Manual Removal of W32.Sality.aa Trojan手動去除W32.Sality.aa木馬
Manual Removal of W32.Sality.aa Trojan 手動去除W32.Sality.aa木馬
W32/Sality-AA is a virus that also acts as a keylogger. W32/Sality-AA是一個病毒,也作為一個鍵盤記錄軟件。
The virus logs keystrokes to certain windows, as well as information about the infected computer. 該病毒記錄鍵盤某些版本的Windows ,以及有關在被感染的計算機。 This logged data is periodically submitted to a remote website. 這種記錄數據定期提交到遠程網站。
W32/Sality-AA has been seen spreading itself via email by piggy-backing on W32/Netsky-T. W32/Sality-AA已看到自己通過電子郵件傳播的背馱式支持對W32/Netsky-T 。 W32/Sality-AA is a virus that also acts as a keylogger. W32/Sality-AA是一個病毒,也作為一個鍵盤記錄軟件。
The virus logs keystrokes to certain windows, as well as information about the infected computer. 該病毒記錄鍵盤某些版本的Windows ,以及有關在被感染的計算機。 This logged data is periodically submitted to a remote website. 這種記錄數據定期提交到遠程網站。
W32/Sality-AA has been seen spreading itself via email by piggy-backing on W32/Netsky-T. W32/Sality-AA已看到自己通過電子郵件傳播的背馱式支持對W32/Netsky-T 。
Aliases: Virus.Win32.Sality.aa (Kaspersky), Virus:Win32/Sality.AM (Microsoft), W32/Sality.ah (McAfee) 別名: Virus.Win32.Sality.aa (卡巴斯基) ,病毒: Win32/Sality.AM (微軟) , W32/Sality.ah (邁克菲)
Type of infiltration: Virus 浸潤型:病毒
Size: Variable 尺寸:變
Affected platforms: Windows 影響平台: Windows
Signature database version: 3267 (20080714) 簽名數據庫版本: 3267 ( 20080714 )
Short description: Win32/Sality.NAR is a polymorphic file infector. 簡短說明: Win32/Sality.NAR是多態性檔案型。
The virus logs keystrokes to certain windows, as well as information about the infected computer. 該病毒記錄鍵盤某些版本的Windows ,以及有關在被感染的計算機。 This logged data is periodically submitted to a remote website. 這種記錄數據定期提交到遠程網站。
W32/Sality-AA has been seen spreading itself via email by piggy-backing on W32/Netsky-T. W32/Sality-AA已看到自己通過電子郵件傳播的背馱式支持對W32/Netsky-T 。 W32/Sality-AA is a virus that also acts as a keylogger. W32/Sality-AA是一個病毒,也作為一個鍵盤記錄軟件。
The virus logs keystrokes to certain windows, as well as information about the infected computer. 該病毒記錄鍵盤某些版本的Windows ,以及有關在被感染的計算機。 This logged data is periodically submitted to a remote website. 這種記錄數據定期提交到遠程網站。
W32/Sality-AA has been seen spreading itself via email by piggy-backing on W32/Netsky-T. W32/Sality-AA已看到自己通過電子郵件傳播的背馱式支持對W32/Netsky-T 。
Aliases: Virus.Win32.Sality.aa (Kaspersky), Virus:Win32/Sality.AM (Microsoft), W32/Sality.ah (McAfee) 別名: Virus.Win32.Sality.aa (卡巴斯基) ,病毒: Win32/Sality.AM (微軟) , W32/Sality.ah (邁克菲)
Type of infiltration: Virus 浸潤型:病毒
Size: Variable 尺寸:變
Affected platforms: Windows 影響平台: Windows
Signature database version: 3267 (20080714) 簽名數據庫版本: 3267 ( 20080714 )
Short description: Win32/Sality.NAR is a polymorphic file infector. 簡短說明: Win32/Sality.NAR是多態性檔案型。
Damage Level : Highly Dangerous 損傷程度:具有高度危險性
Distribution Level: High / Medium 分佈級別:高/中
There is NO Auto Removal Tool for W32.Sality.aa Trojan 沒有自動刪除工具的W32.Sality.aa木馬
Distribution Level: High / Medium 分佈級別:高/中
There is NO Auto Removal Tool for W32.Sality.aa Trojan 沒有自動刪除工具的W32.Sality.aa木馬
Trojan Manual Removal Instructions 木馬刪除指導手冊
Recommend Removal from Safe Mode: 建議去除安全模式:
How to Start in Safe mode: 如何以安全模式啟動:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter. 重新啟動計算機,按F8一而再,再而當屏幕打開,選擇安全模式,按Enter鍵。
The Infected Files Can be Seen in these folders and names also Running in Tasks 受感染的文件中可以看到這些文件夾和名稱同時運行的任務 Recommend Removal from Safe Mode: 建議去除安全模式:
How to Start in Safe mode: 如何以安全模式啟動:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter. 重新啟動計算機,按F8一而再,再而當屏幕打開,選擇安全模式,按Enter鍵。
End the Following Active Process Before Removal 末主動過程,然後才能去除
- %System%\amvo.exe %系統% \ amvo.exe
- %System%\blastclnnn.exe %系統% \ blastclnnn.exe
- %System%\scvhsot.exe %系統% \ scvhsot.exe
- %Temp%\00055a0e_rar\scvhsot.exe 的% Temp % \ 00055a0e_rar \ scvhsot.exe
- %Temp%\000592b2_rar\scvhsot.exe 的% Temp % \ 000592b2_rar \ scvhsot.exe
- %Temp%\0005934e_rar\hinhem.scr 的% Temp % \ 0005934e_rar \ hinhem.scr
- %Temp%\0005938d_rar\blastclnnn.exe 的% Temp % \ 0005938d_rar \ blastclnnn.exe
- %Windir%\hinhem.scr % Windir % \ hinhem.scr
- %Windir%\scvhsot.exe % Windir % \ scvhsot.exe
- c:\rdsfk.com ç : \ rdsfk.com
- %System%\drivers\ %系統% \司機\
.sys 。系統 - %temp%\win%name%.exe 的% Temp % \贏得%名稱% 。 EXE文件
- %temp%\%name%.exe 的% Temp % \ %名稱% 。 EXE文件
antzom.exe, ax.exe, bomryuc.dll , drlbqse.dll , egjjen.sys , fmgonn.sys , hehmu.sys , hsgfrn.sys , idlrrh.sys , impnn.sys , jnjpvn.sys , loader174.exe , mAO3q2B7r6.exe , mm2emt.exe , ogmkmn.sys , omdftn.sys , vwservice.exe , vwsrv.exe , vwsrv[1].exe , win13652.dll , win21309.dll , win25709.dll , win27388.dll , win28610.dll , win29788.dll , win3096.dll , win31324.dll , win33848.dll , win35482.dll , win36587.dll , win37763.dll , win40320.dll , win40346.dll , win44025.dll , win46721.dll , win48684.dll , win63279.dll , win7320.dll , windjnvr.exe , winibqs.exe , winjepm.exe , winkrqpx.exe , winkxggjh.exe , winnmswkj.exe , winrlwmt.exe , winxotbiy.exe , wmdrtc32.dll , wmdrtc32.dl_ , x1001[1].exe , x2000[1].exe , x2007.exe , x2011.exe , x2011[1].exe , x3000[1].exe , ywsnkhb.dll antzom.exe , ax.exe , bomryuc.dll , drlbqse.dll , egjjen.sys , fmgonn.sys , hehmu.sys , hsgfrn.sys , idlrrh.sys , impnn.sys , jnjpvn.sys , loader174.exe , mAO3q2B7r6 。 EXE文件, mm2emt.exe , ogmkmn.sys , omdftn.sys , vwservice.exe , vwsrv.exe , vwsrv [ 1 ] 。 EXE文件, win13652.dll , win21309.dll , win25709.dll , win27388.dll , win28610.dll , win29788的。 dll , win3096.dll , win31324.dll , win33848.dll , win35482.dll , win36587.dll , win37763.dll , win40320.dll , win40346.dll , win44025.dll , win46721.dll , win48684.dll , win63279.dll , win7320.dll , windjnvr.exe , winibqs.exe , winjepm.exe , winkrqpx.exe , winkxggjh.exe , winnmswkj.exe , winrlwmt.exe , winxotbiy.exe , wmdrtc32.dll , wmdrtc32.dl_ , x1001 [ 1 ] 。 EXE文件, X2000動[ 1 ] 。 EXE文件, x2007.exe , x2011.exe , x2011 [ 1 ] 。 EXE文件, x3000 [ 1 ] 。 EXE文件, ywsnkhb.dll
Spreading on removable media 可移動媒體上的傳播
The virus copies itself into the root folders of removable drives using a random filename. 該病毒會將自己複製到根文件夾的可移動驅動器使用的是隨機文件名。 The filename has one of the following extensions: 該文件的國家之一,下面的擴展:
.exe 的。 exe
.pif 。太平洋島國論壇
.cmd 。西咪替丁
The following file is dropped in the same folder: 以下文件是下降的同一文件夾中:
autorun.inf 的Autorun.inf
Thus, the virus ensures it is started each time infected media is inserted into the computer. 因此,該病毒是確保每一次感染開始媒體插入到計算機中。
If you have any of these files in running process from task manger, end the process before removal. 如果您有任何這些文件在運行過程中的任務經理,年底前拆除的過程。
Note: if task manager is disabled, Download the following file, 注意:如果任務管理器被禁用,下載以下文件, Click to Download - Enable Registry.reg 點擊下載-啟用Registry.reg
Manually Remove From Registry 手動刪除註冊表
Click Start, Run,Type regedit,Click OK. 單擊開始,運行,鍵入regedit ,單擊確定。
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. 注意:如果註冊表編輯器無法打開的威脅可能已經修改了註冊表,阻止訪問註冊表編輯器。 Download and run this 下載並運行此 UnHookExec.inf UnHookExec.inf , and then continue with the removal. ,然後繼續進行清除。
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion \ Internet設置
“GlobalUserOffline” = 0 “ GlobalUserOffline ” = 0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system HKEY_LOCAL_MACHINE \軟件\微軟\的Windows \ CurrentVersion \政策\系統
“EnableLUA” = 0 “ EnableLUA ” = 0
The following Registry entries are deleted: 以下註冊表項被刪除:
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats HKEY_USERS \軟件\微軟\的Windows \ CurrentVersion \分機\統計
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion \分機\統計
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\Stats HKEY_LOCAL_MACHINE \軟件\微軟\的Windows \ CurrentVersion \分機\統計
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion \ Explorer的\ Browser Helper物件
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects HKEY_LOCAL_MACHINE \軟件\微軟\的Windows \ CurrentVersion \ Explorer的\ Browser Helper物件
HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot HKEY_CURRENT_USER \系統\ CurrentControlSet \控制\ SafeBoot
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \控制\ SafeBoot
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aouei HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion \運行\ aouei Key: CLSID\{1CE21416-0B8D-8CF6-1FCB-099B30C628BB}\InprocServer32 關鍵詞:的CLSID \ ( 1CE21416 - 0B8D - 8CF6 - 1FCB - 099B30C628BB ) \ InprocServer32 Value: ThreadingModel 值:的ThreadingModel HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_VWSERVICE HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE Value: NextInstance 值: NextInstance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000 HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 Value: Class 值:類 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000\Control HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 \控制 Value: ActiveService 值:主動 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwservice HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ vwservice Value: DisplayName 值: DisplayName的 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwservice\Enum HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ vwservice \枚舉 Value: Count 值:伯爵 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwservice\Security HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ vwservice \安全 Value: Security 價值:安全 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32 HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ NdisFileServices32 Value: Type 值:類型 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32 HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ NdisFileServices32 Value: Start 價值:啟動 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32 HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ NdisFileServices32 Value: ErrorControl 值: ErrorControl HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32 HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ NdisFileServices32 Value: ImagePath 值: ImagePath HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32 HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ NdisFileServices32 Value: DisplayName 值: DisplayName的 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisFileServices32\Security HKEY_LOCAL_MACHINE \系統\ CurrentControlSet \服務\ NdisFileServices32 \安全 Value: Security 價值:安全 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 Value: NextInstance 值: NextInstance HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000\Control HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 \控制 Value: *NewlyCreated* 價值: * NewlyCreated * HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 Value: Service 價值:服務 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 Value: Legacy 價值:遺產 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 Value: ConfigFlags 值: ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 Value: Class 值:類 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 Value: ClassGUID 值: ClassGUID HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NDISFILESERVICES32\0000 HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 Value: DeviceDesc 值: DeviceDesc HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \服務\ NdisFileServices32 \枚舉 Value: 0 值: 0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \服務\ NdisFileServices32 \枚舉 Value: Count 值:伯爵 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NdisFileServices32\Enum HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \服務\ NdisFileServices32 \枚舉 Value: NextInstance 值: NextInstance HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_NDISFILESERVICES32\0000\Control HKEY_LOCAL_MACHINE \系統\ CURRENTCONTROLSET \ ENUM \根\ LEGACY_NDISFILESERVICES32 \ 0000 \控制 Value: ActiveService 值:主動 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: d 值: d HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion \ Explorer的\ ShellExecuteHooks Value: {06DB7430-7430-6DB1-306D-430DB4306DB1} 值: ( 06DB7430 - 7430 - 6DB1 - 306D - 430DB4306DB1 ) HKEY_CURRENT_USER\Software\CurrentControlSet\Services\NdisFileServices32 HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ NdisFileServices32 Value: ImagePath 值: ImagePath HKEY_CURRENT_USER\Software\CurrentControlSet\Services\NdisFileServices32 HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ NdisFileServices32 Value: DeleteFlag 值: DeleteFlag HKEY_CURRENT_USER\Software\CurrentControlSet\Services\NdisFileServices32 HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ NdisFileServices32 Value: ImagePath 值: ImagePath HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000 HKEY_CURRENT_USER \軟件\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 Value: ClassGUID 值: ClassGUID HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000 HKEY_CURRENT_USER \軟件\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 Value: DeviceDesc 值: DeviceDesc HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000 HKEY_CURRENT_USER \軟件\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 Value: Service 價值:服務 HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000 HKEY_CURRENT_USER \軟件\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 Value: ConfigFlag 值: ConfigFlag HKEY_CURRENT_USER\Software\CurrentControlSet\Enum\Root\Legacy_VWSERVICE\0000 HKEY_CURRENT_USER \軟件\ CurrentControlSet \枚舉\根\ Legacy_VWSERVICE \ 0000 Value: Legacy 價值:遺產 HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice Value: ImagePath 值: ImagePath HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice Value: ObjectName 值:對象 HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice Value: ErrorControl 值: ErrorControl HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice Value: Start 價值:啟動 HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice Value: Type 值:類型 HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice Value: FailureActions 值: FailureActions HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice\Enum HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice \枚舉 Value: NextInstance 值: NextInstance HKEY_CURRENT_USER\Software\CurrentControlSet\Services\vwservice\Enum HKEY_CURRENT_USER \軟件\ CurrentControlSet \服務\ vwservice \枚舉 Value: 0 值: 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: s 值:縣 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: f 價值:女 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: d 值: d HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: f 價值:女 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: d 值: d HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER \軟件\微軟\的Windows \ CurrentVersion Value: s 值:縣 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main HKEY_CURRENT_USER \軟件\微軟\的Internet Explorer \主要 Value: Start Page 值:初始頁 |
Search Registry For Virus File Names listed above to remove completely, 搜索註冊表病毒文件名上面列出完全消除,
Edit Menu - Find , enter Keyword and remove all value that find in search . 編輯菜單-查找,輸入關鍵字,並刪除所有值,發現在搜索 。
Exit the Registry Editor,退出註冊表編輯器,
Restart your Computer.重新啟動計算機。
Recommended Removal Tools: 建議刪除工具:
Kaspersky Antivirus or Internet Security 卡巴斯基防病毒或網路安全 ( Shareware ) (共享)
Spyware Doctor Spyware Doctor的 ( Shareware ) (共享)
AVG Antivirus 的AVG防毒 ( Freeware ) (免費)
Killbox Killbox ( Freeware ) ( 免費 )
Written by FireFly. 作者:螢火蟲。 Read more great feeds at is source 閱讀更多的是巨大的飼料來源 WEBSITE 網站
1 comment 1條評論 . 。
Read more articles on 閱讀更多文章 trojan removal 木馬清除 and 和 W32.Sality.aa W32.Sality.aa and 和 amvo.exe amvo.exe and 和 manual removal 手動清除 and 和 Removal 去除 and 和 otherSoftware otherSoftware and 和 removal of trojan 清除木馬 and 和 Windows 視窗 . 。
- [+] Digg [ + ] Digg : Feature this article :特徵本文
- [+] Del.icio.us [ + ] Del.icio.us : Bookmark this article :將此文章
- [+] Furl [ + ] Furl卷 : Bookmark this article :將此文章
#1 # 1 . December 20th, 2008, at 12:24 AM. 。 08年12月20號,在上午12時24分。
Sir,主席先生,
We are facing the problem with Sality.aa.我們正面臨的問題, Sality.aa 。 We tried to remove the entries, which have given you.我們試圖刪除該條目,這給你。 But some entries are found and some entries or not found.但一些項目的發現,一些項目或沒有找到。 After that we scan the system with Kaspersky but the safe mode, Registy & Task Manager also disabled.掃描後,我們的系統與卡巴斯基,但安全模式, Registy及任務管理器也禁用。 In this situation we downloaded some repairing tools also.在這種情況下,我們下載了一些修理工具還。 With that only 2 minutes it works and after 2 minutes agiain condition is same.由於只有2分鐘的作品和2分鐘後agiain條件是相同的。
Please help us in this regard請幫助我們在這方面
SHARMA夏爾馬