设为首页收藏本站
切换到窄版

 找回密码
 注册
搜索
热搜: 超星 读书 找书
网上读书园地»论坛 专业交流与互助 计算机技术[关闭中] 电脑中了10Sy.exe,jtso.exe,fyso.exe病毒,怎么办? ...
返回列表 发新帖
查看: 2137|回复: 8

[【公告】] 电脑中了10Sy.exe,jtso.exe,fyso.exe病毒,怎么办?

[复制链接]
ycx2003 该用户已被删除
发表于 2007-6-1 17:18:41 | 显示全部楼层 |阅读模式
有电脑高手在吗,电脑中了威金病毒,QQ自动下线,CPU 100%,后台运行jtso.exe,fyso.exe,10Sy.exe等一大堆不知道的程序,病毒加载不了,怎么办。
安全模式进不了。(可能显示器是14寸,不支持),还有时间每次重启就变为1980年。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

×
回复

使用道具 举报

ycx2003 该用户已被删除
 楼主| 发表于 2007-6-1 18:46:29 | 显示全部楼层
搜索用的威金病毒专杀,都杀不出来,谁能提供强大一点的威金专杀,威金变种太多了.
回复

使用道具 举报

zxcvv
发表于 2007-6-1 18:52:58 | 显示全部楼层
系统还原,再把剩下的病毒文件删掉
回复

使用道具 举报

verycd
发表于 2007-6-1 18:59:39 | 显示全部楼层
威金病毒专杀工具

http://www.360safe.com/k-wk.htm
回复

使用道具 举报

alvinwoolf
发表于 2007-6-1 19:06:48 | 显示全部楼层
所谓的瑞星、江民、金山威金专杀都没有什么用处的,如果没有资料,还是格式化吧
回复

使用道具 举报

ycx2003 该用户已被删除
 楼主| 发表于 2007-6-1 21:38:50 | 显示全部楼层
好可怕,这种病毒不知是谁发明的.只有更新系统
回复

使用道具 举报

孔南
发表于 2007-6-1 21:51:41 | 显示全部楼层
前几天刚中过那个 xxso0 的.

请保存 vbs, 并在安全模式下运行.

  1. on error resume next
  2. msgbox "本专杀由[G-AVR]Gryesign提供---http://hi.baidu.com/greysign",64,"搜索引擎乱码病毒专杀,请在安全模式下运行"
  3. '-----------------病毒进程结束模块开始-----------------
  4. set w=getobject("winmgmts:")
  5. set p=w.execquery("select * from win32_process where name='fyso.exe'")
  6. for each i in p
  7. i.terminate
  8. next
  9. on error resume next
  10. set w=getobject("winmgmts:")
  11. set p=w.execquery("select * from win32_process where name='jtso.exe'")
  12. for each i in p
  13. i.terminate
  14. next
  15. set w=getobject("winmgmts:")
  16. set p=w.execquery("select * from win32_process where name='mhso.exe'")
  17. for each i in p
  18. i.terminate
  19. next
  20. set w=getobject("winmgmts:")
  21. set p=w.execquery("select * from win32_process where name='qjso.exe'")
  22. for each i in p
  23. i.terminate
  24. next
  25. set w=getobject("winmgmts:")
  26. set p=w.execquery("select * from win32_process where name='qqso.exe'")
  27. for each i in p
  28. i.terminate
  29. next
  30. set w=getobject("winmgmts:")
  31. set p=w.execquery("select * from win32_process where name='wgso.exe'")
  32. for each i in p
  33. i.terminate
  34. next
  35. set w=getobject("winmgmts:")
  36. set p=w.execquery("select * from win32_process where name='wlso.exe'")
  37. for each i in p
  38. i.terminate
  39. next
  40. set w=getobject("winmgmts:")
  41. set p=w.execquery("select * from win32_process where name='wmso.exe'")
  42. for each i in p
  43. i.terminate
  44. next
  45. set w=getobject("winmgmts:")
  46. set p=w.execquery("select * from win32_process where name='woso.exe'")
  47. for each i in p
  48. i.terminate
  49. next
  50. set w=getobject("winmgmts:")
  51. set p=w.execquery("select * from win32_process where name='ztso.exe'")
  52. for each i in p
  53. i.terminate
  54. next
  55. set w=getobject("winmgmts:")
  56. set p=w.execquery("select * from win32_process where name='nwizAskTao'")
  57. for each i in p
  58. i.terminate
  59. next
  60. set w=getobject("winmgmts:")
  61. set p=w.execquery("select * from win32_process where name='explorer.exe'")
  62. for each i in p
  63. i.terminate
  64. next
  65. '-----------------病毒进程结束模块终止-----------------
  67. '-----------------病毒文件删除模块开始-----------------
  68. set fso=createobject("scripting.filesystemobject")
  69. set del=wscript.createobject("wscript.shell")
  70. d1=del.ExpandEnvironmentStrings("%temp%\fyso.exe")
  71. d2=del.ExpandEnvironmentStrings("%temp%\jtso.exe")
  72. d3=del.ExpandEnvironmentStrings("%temp%\mhso.exe")
  73. d4=del.ExpandEnvironmentStrings("%temp%\qjso.exe")
  74. d5=del.ExpandEnvironmentStrings("%temp%\qqso.exe")
  75. d6=del.ExpandEnvironmentStrings("%temp%\wgso.exe")
  76. d7=del.ExpandEnvironmentStrings("%temp%\wlso.exe")
  77. d8=del.ExpandEnvironmentStrings("%temp%\wmso.exe")
  78. d9=del.ExpandEnvironmentStrings("%temp%\woso.exe")
  79. d10=del.ExpandEnvironmentStrings("%temp%\ztso.exe")
  80. d11=del.ExpandEnvironmentStrings("%temp%\fyso0.dll")
  81. d12=del.ExpandEnvironmentStrings("%temp%\jtso0.dll")
  82. d13=del.ExpandEnvironmentStrings("%temp%\mhso0.dll")
  83. d14=del.ExpandEnvironmentStrings("%temp%\conime.exe")
  84. d15=del.ExpandEnvironmentStrings("%temp%\qjso0.dll")
  85. d16=del.ExpandEnvironmentStrings("%temp%\qqso0.dll")
  86. d17=del.ExpandEnvironmentStrings("%temp%\wgso0.dll")
  87. d18=del.ExpandEnvironmentStrings("%temp%\wlso0.dll")
  88. d19=del.ExpandEnvironmentStrings("%temp%\wmso0.dll")
  89. d20=del.ExpandEnvironmentStrings("%temp%\woso0.dll")
  90. d21=del.ExpandEnvironmentStrings("%temp%\ztso0.dll")
  91. d22=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak")
  92. d23=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll")
  93. d24=del.ExpandEnvironmentStrings("%temp%\svchost.exe")
  94. d25=del.ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE")
  95. d26=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe")
  96. d27=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe")
  97. d28=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll")
  98. d29=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll")
  99. d30=del.ExpandEnvironmentStrings("%temp%\svchost32.exe")
  100. d31=del.ExpandEnvironmentStrings("%temp%\srogm.exe")
  101. d32=del.ExpandEnvironmentStrings("%temp%\csrss.exe")
  103. set v1=fso.getfile(d1)
  104. set v2=fso.getfile(d2)
  105. set v3=fso.getfile(d3)
  106. set v4=fso.getfile(d4)
  107. set v5=fso.getfile(d5)
  108. set v6=fso.getfile(d6)
  109. set v7=fso.getfile(d7)
  110. set v8=fso.getfile(d8)
  111. set v9=fso.getfile(d9)
  112. set v10=fso.getfile(d10)
  113. set v11=fso.getfile(d11)
  114. set v12=fso.getfile(d12)
  115. set v13=fso.getfile(d13)
  116. set v14=fso.getfile(d14)
  117. set v15=fso.getfile(d15)
  118. set v16=fso.getfile(d16)
  119. set v17=fso.getfile(d17)
  120. set v18=fso.getfile(d18)
  121. set v19=fso.getfile(d19)
  122. set v20=fso.getfile(d20)
  123. set v21=fso.getfile(d21)
  124. set v22=fso.getfile(d22)
  125. set v23=fso.getfile(d23)
  126. set v24=fso.getfile(d24)
  127. set v25=fso.getfile(d25)
  128. set v26=fso.getfile(d26)
  129. set v27=fso.getfile(d27)
  130. set v28=fso.getfile(d28)
  131. set v29=fso.getfile(d29)
  132. set v30=fso.getfile(d30)
  133. set v31=fso.getfile(d31)
  134. set v32=fso.getfile(d32)
  136. v1.attributes=0
  137. v2.attributes=0
  138. v3.attributes=0
  139. v4.attributes=0
  140. v5.attributes=0
  141. v6.attributes=0
  142. v7.attributes=0
  143. v8.attributes=0
  144. v9.attributes=0
  145. v10.attributes=0
  146. v11.attributes=0
  147. v12.attributes=0
  148. v13.attributes=0
  149. v14.attributes=0
  150. v15.attributes=0
  151. v16.attributes=0
  152. v17.attributes=0
  153. v18.attributes=0
  154. v19.attributes=0
  155. v20.attributes=0
  156. v21.attributes=0
  157. v22.attributes=0
  158. v23.attributes=0
  159. v24.attributes=0
  160. v25.attributes=0
  161. v26.attributes=0
  162. v27.attributes=0
  163. v28.attributes=0
  164. v29.attributes=0
  165. v30.attributes=0
  166. v31.attributes=0
  167. v32.attributes=0
  169. v1.delete
  170. v2.delete
  171. v3.delete
  172. v4.delete
  173. v5.delete
  174. v6.delete
  175. v7.delete
  176. v8.delete
  177. v9.delete
  178. v10.delete
  179. v11.delete
  180. v12.delete
  181. v13.delete
  182. v14.delete
  183. v15.delete
  184. v16.delete
  185. v17.delete
  186. v18.delete
  187. v19.delete
  188. v20.delete
  189. v21.delete
  190. v22.delete
  191. v23.delete
  192. v24.delete
  193. v25.delete
  194. v26.delete
  195. v27.delete
  196. v28.delete
  197. v29.delete
  198. v30.delete
  199. v31.delete
  200. v32.delete
  201. '-----------------病毒文件删除模块终止-----------------
  202. '-----------------病毒文件免疫模块开始-----------------
  203. CreateFolderCreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso.exe")
  204. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso.exe")
  205. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso.exe")
  206. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso.exe")
  207. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso.exe")
  208. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso.exe")
  209. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso.exe")
  210. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso.exe")
  211. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso.exe")
  212. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso.exe")
  213. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso0.dll")
  214. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso0.dll")
  215. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso0.dll")
  216. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso0.dll")
  217. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso0.dll")
  218. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso0.dll")
  219. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso0.dll")
  220. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso0.dll")
  221. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso0.dll")
  222. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso0.dll")
  223. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak")
  224. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll")
  225. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost.exe")
  226. CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE")
  227. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe")
  228. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe")
  229. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll")
  230. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll")
  231. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost32.exe")
  232. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\srogm.exe")
  233. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\csrss.exe")
  234. CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\conime.exe")
  235. '-----------------病毒文件免疫模块终止-----------------
  238. '-----------------遍历删除各盘符根目录下病毒文件模块开始-----------------
  239. set fso=createobject("scripting.filesystemobject")
  240. set drvs=fso.drives
  241. for each drv in drvs
  242. if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
  243. set !![/url]<font color=#ff0000>谢绝广告帖!再发封ID!</font>fso.getfile(drv.driveletter&":\autorun.inf")
  244. u.attributes=0
  245. u.delete
  246. end if
  247. next
  248. &#39;-----------------遍历删除各盘符根目录下病毒文件模块终止-----------------
  250. &#39;-----------------注册表操作模块开始-----------------
  251. set reg=wscript.createobject("wscript.shell")
  252. Set objFSO = CreateObject( "Scripting.FileSystemObject" )
  253. reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", objFSO.GetSpecialFolder( 1 ) & "\userinit.exe,","REG_SZ"
  254. reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD"
  255. reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD"
  256. reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD"
  257. reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD"
  258. reg.regdelete "HKEY_CLASSES_ROOT\CLSID\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
  259. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
  260. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"
  261. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fysa"
  262. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jtsa"
  263. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhsa"
  264. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qjsa"
  265. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qqsa"
  266. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgsa"
  267. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlsa"
  268. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsa"
  269. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wosa"
  270. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztsa"
  271. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwizAskTao"
  272. reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiztlbb"
  274. &#39;-----------------注册表操作模块终止-----------------
  275. &#39;-----------------系统文件恢复模块开始-----------------
  276. &#39;-----------------系统文件修复模块终止-----------------
  277. &#39;-----------------HOST文件修复模块开始-----------------
  278. set fso=createobject("scripting.filesystemobject")
  279. Set objFSO = CreateObject( "Scripting.FileSystemObject" )
  280. set re=fso.OpenTextFile(objFSO.GetSpecialFolder( 1 ) &"\drivers\etc\hosts",2,0)
  281. re.Write "127.0.0.1        localhost" & vbCrLf
  282. re.Write "127.0.0.1        7y7.us"& vbCrLf
  283. re.Write "127.0.0.1      [url]http://www.beginget.com/GetVer/Ver.txt[/url]"& vbCrLf
  284. re.Close
  285. set re=nothing
  286. &#39;-----------------HOST文件修复模块终止-----------------
  288. &#39;-----------------Autorun免疫模块开始-----------------
  289. set drvs=fso.drives
  290. for each drv in drvs
  291. if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
  292. fso.createfolder(drv.driveletter&":\autorun.inf")
  293. fso.createfolder(drv.driveletter&":\autorun.inf\免疫文件夹..")
  294. set fl=fso.getfolder(drv.driveletter&":\autorun.inf")
  295. fl.attributes=3
  296. end if
  297. next
  298. &#39;-----------------Autorun免疫模块终止-----------------
  301. msgbox "病毒清除成功,请重启电脑!",64,"搜索引擎乱码病毒专杀"
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?注册

×
回复

使用道具 举报

ycx2003 该用户已被删除
 楼主| 发表于 2007-6-4 19:50:13 | 显示全部楼层
这个我没用,不过我用了别人写的威金熊猫病毒专杀的bat文件,电脑就变的不能用了,过一会就重启,
没法子,只能重装。
回复

使用道具 举报

孔南
发表于 2007-6-4 20:12:15 | 显示全部楼层
引用第7楼ycx2003于2007-06-04 19:50发表的 :
这个我没用,不过我用了别人写的威金熊猫病毒专杀的bat文件,电脑就变的不能用了,过一会就重启,
没法子,只能重装。

理解您的谨慎,但我中过这个,
试过多种方式,还是这个安全又有效。
不信的话您可以查看里面的每条语句。
如有不明之处,可回贴说明或PM。
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|网上读书园地

GMT+8, 2024-5-16 18:46 , Processed in 0.316342 second(s), 8 queries , Redis On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表