MSN 病毒 - 新變種Photos, album, image等病毒的手工清除方法

[1784]

1. 先關閉msn，進入regedit。開始 > 執行 > regedit > 找出以下機碼：

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
右邊的機碼包括 (任何一個)
printers
system32
syshosts
systrays
rdshost
rdfhost
rdihost

= 一串CLSID

或 一串CLSID =
systesrt32.dll
prodigy323.dll
prodigys323.dll


先抄下那串CLSID，然後刪除個機碼。

2. 在[HKEY_CLASSES_ROOT\CLSID\]下，刪除剛才抄下的機碼folder。

3. 刪除 [HKEY_CURRENT_USER\Software\Microsoft\一堆隨機字母] (暫時唔肯定有冇呢個，有就刪除)

4. 重新啟動電腦，在資料夾選項入面選 "顯示所有檔案" 及不選"隱藏受保護的系統檔" ，刪除以下檔案 (如有的話) ，這是目前已知的檔案：

C:\Windows\System32 入面的
printers.exe
msn.exe
intlprinters.exe
libcintles3.dll
libwinets_dll
notiffy.dll
notice.dll
msn.dll
rafba.dll
winlog32.dll
firewallav.dll
systesrt32.dll
prodigy323.dll
prodigys323.dll

C:\Windows\一個以photo, album, image, picture 等字頭的文件
C:\Documents and Settings\用戶名\new.txt

4. 成功！可重啟msn了！

 

[哭酷]

如果发觉你朋友莫明其妙发给你一个压缩文件或者pic的文件,他又不跟你打招呼的,十有八九就是病毒了~~

 

[lvu of mercury]

hi, mercury has me trying to fix this problem, only i don't speak manderin or cantonese, nope just good olde english, if it isn't too much to ask can i get these instructions in english, she isn't familiar with regedit.... please and hopefully thank you

 

[哭酷]

看到上面有MM要帮忙了吗?LZ要抓紧时机啦,机不与我时不再来哦~P.C.的机会到了

 

[rideau85]

看到个變字就联想起热狗,太猛了

 

[苦逼热狗]

嗯，要的就是这个效果。改天把名字给改了

 

[1784]

hi, mercury has me trying to fix this problem, only i don't speak manderin or cantonese, nope just good olde english, if it isn't too much to ask can i get these instructions in english, she isn't familiar with regedit.... please and hopefully thank you

Hey Peter, what's up? We didn't get to meet this last summer, hopefully some time over the holiday season.

The best way to get these Chinese (yes, we are Chinese, envy us!!!) is to get Nina translate to you when she is over.

Anyway, if you have any other other problems, ask Nina to give me a shout.

 

[lvu of mercury]

Hey Peter, what's up? We didn't get to meet this last summer, hopefully some time over the holiday season.

The best way to get these Chinese (yes, we are Chinese, envy us!!!) is to get Nina translate to you when she is over.

Anyway, if you have any other other problems, ask Nina to give me a shout.

Hey Justin.. I dont understand too..
That's why i asked peter to ask you to translate to english

 

[rideau85]

嗯，要的就是这个效果。改天把名字给改了

别啊,都成OTTAWA名牌了

 

[1784]

1. turn off msn，enter regedit:Start > Run > regedit

look for the following keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
the code on the right end include the following (any)
printers
system32
syshosts
systrays
rdshost
rdfhost
rdihost

= a string of CLSID

or a string of CLSID =

systesrt32.dll
prodigy323.dll
prodigys323.dll


Write down the CLSID，then delete those lines of codes

2. under directory [HKEY_CLASSES_ROOT\CLSID\]，delete those entries with names you copied down earlier。

3. delete [HKEY_CURRENT_USER\Software\Microsoft\(something random] (not sure about the name, but if it is random, probably not good stuff)

4. restart computer, in folder option, selected show all files, and unselect hide protected system files. Delete the following files

C:\Windows\System32
printers.exe
msn.exe
intlprinters.exe
libcintles3.dll
libwinets_dll
notiffy.dll
notice.dll
msn.dll
rafba.dll
winlog32.dll
firewallav.dll
systesrt32.dll
prodigy323.dll
prodigys323.dll

C:\Windows\(files wiht names starts with photo, album, image, picture and etc)
C:\Documents and Settings\User anme\new.txt

4.Done, now you can reastart msn.

 

[1784]

I hope this helps