:
autoexec.bat
win %virus file path and name%
win.ini section [Windows]
run=<virus file>
registry keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
values
AppInit_DLLs
Run
HKEY_CLASSES_ROOT\txtfile\shell\open\command (txt association)
restoring to link to notepad.exe program
HKEY_CLASSES_ROOT\exefile\shell\open\command (exe association)
restoring to "%1" %*
HKEY_CLASSES_ROOT\comfile\shell\open\command (com association)
restoring to "%1" %*
HKEY_CLASSES_ROOT\batfile\shell\open\command (bat association)
restoring to "%1" %*
HKEY_CLASSES_ROOT\piffile\shell\open\command (pif association)
restoring to "%1" %*
HKEY_CLASSES_ROOT\scrfile\shell\open\command (scr association)
restoring to "%1" %*
installed NT services
mIRC start scripts
<Program Files folder>\Mirc\script.ini
<Program Files folder>\Mirc32\script.ini
Pirch start scripts
<Program Files folder>\Pirch98\events.ini


用法:
1. copy clrav.com 到你的windows\system32目錄下
2. 開始--->執行----->鍵入clrav.com /s----> 確定
babayu 目前離線  
送花文章: 0, 收花文章: 2 篇, 收花: 2 次
回覆時引用此帖
舊 2003-08-16, 04:10 AM   #2 (permalink)
長老會員
 
john0720 的頭像
榮譽勳章
UID - 23494
在線等級: 級別:14 | 在線時長:277小時 | 升級還需:8小時級別:14 | 在線時長:277小時 | 升級還需:8小時級別:14 | 在線時長:277小時 | 升級還需:8小時級別:14 | 在線時長:277小時 | 升級還需:8小時
註冊日期: 2003-01-08
VIP期限: 2010-11
住址: Brunei.K.B
文章: 444
精華: 0
現金: 152 金幣
資產: 15326 金幣
預設

感謝大大分享
趕緊來掃描一下
__________________


http://tw.search.bid.yahoo.com/searc...D1%A8%CF%AB%CE
john0720 目前離線  
送花文章: 480, 收花文章: 83 篇, 收花: 287 次
回覆時引用此帖
舊 2003-09-10, 02:47 AM   #3 (permalink)
長老會員
 
yu jun 的頭像
榮譽勳章
UID - 3708
在線等級: 級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時級別:35 | 在線時長:1407小時 | 升級還需:33小時
註冊日期: 2002-12-07
住址: 很想要有個家
文章: 4056
現金: 17880 金幣
資產: 42162 金幣
預設

感恩 大大ㄉ分享。
__________________
為人聰明常煩心糊塗人看諸事平世間紛擾因此起何謂愚昧拒不迎
錙銖不較輸亦贏常保和善耳根清板橋甚解其中意糊塗當可勝聰明
yu jun 目前離線  
送花文章: 1832, 收花文章: 365 篇, 收花: 1966 次
回覆時引用此帖
發文 回覆



發表規則
不可以發文
不可以回覆主題
不可以上傳附加檔案
不可以編輯您的文章

論壇啟用 BB 語法
論壇啟用 表情符號
論壇啟用 [IMG] 語法
論壇禁用 HTML 語法
Trackbacks are 禁用
Pingbacks are 禁用
Refbacks are 禁用


所有時間均為台北時間。現在的時間是 06:54 AM


Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.


SEO by vBSEO 3.6.1