-
Linabbs's blog- website redirect and anti-virus won?t run
- Can?t update AVG or go to Windows update page
- Cannot access anti-virus websites
- [Active] Sinowal.Trojan and a few Others
- [Resolved] newly file added to pendrive keep continue being deleted
- [InActive] Does Anyone know what foxcglm.exe is?
- IE and Firefox will not Start after Virus Removal
- [Active] IE and Firefox not running apparent virus / malware issue
- [ACTIVE]Slow Running Computer
- [Active] Microsoft download blocked Google links hijacked.
Dec
20
Trojan.Win32.Agent.abt
Filed Under Virus |
忽然发现电脑的隐藏文件无法显示,而且有的时候双击(移动)硬盘盘符无法打开,改注册表也没有用,不让新建CHECKEDVALUE项,所以觉得是中毒了。安装了卡巴斯基,能够检测出Trojan.Win32.Agent.abt ,删除以后再扫描问题依然存在。
我现在只想解决隐藏文件不能打开的问题。如果可以打开隐藏文件,我就可以备份里面的数据然后重装系统了。
当然,如果能够有效的杀掉木马当然最好,谁知道Trojan.Win32.Agent.abt 那个可以杀掉?
1、结束病毒进程,
(这个病毒以前看过,不记得进程名是什么了)
2、删除病毒文件
%windir%\SVCHOST.EXE
%windir%\SVCHOST.INI
3、恢复病毒修改的注册表项目,删除病毒添加的注册表项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SVCHOST
键值: 字符串: “C:\WINNT\SVCHOST.EXE”
恢复注册表原键值:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
新: DWORD: 2 (0×2)
旧: DWORD: 1 (0×1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
新: DWORD: 0 (0)
旧: DWORD: 1 (0×1)
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.