[注意!] GaoBot 高波病毒!!!
YES东的分析很正确,的确是高波病毒作怪。它会使你无法进入杀毒软件网站,无法在线升级杀毒软件,强制定义为127.0.0.0。使电脑变慢,屏蔽了你电脑和局域的连接等等问题。以下为解决方法:
W32/RBot-A is a worm with a backdoor component that spreads on weakly protected network shares on the Windows platform. The worm spreads by scanning random IP addresses for open SMB ports (445) and trying to copy itself to the Windows system folder on the remote Admin$ and C$ shares as the file wuamgrd.exe.
如果需要删除的话~~
先得删除%HomeDrive%\debug.txt
然后编辑注册表
HKEY_LOCAL_MACHINE :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update = wuamgrd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Microsoft Update = wuamgrd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update = wuamgrd.exe
HKU\\Software\Microsoft\Windows\
CurrentVersion\Run\Microsoft Update = wuamgrd.exe
HKU\\Software\Microsoft\Windows\
CurrentVersion\RunRunOnce\Microsoft Update = wuamgrd.exe
如果有,就删除~~~HKU那个不太容易找到的是 反正,搜索吧~~~~
另外,别忘了吧那个HOSTS文件编辑一下~~~除了local host以外,其他都删掉也可以咯~~
方法译自Sophos~~~:) (TABURISS的解释)
最后充启~~~我想应该就没有了~~~:)
页:
[1]