中木马神马的都是浮云~~~~【265_225吧】

265_225吧关注：78贴子：6,633

4回复贴，共1页

中木马神马的都是浮云~~~~

C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp出现了很多的*u_.exe
并且与EXPLORER.EXE文件关联，和模块沟通。
控制文件应该是上一层文件夹中的~ss2710.tmp.ini。
内容如下：
[tag]
tag=1
[filelist]
0=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Eu_.exe
1=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Fu_.exe
2=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Gu_.exe
3=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Hu_.exe
4=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Iu_.exe
5=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Ju_.exe
6=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Ku_.exe
7=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Lu_.exe
8=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Nu_.exe
9=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Ou_.exe
10=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Pu_.exe
11=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Qu_.exe
12=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Ru_.exe
13=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Su_.exe
14=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Tu_.exe
15=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Uu_.exe
16=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Vu_.exe
17=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Wu_.exe
18=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Xu_.exe
19=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Yu_.exe
20=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Zu_.exe
21=C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe
[pathlist]
解除关联+强制删除即可，初步估计是VB+JAVA的杰作。
中木马的确是浮云~~~
强制删除用bat其实很简单，新建一个TXT文档，输入
DEL /F /A /Q \\?\%1
RD /S /Q \\?\%1
然后另存为XXX.bat。把要删除的东西拖拽进来粉碎，原理就是这样。

送TA礼物

IP属地:黑龙江