新西兰天维网社区

标题: 电脑中毒 [打印本页]

作者: vivianqq 时间: 2009-7-18 21:41:21 标题: 电脑中毒

我的电脑中毒了，现在竟如安全莫shi(my computer is on safe mode now) because the virus program keep coming up say you are in danger with virus infecting the computer, but the virus program wants to install itself on the the computer saying it will protect you from virus. But it tries to uninstall my virus checker and says I must pay to remove the virus. The virus calls it self system protector.

作者: 3rdman 时间: 2009-7-18 22:00:32

go borrow a WinPE cd then boot into WinPE and copy all the datas u want to keep in c drive into other partition.
format ur c drive reinstall windows, and first thing first install antivir classic (free antivirus from http://www.free-av.com/) update it then do a full pc scan.

that's best option i'll do in ur situation, since it seems the core is already corrupted and rather than trying to fix the os i'll suggest that u do the steps above and keep up ur virus protection this time.

作者: lijin40000 时间: 2009-7-18 22:19:02

试一下这个吧
System Protector manual removal:
Kill processes:
install.exe lsascs.exe windll32.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" => 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\System Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\System Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\System Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\System Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lsascs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "System Protector"
HELP:
how to remove registry entries

Unregister DLLs:
shellex.dll

HELP:
how to unregister malicious DLLs

Delete files:
install.exe lsascs.exe shellex.dll windll32.exe SpyProtectorSC_Base_new.dat SpyProtectorSC_Config.ini System Protector.lnk Purchase License.url Support Page.url spyprotector.cpl
HELP:
how to remove harmful files

Delete directories:
C:\Program Files\System Protector

网站的联接是http://www.2-spyware.com/remove-system-protector.html

作者: vivianqq 时间: 2009-7-18 22:28:38 标题: 回复 2# 3rdman 的帖子

thank you so much,

作者: vivianqq 时间: 2009-7-18 22:29:42 标题: 回复 3# lijin40000 的帖子

thanks, your advice

作者: vivianqq 时间: 2009-7-18 22:37:29 标题: 回复 2# 3rdman 的帖子

hi, what's winpe

作者: vivianqq 时间: 2009-7-18 22:40:27 标题: 回复 3# lijin40000 的帖子

i went to the webside, i couldn't find any of the registry values on my computer now, what shouuld i do now

作者: lijin40000 时间: 2009-7-18 22:42:58

you mean you couldn't find any registry values on that list in your registry, is that right?

作者: vivianqq 时间: 2009-7-18 23:51:26 标题: 回复 8# lijin40000 的帖子

yes, so what should i do

作者: vivianqq 时间: 2009-7-18 23:56:12

and, the computer is off line now , but always coming up information : the webpage you requested is not available offline, to view this page, click connect, .

作者: 一天 时间: 2009-7-19 00:17:06

原帖由 vivianqq 于 2009-7-18 22:37 发表
hi, what's winpe

虽然没用过，网上查查 Win pe下载能找到很多。

作者: lijin40000 时间: 2009-7-19 00:58:25

不要进safe mode正常启动windows你应该会找到那些东西

作者: lijin40000 时间: 2009-7-19 01:00:02

在你删任何东西之前,一定要把重要的文件做backup,万一你删完不能进windows你就麻烦了,如果不行的话,就只能重装windows了

作者: kennelly 时间: 2009-7-19 09:32:30

不再最后一刻也无需重装。建议：

1。在任务栏点击右键>任务管理器>进程，找出此病毒进正在运行的进程并终止它。不过一般强劲点的病毒可早预了我们这招，很多时候都是关不掉的。不用怕，XP也为我们着想得很周全，点击开始>运行，输入CMD，键入 ntsd -c q -p PID（PID就是要终止的进程）。例如 ntsd -c q –p 1664。

2。把病毒暂时停止后你可以做很多事情了。重启一下杀毒软件，被破坏了的话则重装一下，升级病毒库再扫描。

3。清理注册表，Windows启动时加载项与木马之类的。。

不是什么大问题。:)

作者: pctech 时间: 2009-7-19 11:51:35

顶LSD的MM

作者: kennelly 时间: 2009-7-19 12:55:43

小眼都变红心了，那楼上的PC技喜欢我吗？:)

作者: 胡思≮乱想 时间: 2009-7-19 13:02:16

han....ls and ls you guys flirting?

作者: kennelly 时间: 2009-7-19 13:05:48

由相知而相惜继进至倾慕。这有什么问题吗？别乱想胡思得太多了胡思乱想。嘻嘻。。

欢迎光临新西兰天维网社区 (http://bbs.skykiwi.com/)