记事本U盘病毒 Notepad.exe查杀方法

特征:
1,运行Notepad.exe后,%SYSTEMROOT%system32建立随机命名文件夹935F0D,释放C:\WINDOWS\system32\935F0D\96B69A.EXE,

2,在%USERPROFILE%「开始」菜单\程序\启动中建立图标为文件夹文件名为空格的快捷方式,指向c:\windows\system32\935f0d\96b69a.exe

3,添加启动到HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,指向c:\windows\system32\935f0d\96b69a.exe

4,下载病毒http://twocannon250.com.cn/o.gif并随机命名为NT-EEA96FB9.EXE,释放到c:\windows\system32\935f0d\winocreg.exe,c:\windows\system32\935f0d\F0D363.EXE
5,访问2个网页
http://hidatabase.cn/ul.htm
dfg4tgurl{79,38,44,193,0,102,174,46,250,134,104,116,161,192,40,11,51,233,229,224,121,219,205,183,163,35,204,225,220,222,174,125,238,187,143,193,26,194,177,227,55,191,10,174,79,28,172,239,36,220,70,223,215,86,58,23,74,35,20,232,138,210,134,173,17,27,15,16,189,21,156,102,252,9,207,87,164,143,209,186,55,14,51,106,208,84,13,236,77,171,193,46,229,125,119,94,215,107,239,195,221,237,40,244,246,57,147,63,58,19,200,120,21,148,21,214,170,229,2,251,37,54,199,140,35,172,25,69,236,48,19,170,42,80,226,236,143,254,44,129,11,242,101,31}
http://hidatabase.cn/ol.htm
5rtgfforder{177,224,116,197,104,196,222,40,140,201,129,57,168,216,162,249,154,30,11,158,63,92,206,13,158,57,188,43,158,85,148,241,175,135,213,100,155,32,56,138,48,234,95,0,7,228,74,23,151,108,110,120,61,31,85,92,185,60,224,197,6,55,58,202,250,134,104,116,161,192,40,11,182,253,207,106,61,166,112,31,77,202,130,87,52,173,95,139,231,111,218,104,57,244,147,66,114,77,39,114,228,65,93,176,80,47,8,2,143,150,51,49,71,85,49,12,62,90,102,129,51,178,97,164,100,75,196,99,134,44,139,54,204,69,7,244,246,107,133,174,101,253,189,232,57,127,204,15,135,36,50,180,227,227,8,99,152,119,55,130,180,9,65,49,159,151,49,71,102,235,187,198,97,160,94,188,42,192,171,27,161,142,191,186,238,187,77,203,201,61,143,99,221,134,191,215,193,231,200,252,100,36,200,130,86,240,77,99,6,242,0,211,33,44,186,95,36,134,120,91,89,127,216,47,194,242,85,62,228,161,250,51,15,131,105,70,63,60,105,204,173,59,114,89,163,158,147,230,244,125,8,54,13,26,56,87,242,101,189,204,8,138,39,65,27,50,207,75,19,48,172,199,42,16,207,42,152,134,180,17,247,199,108,5,178,238,216,71,7,133,50,7,19,173,175,133,137,182,109,222,93,242,158,52,160,185,249,65,248,193,0,220,198,33,108,31,224,233,86,244,215,128,110,170,227,149,63,232,145,21,199,181,200,205,202,73,111,135,42,181,101,110,140,123,99,67,48,42,162,229,70,209,20,81,63,23,22,128,132,226,48,51,131,169,204,50,207,245,220,156,188,108,39,100,195,192,199,24,160,95,126,97,29,247,201,42,13,26,230,255,51,134,148,113,244,184,82,118,11,203,136,162,242,63,62,67,82,242,0,180,175,155,23,230,64,134,45,36,184,196,5,79,90,17,95,235,184,110,90,124,232,250,252,240,158,81,255,6,192,222,222,12,1,118,49,149,137,42,49,232,229,133,3,12,110,195,79,208,41,215,250,86,7,85,207,113,71,44,14,33,15,174,165,129,41,64,132,22,111,96,250,17,249,86,47,60,212,148,79,219,123,156,9,171,241,3,146,106,244,44,92,114,74,141,77,141,35,196,15,67,67,107,11,133,82,183,45,97,217,221,153,191,60,94,227,9,39,217,156,220,41,45,107,85,18,145,63,48,121,227,24,225,49,140,167,187,232,6,28,228,43,167,137,42,72,37,134,4,217,228,211,113,63,107,71,178,52,30,0,152,224,254,183,123,83,67,190,72,92,165,13,140,241,112,201,50,229,106,0,194,169,126,43,41,231,87,188,103,24,88,149,206,248,87,216,193,216,220,202,120,242,98,52,41,54,133,183,111,219,191,116,236,156,72,84,124,204,178,162,107,149,73,84,227,233,212,22,21,248,250,127,151,32,46,213,226,226,182,50,213,92,20,144,137,209,19,26,18,241,12,220,125,174,104,228,81,225,207,247,52,87,222,100,36,200,130,86,240,77,99,35,69,192,201,111,154,148,247,5,178,132,16,112,203,235,250,14,91,57,77,28,205,191,15,65,239,70,101,110,151,218,43,90,72,12,130,205,108,3,220,154,240,13,68,150,17,62,115,233,118,221,192,35,70,151,199,141,234,171,75,87,52,54,116,109,132,77,185,145,181,132,98,84,57,125,171,194,2,241,173,46,168,229,158,125,171,24,99,3,108,79,111,215,63,49,239,128,224,54,106,37,101,86,154,116,249,219,115,25,101,180,220,238,246,164,226,176,93,235,71,146,118,235,131,66,4,4,74,183,241,159,237,189,98,93,124,135,122,75,84,57,131,34,115,143,198,70,45,149,19,100,144,206,234,238,158,147,254,76,127,191,56,80,43,245,55,225,223,39,109,59,71,244,175,142,59,234,220,172,149,27,166,244,4,117,29,70,226,192,240,12,33,248,144,110,85,130,84,111,147,213,47,139,218,17,159,159,15,13,84,175,121,130,16,205,150,150,38,63,50,222,56,114,160,232,220,22,33,195,13,105,84,39,138,173,92,164,141,64,61,250,175,145,154,109,19,60,132,50,107,134,4,174,168,54,100}
奇怪的2个网页文件。

用icesword删除之就ok了.

(0)

相关推荐

  • 使用记事本编写java程序全过程图解

    使用记事本编写java程序全过程图解

    Java是一种可以撰写跨平台应用软件的面向对象的程序设计语言,是由Sun Microsystems公司于1995年5月推出的Java程序设计语言和Java平台(即JavaSE, JavaEE, JavaME)的总称.Java 技术具有卓越的通用性.高效性.平台移植性和安全性,广泛应用于个人PC.数据中心.游戏控制台.科学超级计算机.移动电话和互联网,同时拥有全球最大的开发者专业社群. 新建java第一种方法 1首先右击鼠标,新建一个文本文档. 2更改文本文档的后缀名为 .java .注意文件名必

  • VB简易记事本实现代码

    事件实现代码: 复制代码 代码如下: Private Sub mQuit_Click() Text1.Text = "" End End Sub Private Sub mNew_Click() Text1.Text = "" Form1.Caption = "未命名" End Sub Private Sub mopen_Click() CommonDialog1.ShowOpen Frame = CommonDialog1.FileName I

  • Python基于Tkinter实现的记事本实例

    本文实例讲述了Python基于Tkinter实现的记事本.分享给大家供大家参考.具体如下: from Tkinter import * root = Tk('Simple Editor') mi=StringVar() Label(text='Please input something you like~' ).pack() te = Text(height = 30,width =100) te.pack() Label(text=' File name ').pack(side = LEF

  • 使用Java制作一个简单的记事本

    使用Java制作一个简单的记事本

    通过使用Java的Swing.IO来实现一个简单记事本,实现打开指定的text文本文件,然后将text文件的内容加载到Swing组件中,然后在Swing组件中编辑记事本内容,然后同菜单的保存选项将编辑后的内容保存到text文件中.代码如下: 复制代码 代码如下: import java.io.*; import java.nio.*; import java.nio.channels.*; import java.nio.charset.*; import java.awt.*; import

  • 简单记事本java源码实例

    简单记事本java源码实例

    本文实例讲述了简单记事本java实现代码.分享给大家供大家参考.具体如下: 完整代码如下: 复制代码 代码如下: import java.awt.*; import java.io.*; import java.awt.datatransfer.*; import java.awt.event.*;   public class Main extends Frame implements ActionListener {         private static final long ser

  • python使用wxpython开发简单记事本的方法

    python使用wxpython开发简单记事本的方法

    本文实例讲述了python使用wxpython开发简单记事本的方法.分享给大家供大家参考.具体分析如下: wxPython是Python编程语言的一个GUI工具箱.他使得Python程序员能够轻松的创建具有健壮.功能强大的图形用户界面的程序.它是Python语言对流行的wxWidgets跨平台GUI工具库的绑定.而wxWidgets是用C++语言写成的. 和Python语言与wxWidgetsGUI工具库一样,wxPython是开源软件.这意味着任何人都可以免费地使用它并且可以查看和修改它的源代

  • 使用python3.5仿微软记事本notepad

    本文实例为大家分享了python3.5仿微软记事本的具体代码,供大家参考,具体内容如下 from tkinter import filedialog import tkinter as tk import tkinter.scrolledtext as tkst from tkinter import messagebox import fileinput from tkinter import * from os import * import os import time t1 = [] r

  • 怎么运行用记事本写的java程序

    怎么运行用记事本写的java程序

    今天用记事本写了一个java程序,测试能运行,现在把它分解成几个步骤,利于大家理解: 1. 新建一个记事本,后缀名是  .java  :然后在里面写一段java的代码,如图: 2.把写好的java文件丢进D盘,就是第一步给出的那个class文件: 3. 打开dos界面 开始-〉运行-〉cmd-〉 这个是命令行模式,选择D盘,如图: 4.选择D盘之后,在命令提示符中输入"javac 文件名.java",我的文件名为java,所以输入javac java.java然后回车,等待编译.这时候

  • EXTJS记事本 当CompositeField遇上RowEditor

    原因是客户的物料种类非常多,有一千种之多,如果单纯用一个Combobox,那么在实际使用中,很难快速找到一个物料,所以,我使用包含物料分类和物料品牌的两个combobox来组成级联式筛选.问题恰恰出在这儿,如果在roweditor的一个字段中用多个控件,就要处理每个控件的初始化,Change事件.网上目前还未找到有人有好的解决办法.经过3天的调试,我终于解决了问题,把我的代码贴出来: 复制代码 代码如下: var editor=new Ext.ux.grid.RowEditor({ saveTe

  • A notepad made in HTA(hta实现的记事本)

    A notepad made in HTA(hta实现的记事本)

    This notepad can handle bigger files than the one shiped with Win9x. Learn how to make windows looking interfaces in HTML. Interesting use of Commondialogs. 效果图: 复制代码 代码如下: <html><head> <HTA:APPLICATION APPLICATIONNAME="HTANotePad"

随机推荐