现在位置: 首页 / 电脑基础 / cmd.exe病毒 / 正文

Rar.exe,Ping.exe,cmd.exe病毒症状分析及手动清除解决方案

下载一个软件的时候,不小心把这个给染上了,而且是自己粗心给手动运行起来的,后来为了这个病毒花了几个小时,而且还原了两次系统,巨汗。。。

通过网上搜集结合个人总结,对该病毒表现症状及解决方案做如下整理,仅供遇到同类问题而又苦恼不已者参考。

首先描述一下中毒后表现症状:

1、任务管理器中多出很多rar.exe、ping.exe和cmd.exe等进程,且不断跳动产生,无法结束关闭(所以很多人就叫它rar.exe ping.exe病毒。。)
2、所有可执行的exe文件和网页文件html都会被感染,即如有网友总结感染后:感染病毒文件 = (病毒体 + 原文件 + 配置文件),所以感染后的文件会比原文件大。
3、杀毒软件以及360安全卫士的一些功能被强制关闭破坏,常用软件快捷方式无法打开,会如“应用程序或DLL C:windowssystem32lpk.dll为无效的windows映像。请再检测一遍您的安装盘”等类似错误提示,甚至导致大部分软件不能正常使用。
4、进入安全模式则会蓝屏
5、重装系统后,但是其他盘内存在,很容易再次感染;会感染U盘
6、会隐藏访问这个网址的一些文件:http://web.nba1001.net:8888 , 如:http://web.nba1001.net:8888/tj/tongji.js 等,该js文件里包含病毒页面,使用的数据统计为量子恒道统计
7、卡巴报毒为:Virus.Win32.Agent.a。其他不再详细描述

病毒特征:
编程的人其实就是借鉴了经典的AV终结者的一些思路,该病毒会开后门让你机器不停的再下各种木马病毒 然后又调用WINRAR里的RAR.EXE程序把自己打包进你硬盘里的每一个EXE文件里,同时生成一堆堆随机名字的DLL exe在你的SYSTEM32文件夹里,当然经典的IFEO映像劫持是必不可少的,它让你开不开任何常用的杀毒软件,并且破坏安全模式(网友总结)

推荐解决方案:

1、发现中毒后应尽快卸载WINRAR软件,进入C:PF文件夹WINRAR,双击Uninstall即可卸载。或者将该文件夹下的RAR.EXE WINRAR.EXE改名。(这病毒很简单 他没有用更多的代码去搜索RAR,EXE 这个文件 而只是认识这个名字 当你改名后病毒的压缩复制)功能就失效了 来得及的话能抢救一部分EXE
2、用最新的360系统急救箱/金山急救箱/AV终结者专杀 /瑞星工具箱,进行全盘扫描。这些工具都会把IFEO映像劫持破掉(360系统急救箱下载地址:http://www.360.cn/killer/360compkill.html)
有网友推荐用贝壳专杀,针对exe感染的专杀,下载地址为:
http://go.beike.cn/BeikeSetup.exe
还有一款相关的专杀工具:lpk+usp10病毒恢复工具.rar可参考使用,下载地址为:
lpk_usp10病毒恢复工具.rar

3、如果此时你的杀毒软件还能用并且系统故障不是太多的话(很少有可能),进行全盘查杀
大型杀毒软件会彻底剿灭这些预留的病毒,如果安全模式还是进不去,把这下面的代码复制到到一个记事本TXT文件里,然后保存记事本,最后改成.reg文件,之后双击就OK

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalAppMgmt]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBase]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalBoot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalCryptSvc]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalDcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmadmin]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimaldmserver]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalEventLog]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFile system]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalFilter]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalHelpSvc]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalNetlogon]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPlugPlay]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPrimary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalRpcSs]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSRService]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSystem Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvga.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinMgmt]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkAFD]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkAppMgmt]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBase]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBoot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBoot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkBrowser]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkCryptSvc]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkDcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkDhcp]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmadmin]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkdmserver]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkDnsCache]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkEventLog]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkFile system]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkFilter]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkHelpSvc]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkip6fw.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkipnat.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkLanmanServer]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkLanmanWorkstation]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkLmHosts]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkMessenger]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNDIS Wrapper]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNdisuio]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetBIOS]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetBIOSGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetBT]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetDDEGroup]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetlogon]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetMan]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetwork]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNetworkProvider]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkNtLmSsp]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPlugPlay]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPNP_TDI]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkPrimary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdpcdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdpdd.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdpwd.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkrdsessmgr]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkRpcSs]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworksermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSharedAccess]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworksr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSRService]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkStreams Drivers]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkSystem Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkTcpip]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkTDI]
@="Driver Group"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworktdpipe.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworktdtcp.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworktermservice]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkvga.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkvgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkWinMgmt]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetworkWZCSVC]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootNetwork{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

如果情况比较糟糕,则进行还原系统或者重装系统,并继续下面的操作
4、进入安全模式,用360安全急救箱全盘扫描
5、进入系统,不要轻易打开或运行C盘以外的盘符里的文件,安装杀毒软件,然后全盘查杀,对于感染的文件清除不掉的,最好选择删除。(用的卡巴斯基,基本都能够清除掉该病毒,不过有的exe文件还是被破坏不能使用了)

至此,我想您也和我一样,忙活了几个小时了,基本搞掂了关掉电脑歇息一下吧。。。

欢迎经验共享