Automatically translated text:(Google Automatically translated)
Network one of the biggest benefits is a good thing to share with you, even no exception, today finally found the solution! (I recently tortured to crazy gibberish virus is that, no matter what browser to open any website automatically add a bunch of gibberish alphabetical + phenomena such as : fBB OBBBBBBB ^ Paradise BBBBBBBsZ, although it seems not to delay the use, But you will actually lost a lot of useful information, but some sites because the virus will arise typesetting disorder!) Even after the meal god investigation, he finally found a solution, the program is as follows :
Search engine gibberish virus solutions and VBS professionals scrapping of a recent virus attacks through the ARP hijacking users and normal service Works for the conversation, in which to insert malicious code। The resulting consequence is that the normal users visit those sites, the guide will be downloaded viruses and Trojans. or was Jump to other pages. China has some well-known sites affected in this way. String evening received two samples wrote the VBS professionals kill. following a string (the box) code copied into a new notebook, VBS extension changed, tested, success. the best off in the network operating environment. string 2 ycosxhack took the template to write, I really did not efficiency, It seems such a kill is not necessary to do so good .... or to seriously study the string ....... 5 PS. amendments to the debugging over .... ॥ safe mode running on a clean kill. a string 429 : yesterday missed a few. fill on. string two 4.29 night : Finally, by YY Irish AUTORUN.INF immunization and HOSTS resume / I originally wanted to increase more than B AT Auxiliary. Finally gave up. it all used VBS !
Search engine gibberish virus solutions
I would be grateful if the following code to your text file, and then changed to extension vbs, then to the safe mode operation, after running a system restart, it can eliminate the virus!
on error resume next
msgbox "http://chinakey.wan.io",64,"Safe mode run"
'-----------------runing-----------------
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='fyso.exe'")
for each i in p
i.terminate
next
on error resume next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='jtso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='mhso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='qjso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='qqso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wgso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wlso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wmso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='woso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='ztso.exe'")
for each i in p
i.terminate
next
'-----------------proc stop-----------------
'-----------------virus cleaning-----------------
DIM objShell
set objShell=wscript.createObject("wscript.shell")
iReturn=objShell.Run("cmd.exe /C del %temp%\fyso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\jtso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\mhso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\qjso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\qqso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\wgso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\wlso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\wmso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\woso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\ztso.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\fyso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\jtso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\mhso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\qjso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\qqso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\wgso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\wlso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\wmso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\woso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\ztso0.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C attrib -a -s -h -r c:\progra~1\Intern~1\PLUGINS\BinNice.bak", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C attrib -a -s -h -r c:\progra~1\Intern~1\PLUGINS\BinNice.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del c:\progra~1\Intern~1\PLUGINS\BinNice.bak", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del c:\progra~1\Intern~1\PLUGINS\BinNice.dll", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\smss.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\svchost.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /C del %temp%\IEXPLORE.EXE", 0, TRUE)
'-----------------virus over-----------------
'-----------------All disk scaning-----------------
set fso=createobject("scripting.filesystemobject")
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
set u=fso.getfile(drv.driveletter&":\autorun.inf")
u.attributes=0
u.delete
end if
next
'-----------------All disk check over-----------------
'-----------------regedit scaning-----------------
set reg=wscript.createobject("wscript.shell")
reg.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DW
ORD"
reg.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DW
ORD"
reg.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_D
WORD"
reg.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_D
WORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit","C:\WINDOWS\system32
\userinit.exe,"
reg.regdelete "HKEY_CLASSES_ROOT\CLSID\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-
6C8E-B833E2CE63B8}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fysa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jtsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qjsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qqsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wosa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztsa"
'-----------------regedit check over-----------------
'-----------------system file restore-----------------
'-----------------restore over-----------------
msgbox "please reboot you computer!",64,"Search engine gibberish virus"
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment