手动清除Trojan.PSW.Win32.Agent.mk(PegeFile.pif)病毒的操作办法
手动清除Trojan.PSW.Win32.Agent.mk(PegeFile.pif)病毒的操作办法
病毒名字:Trojan.PSW.Win32.Agent.mk(瑞星报毒名称)
样本名:PegeFile.pif
以下解决步骤参考网友ixigua的分析:
一:1.到down.45it.com下载费尔木马强制删除器工具.zip,解压缩打开PowerRmv.exe,在文件名处依次输入
C:Program FilesInternet ExplorerPLUGINSNewTemp.bak C:Program FilesInternet ExplorerPLUGINSNewTemp.dll 以及所有分区下的PegeFile.pif和autorun.inf文件 |
,并勾选"抑制文件再次生成"最后点击清除来删除该文件。
二:ctrl+alt+del打开任务管理器,结束explorer.exe 进程然后删除以下文件(参考步骤一)
C:DOCUME~1TestUserLOCALS~1Temp2.exe C:DOCUME~1TestUserLOCALS~1Temp1.exe C:DOCUME~1TestUserLOCALS~1Tempmhso.exe C:DOCUME~1TestUserLOCALS~1Tempmhso0.dll C:DOCUME~1TestUserLOCALS~1Temp3.exe C:WINDOWSsystem32ztinetzt.exe C:WINDOWSsystem32ztinetzt.dll C:DOCUME~1TestUserLOCALS~1Temp4.exe C:DOCUME~1TestUserLOCALS~1Temprxso.exe C:DOCUME~1TestUserLOCALS~1Temprxso0.dll C:DOCUME~1TestUserLOCALS~1Temp5.exe C:DOCUME~1TestUserLOCALS~1Temp6.exe C:DOCUME~1TestUserLOCALS~1Tempqjso.exe C:DOCUME~1TestUserLOCALS~1Tempqjso0.dll C:WINDOWSsystem32Ravasktao.exe C:WINDOWSsystem32Ravasktao.dll C:DOCUME~1TestUserLOCALS~1Temp7.exe C:DOCUME~1TestUserLOCALS~1Temptlso.exe C:DOCUME~1TestUserLOCALS~1Temptlso0.dll C:DOCUME~1TestUserLOCALS~1Temp8.exe C:DOCUME~1TestUserLOCALS~1Tempdaso.exe C:DOCUME~1TestUserLOCALS~1Tempdaso0.dll C:DOCUME~1TestUserLOCALS~1Temp7.exe C:DOCUME~1TestUserLOCALS~1Temp8.exe C:DOCUME~1TestUserLOCALS~1Temp9.exe C:Program FilesInternet ExplorerPLUGINSSystem64.Jmp C:Program FilesInternet ExplorerPLUGINSSystem64.Sys C:DOCUME~1TestUserLOCALS~1Temp10.exe C:WINDOWSsystem32Driversusbinte.sys C:WINDOWSsystem32visin.exe C:DOCUME~1TestUserLOCALS~1Temp11.exe C:WINDOWSsystem32mydata.exe C:WINDOWSsystem32moyu103.dll C:DOCUME~1TestUserLOCALS~1Temp13.exe C:DOCUME~1TestUserLOCALS~1Tempwlso.exe C:DOCUME~1TestUserLOCALS~1Tempwlso0.dll C:DOCUME~1TestUserLOCALS~1Temp14.exe C:DOCUME~1TestUserLOCALS~1Tempwgso.exe C:DOCUME~1TestUserLOCALS~1Tempwgso0.dll C:DOCUME~1TestUserLOCALS~1Temp15.exe C:WINDOWSsystem32wuclmi.exe C:WINDOWSsystem32wincfg.exe C:WINDOWSsystem32mvdbc.exe C:WINDOWSsystem32packet.dll C:WINDOWSsystem32pthreadVC.dll C:WINDOWSsystem32wanpacket.dll C:WINDOWSsystem32wpcap.dll C:WINDOWSsystem32driversnpf.sys C:WINDOWSsystem32npf_mgm.exe C:WINDOWSsystem32daemon_mgm.exe C:WINDOWSsystem32NetMonInstaller.exe C:WINDOWSsystem32rpcapd.exe C:WINDOWSsystem32capinstall.exe |
三:开始菜单-运行-输入“regedit”打开注册表删除以下标橙色的项
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRun "wosa" = %TEMP%WOSO.EXE "mhsa" = %TEMP%MHSO.EXE "Microsoft Autorun14" = %SYSTEM%ZTINETZT.EXE "rxsa" = %TEMP%RXSO.EXE "qjsa" = %TEMP%QJSO.EXE "Microsoft Autorun9" = %SYSTEM%RAVASKTAO.EXE "tlsa" = %TEMP%TLSO.EXE "dasa" = %TEMP%DASO.EXE "wlsa" = %TEMP%WLSO.EXE "wgsa" = %TEMP%WGSO.EXE
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesnm
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworknm
HKEY_LOCAL_MACHINESoftwareClassesCLSID{0EA66AD2-CF26-2E23-532B-B292E22F3266} |