手工的拿走Win32.Agent.wvu特洛伊的-滴管

手工的拿走Win32.Agent.wvu特洛伊人-

Dropper.W32

//Agent.WVU是一trojan.trojan將感染視窗系統.
這trojan首先出現在2009年1月5日.
其它的名為W32/Agent.WVU特洛伊人:
這trojan也是以是W32.Spybot.Worm,Backdoor.Win32.Agent.wvu而聞名.

損壞水準:介質//高度
散發水準:未知

能樂為Win32.Agent.wvu特洛伊的-滴管搬遷工具
特洛伊的手工搬遷指令
推薦解除安全方式:
怎樣進入開始安全方式:
重新開始當你的有關精選安全方式壓enter.The是的銀幕傾向感染

檔案的時候,你的電腦出版社F8反覆能在這些檔案夾和名字中被看見也進來一會兒任務
在搬遷以前結束下列的活躍過程

%Temp%\1
%ProgramFiles%\CNNIC
%ProgramFiles%\CNNIC\Cdn
%ProgramFiles%\CNNIC\Cdn\Images
%Temp%\1\cdn.dll
%ProgramFiles%\CNNIC\Cdn\cdnaux.dll
%ProgramFiles%\CNNIC\Cdn\cdnforie.dll
%ProgramFiles%\CNNIC\Cdn\cdnprh.dll
%System%\cdnprot.dat
%System%\drivers\cdnprot.sys
%ProgramFiles%\CNNIC\Cdn\cdnunins.exe
%ProgramFiles%\CNNIC\Cdn\cdnup.exe
%ProgramFiles%\CNNIC\Cdn\cdnvers.dat
%ProgramFiles%\CNNIC\Cdn\idnconvs.dll
%Temp%\1\setup.exe
%ProgramFiles%\CNNIC\Cdn\src.dat
- 也複製在Programfiles下面上述檔案到%Temp\1\
[FXSTALLER.EXE罐也使用下列的排成一行名字] 04172258.DAT 59465376.DATBBPHOTO[1].EXEPACK.EXE 03932762.EXEFXSTALLER.MSNFIX LACOSTES.EXEERASEME_78156.EXE瑪麗娜[n].COMLACOSTES(n).EXELACOSTES[n].EXE26863612.COM,39847305.EXE,15451429.EXE,76765953.EXE,HOUSEGIRL.EXE,STH4NSBA.EXE,DD1.EXE,HOUSEGIRL.COM,39026582.EXE,11162921.EXE,40619004.COM,HACKEDMSN.EXE,HACKEDMSN n.COM,BURIMI.EXE,96195105.EXE,60362081.DAT
下列的檔案尺寸被明白:
37,376位元組,52,786位元組,39,936位元組,44,554位元組,60,938位元組,48,690位元組
- 如果你在從任務食槽運作過程方面有檔案任何這些,在搬遷以前結束過程.
- 筆記:如果任務經理是喪失能力的,下載下列的檔案,輕點下載--有助於Registry.reg
- 然後用Regedit.exe[[%system32\regedit.exe]打開它它確認是的或者不增加登記處,確認同意,然後好發出輕微而急促的聲音.

特洛伊人入口手工解除
RegistryClick
出發,跑步,類型regedit,按一下批准.

筆記:如果登記處編輯未能打開,威脅可以已經修改登記處阻礙到登記處編輯的通路.

下載這UnHookExec.inf,然後繼續removal.Save向你的視窗桌上型電腦它.不此刻,運作它,下載僅它.
在變為安全方式或者VGA方式用回抽法注射迷幻針劑之後
右點-UnHookExec.inf檔案和按一下安裝.這個是一小檔案.當你運作它的時候,它不展示任何注意或者盒子.

特洛伊人在下列的位置修改登記處在每一個系統開始保證它的自動執行:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\COMMAND
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\DISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\HINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\IDN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\KW
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\RIGHT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE\AUTOUPDATE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE\COLLECT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE\POPUP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser幫助者表示反對
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser幫助者Objects\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CdnClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZSXZ
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC\CdnClient
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC\CdnClient\Common
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC\CdnClient\Display
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC\CdnClient\InstallInfo
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC\CdnClient\RunAct
HKEY_LOCAL_MACHINE\SOFTWARE\CNNIC\CdnClient\Update
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdnprot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdnprot\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdnprot\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdnprot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdnprot\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdnprot\Enum
HKEY_CURRENT_USER\Software\CNNIC
HKEY_CURRENT_USER\Software\CNNIC\CdnClient
HKEY_CURRENT_USER\Software\CNNIC\CdnClient\Restore

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\VersionIndependentProgID
(不履行)="CdnForIE.IEHlprObj"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\ProgID
(不履行)="CndForIE.IEHlprObj.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\InprocServer32
(不履行)="C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll"
ThreadingModel="公寓"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
(不履行)="CdnForIE課"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}\TypeLib
(預設的)="{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108"}
版本="1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}\ProxyStubClsid32
(預設的)="{{00020424-0000-0000-C000-000000000046"}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}\ProxyStubClsid
(預設的)="{{00020424-0000-0000-C000-000000000046"}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{{5C3853CD-C7E0-4946-B3FA-1ABDB6F48108}
(不履行)="IIEHlprObj"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\0\win32
(不履行)="C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\HELPDIR
(不履行)="C:\PROGRA~1\CNNIC\Cdn\"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0\FLAGS
(不履行)="0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{{5C3853CE-C7E0-4946-B3FA-1ABDB6F48108}\1.0
(不履行)="CdnForIE 1.0類型圖書館"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj\CurVer
(不履行)="CndForIE.IEHlprObj.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj
(不履行)="CndForIE課"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj.1\CLSID
(預設的)="{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108"}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CdnForIE.IEHlprObj.1
(不履行)="CndForIE課"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\RIGHT
HKeyRoot=0x80000001
RegPath="Software\Microsoft\Internet Explorer\MenuExt\Access網際網路關鍵詞"
類型="複選框"
CheckedValue=0x0000007F
DefaultValue=0x0000007F
UncheckedValue=0x00000000
文本="按滑鼠右鍵添加"接近的機會網際網路關鍵詞
ValueName="上下文"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\KW
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000001
UncheckedValue=0x00000000
文本="有助於網際網路關鍵詞"
ValueName="EnableKw"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\IDN
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000001
UncheckedValue=0x00000000
文本=有助於中文域名
ValueName="EnableIdn"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\HINT
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000000
UncheckedValue=0x00000000
文本="展示在地址櫃台"下面暗示
ValueName="EnableAddrHint"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\DISPLAY
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000001
UncheckedValue=0x00000000
文本="在除了Droplist"外地址上展示關鍵詞
ValueName="EnableKwDisp"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW\COMMAND
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000000
UncheckedValue=0x00000000
文本="使中文域名指揮線支持"活動起來
ValueName="EnableIdnCmdEx"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE\POPUP
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000001
UncheckedValue=0x00000000
文本當新版本的時候="汽車-新的資訊被察覺"
ValueName="EnableTaskPopup"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE\COLLECT
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000000
UncheckedValue=0x00000000
文本="允許系統收集用戶記錄"
ValueName="EnableCollect"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE\AUTOUPDATE
HKeyRoot=0x80000001
RegPath="SOFTWARE\CNNIC\CdnClient\Console"
類型="複選框"
CheckedValue=0x00000001
DefaultValue=0x00000001
UncheckedValue=0x00000000
文本="聯誼辯論俱樂部向上新聞資訊"
ValueName="AutoUpdate"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\UPDATE
點陣圖="C:\WINNT\system32\inetcpl.cpl,4497"
文本="更新"
類型="組"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT\IDNKW
點陣圖="C:\WINNT\system32\inetcpl.cpl,4497"
文本="中國域名和網際網路關鍵詞"
類型="組"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT
點陣圖="C:\WINNT\system32\inetcpl.cpl,4497"
文本="中國航行"
類型="組"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
不履行可見="同意"

修改登記處價值
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
SearchAssistant="http://client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html"
CustomizeSearch="http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html"

搜查登記處前面列出病毒檔案名字完全移居
編輯菜單--裁決,在搜索上登記關鍵詞和去除所有的裁決的價值.

離開登記處編輯,

重新開始你的電腦.

推薦搬遷
Tools:Kaspersky
抗病毒的或者網際網路安全((Shareware)
Spyware Doctor((Shareware)
AVG抗病毒的(Freeware)

Killbox ((Freeware)