â ä¸æå·¥å
·ä¸è½½
éå±±æ¯é¸ä¸æå·¥å
·ä¸è½½å°åï¼
http://duba-011.duba.net/duba/kavtools/DubaTool_AV_Killer.COM çæåç
æ¯ä¸å¿ä¸æå·¥å
·ä¸è½½å°åï¼
http://it.rising.com.cn/Channels/Service/2006-08/1154786729d36873.shtmlâ æå¨æ¸
é¤åæ³
1.å°ç½ä¸ä¸è½½IceSwordå·¥å
·ï¼å¹¶å°è¯¥å·¥å
·æ¹åï¼å¦æ¹æabc.exe å称ï¼è¿æ ·å°±å¯ä»¥çªç ´ç
æ¯è¿ç¨å¯¹è¯¥å·¥å
·çå±è½ãç¶ååå»æå¼IceSwordå·¥å
·ï¼ç»æä¸ä¸ª8ä½æ°åçEXEæ件çè¿ç¨ï¼ææ¶å¯è½æ 该è¿ç¨ã
2.å©ç¨IceSwordçæ件管çåè½ï¼å±å¼å°C:\Program Files\Common Files\Microsoft Shared\MSINFO\ä¸ï¼å é¤2个8ä½éæºæ°åçæ件ï¼å
¶æ©å±ååå«ä¸ºï¼dat ådll ãåå°%windir%\help\ç®å½ä¸ï¼å é¤ååç.hlpæè
ååç.chmæ件ï¼è¯¥æ件为系ç»å¸®å©æ件å¾æ ã
3. ç¶åå°å个硬çæ ¹ç®å½ä¸é¢å é¤Autorun.inf æ件åå¯çç8ä½æ°åæ件ï¼æ³¨æï¼ä¸è¦ç´æ¥åå»æå¼å个硬çååºï¼èåºè¯¥å©ç¨Windowsèµæºç®¡çå¨å·¦è¾¹çæ ç¶ç®å½æ¥æµè§ãææ¶çµèä¸æ¯åå¯è½æ æ³æ¥çéèæ件ï¼è¿æ¶å¯ä»¥å©ç¨WinRar软件çæ件管çåè½æ¥æµè§æ件åè¿è¡å é¤æä½ã
4.å©ç¨IceSwordç注å表管çåè½ï¼å±å¼æ³¨å表项å°ï¼
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]ï¼å é¤éé¢çIFEOå«æ项ã
å½å®æ以ä¸æä½ä¹åï¼å°±å¯ä»¥å®è£
ææå¼ææ¯è½¯ä»¶äºï¼ç¶åå级ææ¯è½¯ä»¶å°ææ°çç
æ¯åºï¼å¯¹çµèè¿è¡å
¨çææ¯ãï¼æå¨æ¸
é¤åæ³ç±æ±æ°åç
æ¯ä¸å®¶æä¾ï¼
æè¿åç°å¾å¤äººåºç°äºæä¸å¼ææ¯è½¯ä»¶ åç
æ¯å·¥å
· çè³å¸¦æç
æ¯åæ ·ççªå£
è¿æ¯ä¸ä¸ªå¯ä»¥è¯´ç»åäºå ä¹ææç
æ¯çç¹å¾çç
æ¯
âæ åå«æâ以åâéæº8ä½æ°åç
æ¯âå
¶å®æ¯ä¸ä¸ªå«ä½âAVç»ç»è
âççµèç
æ¯ï¼è¯¥ç
æ¯éè¿æ åå«æææ¯ï¼å°å¤§éææ¯è½¯ä»¶âç»æ¶âï¼ä½¿å
¶æ æ³æ£å¸¸åºç¨ï¼èç¨æ·å¨ç¹å»ç¸å
³å®å
¨è½¯ä»¶åï¼å®é
ä¸å·²ç»è¿è¡äºç
æ¯æ件ï¼å®ç°ç
æ¯çâå
å«æåæå
âç计åã
æ¤å¤ï¼ä¸ä»¥å¾é对ææ¯è½¯ä»¶çç
æ¯ä¸åï¼AVç»ç»è
ä¼ç ´åå®å
¨æ¨¡å¼ï¼å³ä½¿ç¨æ·åç°çµèææäºç
æ¯ï¼éæ°å¯å¨åä¹æ æ³è¿å
¥å®å
¨æ¨¡å¼è¿è¡æ¥æ¯ï¼èä¸è¯¥ç
æ¯è¿å¯ä¸è½½å¤§éçæ¨é©¬ç
æ¯å°ç¨æ·çµèå
ï¼ç¨æ·æä»·å¼çä¿¡æ¯ä»¥åæäºå¸å·å°é¢ä¸´ä¸¥éå¨èã
âAVç»ç»è
âä¸ä½å¯ä»¥å«æ大éææ¯è½¯ä»¶ä»¥åå®å
¨å·¥å
·ï¼èä¸è¿å¯ç¦æ¢Windowsçèªæ´æ°åç³»ç»èªå¸¦çé²ç«å¢ï¼å¤§å¤§éä½äºç¨æ·ç³»ç»çå®å
¨æ§ï¼è¿ä¹æ¯è¿å å¹´æ¥å¯¹ç¨æ·çç³»ç»å®å
¨ç ´åç¨åº¦æ大çä¸ä¸ªç
æ¯ä¹ä¸ã
åç
æ¯ä¸å®¶è¡¨ç¤ºï¼è¯¥ç
æ¯çç ´åç¨åº¦ä¸çç«ç§é¦é常ç¸ä¼¼ï¼åªæ¯æ¯çç«ç§é¦æ´å éè½ï¼ç
æ¯å¯éç³»ç»å¯å¨èå¯å¨ï¼å¹¶éè¿ä¿®æ¹æ³¨å表ï¼éèè¿ç¨çæ¹å¼ï¼è®©ç¨æ·ä¸æå¯è§ã该ç
æ¯å¯å¨ç¡¬çååºçææ件autorun.infåéæºåæ¯+æ°åç»æçç
æ¯å¤å¶ä½ï¼å¹¶ä¿®æ¹âNoDriveTypeAutoRunâ使ç
æ¯å¯ä»¥éå¯ç§»å¨åå¨ä»è´¨ä¼ æã
æ ¹æ®è¯¥ç
æ¯çä¼ æç¹ç¹ï¼å级éå±±æ¯é¸å°2007å¹´6æ8æ¥çç
æ¯åºå³å¯æ¥æãåæ¶ï¼ç¨æ·å¯ä»¥å©ç¨éå±±ä¸æå·¥å
·è¿è¡æ¥æã
é²èæªæ½
å 为AVç»ç»è
ç
æ¯ä¸æ¦ææï¼æ¸
é¤è¿ç¨ç¸å½å¤æï¼å¯è½ä¸å°ç¨æ·å°±ä¼å»éè£
ãæ们建议ç¨æ·ä¸è¦è½»æéè£
ç³»ç»ï¼ä½¿ç¨æ们æ¨èçæ¥éª¤å®ææ¸
é¤ï¼å¿
è¦æ¶æ¨æ客æçµè¯ï¼è¯·æ±æ¯æã请éå以ä¸æªæ½é²èAVç»ç»è
ç
æ¯
1. 使ç¨éå±±ç½éæWindowsé²ç«å¢ï¼å¯ææé²æ¢ç½ç»ç
æ¯éè¿é»å®¢æ»å»æ段å
¥ä¾µã
2. 使ç¨éå±±æ¯é¸çæ¼æ´ä¿®å¤åè½æè
windows updateæ¥ä¿®è¡¥ç³»ç»æ¼æ´ï¼ç¹å«éè¦æ³¨æå®è£
æµè§å¨çææ°è¡¥ä¸ã
3. å级ææ¯è½¯ä»¶ï¼å¼å¯å®æ¶çæ§
4. ç½ç®¡éå综åæªæ½é²èARPæ»å»æ马äºä»¶ï¼æå
³ARPæ»å»ç解å³åæ³ï¼è¯·åèé件äº
5. å
³éwindowsçèªå¨ææ¾åè½