手工W32/Rbot.WQV
這trojan複製它的檔案到是隱匿檔案Windows\System檔案夾.
這trojan資訊2009年5月6日更新.
其它的名為W32/Rbot.WQV特洛伊人:
這trojan也是以是Win32//Rbot,W32.Spybot.Worm,Worm.Rbot.AFAE而聞名.
TrojanW32
/Rbot.WQV是一trojan.trojan將感染視窗系統.這trojan複製它的檔案到是隱匿檔案Windows\System檔案夾.
這trojan資訊2009年5月6日更新.
其它的名為W32/Rbot.WQV特洛伊人:
這trojan也是以是Win32//Rbot,W32.Spybot.Worm,Worm.Rbot.AFAE而聞名.
損壞水準:介質//高度
散發水準: 介質
W32//Rbot.WQV特洛伊的手工搬遷指令
推薦解除安全方式:
怎樣進入開始安全方式:
重新開始當你的有關精選安全方式壓enter.The是的銀幕傾向感染
散發水準: 介質
W32//Rbot.WQV特洛伊的手工搬遷指令
推薦解除安全方式:
怎樣進入開始安全方式:
重新開始當你的有關精選安全方式壓enter.The是的銀幕傾向感染
檔案的時候,你的電腦出版社F8反覆能在這些檔案夾和名字中被看見也進來一會兒任務
在搬遷以前結束下列的活躍過程
在搬遷以前結束下列的活躍過程
- [消除過程, 如果你的接近的機會否認],使用 Killbox
下載
W32//Rbot.WQV特洛伊人聞名檔案搬遷工具
- %Windows\System\ssms.exe[[ 更多資訊 ]
- %Windows\System32\ssms.exe
- %Root視窗Drive\1.reg
- %Root視窗Drive\a.bat
[禁止精確在程式中關於檔案的資訊,在相關檔案之上搜索銼檔案夾]
如果你在從任務食槽運作過程方面有檔案任何這些,在搬遷以前結束過程.
筆記:如果任務經理是喪失能力的,下載下列的檔案, 發出輕微而急促的聲音下載--有助於Registry.reg[ 右點除了目標以外As/連接滿足As]
然後用Regedit.exe[[%system32\regedit.exe]打開它它確認是的或者不增加登記處,確認同意,然後好發出輕微而急促的聲音.
W32/Rbot.WQV特洛伊人入口手工解除
RegistryClick
出發,跑步,類型regedit,按一下批准.筆記:如果登記處編輯未能打開,威脅可以已經修改登記處阻礙到登記處編輯的通路.
- 下載這UnHookExec.inf,[, 右點-為目標節約As/連接滿足As]
然後繼續搬遷.向你的視窗桌上型電腦保留它.不此刻,運作它,下載僅它. - 在變為安全方式或者VGA方式用回抽法注射迷幻針劑之後
- 右點-UnHookExec.inf檔案和按一下安裝.這個是一小檔案.當你運作它的時候,它不展示任何注意或者盒子.
W32/Rbot.WQV特洛伊人在下列的位置修改登記處在每一個系統開始保證它的自動執行:
刪除入口
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
刪除:ssms.exe
HKEY_CURRENT_USER\Software\Microsoft\OLE
視窗更新ssms.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters
TransportBindName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters
AutoShareWks價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters
AutoShareServer價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
NameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
ForwardBroadcasts價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
IPEnableRouter價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
領土
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
UseDomainNameDevolution價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
EnableICMPRedirect價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DeadGWDetectDefault價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DontAddDefaultGatewayDefault價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
EnableSecurityFilters價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
AllowUnqualifiedQuery價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
PrioritizeRecordData價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
TCP1320Opts價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
KeepAliveTime REG_DWORD,價值:00023280
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
BcastQueryTimeout REG_DWORD,價值:000002EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
BcastNameQueryCount價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
CacheTimeout REG_DWORD,價值:0000EA60
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
尺寸//狹窄部份/中等//大價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
LargeBufferSize REG_DWORD,價值:00001000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SynAckProtect價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
PerformRouterDiscovery價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
EnablePMTUBHDetect價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
FastSendDatagramThreshold REG_DWORD,價值:00000400
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
StandardAddressLength REG_DWORD,價值:00000018
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DefaultReceiveWindow REG_DWORD,價值:00004000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DefaultSendWindow REG_DWORD,價值:00004000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
BufferMultiplier REG_DWORD,價值:00000200
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
PriorityBoost價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
IrpStackSize價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
IgnorePushBitOnReceives價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableAddressSharing價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
AllowUserRawAccess價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableRawSecurity價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DynamicBacklogGrowthDelta REG_DWORD,價值:00000032
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters FastCopyReceiveThresholdREG_DWORD,價值:00000400
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
LargeBufferListDepth價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
MaxActiveTransmitFileCount價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
MaxFastTransmit REG_DWORD,價值:00000040
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
OverheadChargeGranularity價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SmallBufferListDepth REG_DWORD,價值:00000020
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SmallerBufferSize REG_DWORD,價值:00000080
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
TransmitWorker REG_DWORD,價值:00000020
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DNSQueryTimeouts REG_MULTI_SZ,價值:"1",尺寸:26位元組
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DefaultRegistrationTTL REG_DWORD,價值:00000014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableReplaceAddressesInConflicts價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableReverseAddressRegistrations價值:
從正面刪除檔案入口
刪除入口
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
刪除:ssms.exe
HKEY_CURRENT_USER\Software\Microsoft\OLE
視窗更新ssms.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters
TransportBindName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters
AutoShareWks價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters
AutoShareServer價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
NameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
ForwardBroadcasts價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
IPEnableRouter價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
領土
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
UseDomainNameDevolution價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
EnableICMPRedirect價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DeadGWDetectDefault價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DontAddDefaultGatewayDefault價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
EnableSecurityFilters價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
AllowUnqualifiedQuery價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
PrioritizeRecordData價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
TCP1320Opts價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
KeepAliveTime REG_DWORD,價值:00023280
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
BcastQueryTimeout REG_DWORD,價值:000002EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
BcastNameQueryCount價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
CacheTimeout REG_DWORD,價值:0000EA60
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
尺寸//狹窄部份/中等//大價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
LargeBufferSize REG_DWORD,價值:00001000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SynAckProtect價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
PerformRouterDiscovery價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
EnablePMTUBHDetect價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
FastSendDatagramThreshold REG_DWORD,價值:00000400
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
StandardAddressLength REG_DWORD,價值:00000018
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DefaultReceiveWindow REG_DWORD,價值:00004000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DefaultSendWindow REG_DWORD,價值:00004000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
BufferMultiplier REG_DWORD,價值:00000200
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
PriorityBoost價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
IrpStackSize價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
IgnorePushBitOnReceives價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableAddressSharing價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
AllowUserRawAccess價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableRawSecurity價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DynamicBacklogGrowthDelta REG_DWORD,價值:00000032
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters FastCopyReceiveThresholdREG_DWORD,價值:00000400
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
LargeBufferListDepth價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
MaxActiveTransmitFileCount價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
MaxFastTransmit REG_DWORD,價值:00000040
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
OverheadChargeGranularity價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SmallBufferListDepth REG_DWORD,價值:00000020
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
SmallerBufferSize REG_DWORD,價值:00000080
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
TransmitWorker REG_DWORD,價值:00000020
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DNSQueryTimeouts REG_MULTI_SZ,價值:"1",尺寸:26位元組
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DefaultRegistrationTTL REG_DWORD,價值:00000014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableReplaceAddressesInConflicts價值:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
DisableReverseAddressRegistrations價值:
從正面刪除檔案入口
搜查登記處尋找W32/前面列出完全移居Rbot.WQV特洛伊人檔案名字
編輯菜單--裁決,在搜索上登記關鍵詞和去除所有的裁決的價值.
編輯菜單--裁決,在搜索上登記關鍵詞和去除所有的裁決的價值.
離開登記處編輯,
重新開始你的電腦.
推薦搬遷抗病毒的或者網際網路安全((Shareware)
Spyware Doctor((Shareware)
AVG抗病毒的(Freeware)
Spyware Doctor((Shareware)
AVG抗病毒的(Freeware)
Killbox ((Freeware)
在FireFly旁邊寫下.閱讀更多偉大餵在來源是WEBSITE
禁止意見.
閱讀更的多的有關W32//Rbot和W32//Rbot.WQV和ssms.exe和Backdoor.Win32.Rbot.gen的文章和手工搬遷和otherSoftware和拿走trojan和視窗.
- [+]Digg:特徵是這篇文章
- [+]Del.icio.us:給這篇文章加上書籤
- [+]折疊:給這篇文章加上書籤
