|
|
Adware.cnsMin病毒的危害:
Adware.cnsMin病毒是一个风险广告程序,它可以在用户不知情的情况下下载广告程序(也有可
能下载病毒程序)并自动安装,使用户IE页面加载一些风险广告,或者弹出网页,甚至影响电脑运
行速度.用户在使用一些木马专杀工具查杀时,屡杀屡有,屡清屡有,难以清除.
清除方法:
先把windows\system32\drivers文件夹复制一份,同样放在system32下,取名为drivers1,并将
其中的CnsMinKP.sys删除;
重新启动机器,到dos模式下;
用drivers1目录替代原来的drviers目录
cd windows\system
ren drivers drivers2
ren drivers1 drivers
之后重新启动机器,然后进到windows后先把drivers2目录删除了,然后慢慢收拾残余文件和
清理注册表吧,
绿色家园详细列出了如何清理注册表:
[-HKEY_LOCAL_MACHINE\SOFTWARE\3721]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-
75CC86678DA4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-
4141AC41ADD4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CnsHelper.CH]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CnsHelper.CH.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CnsMinHK.CnsHook]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CnsMinHK.CnsHook.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BB0ABBE-2D95-4847-B9D8-
6F90DE3714C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A5ADEAE7-A8B4-4F94-9128-
BF8D8DB5E927}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AAB6BCE3-1DF6-4930-9B14-
9CA79DC8C267}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000000-
0000-0001-0001-596BAEDD1289}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7DE07D-
BD74-4991-9D5F-ECBB8391875D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5D73EE86-
05F1-49ed-B850-E423120EC338}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECF2E268-
F28C-48d2-9AB7-8F69C11CCB71}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FD00D911-
7529-4084-9946-A29F1BDF4FE5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\OCustomizeSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\OSearchAssistant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin]
[-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecute
Hooks\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CnsMin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\EK_Entry]
[-HKEY_CURRENT_USER\Software\3721]
注:以下6项也许是:(HKEY_USERS\S-1-5-21-73586283-1659004503-839522115-1003)
[-HKEY_USERS\S-1-5-21-789336058-764733703-1343024091-1003
\Software\Microsoft\Internet Explorer\Main\CNSAutoUpdate]
[-HKEY_USERS\S-1-5-21-789336058-764733703-1343024091-1003
\Software\Microsoft\Internet Explorer\Main\CNSEnable]
[-HKEY_USERS\S-1-5-21-789336058-764733703-1343024091-1003
\Software\Microsoft\Internet Explorer\Main\CNSHint]
[-HKEY_USERS\S-1-5-21-789336058-764733703-1343024091-1003
\Software\Microsoft\Internet Explorer\Main\CNSList]
[-HKEY_USERS\S-1-5-21-789336058-764733703-1343024091-1003
\Software\Microsoft\Internet Explorer\Main\CNSMenu]
[-HKEY_USERS\S-1-5-21-789336058-764733703-1343024091-1003
\Software\Microsoft\Internet Explorer\Main\CNSReset]
重启. |
|
IP卡
狗仔卡
发表于 2009-11-27 02:45:53
收藏
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡