10sy.exe产生错误
我的电脑(操作系统2000)今天总是出现“10sy.exe产生了错误,会被windows关闭,您需要重新启动程序。”这是怎么回事啊,是中毒了吗?期待高手出现帮我解决,谢谢!!
参考答案:是威金蠕虫。
威金病毒--删除病毒文件与防范
创建记事本,写进如下:
@echo off
if exist %windir%\rundl132.exe echo 发现威金!
pause
taskkill /f /im rundl132.exe
taskkill /f /im logo_1.exe
taskkill /f /im logo1_.exe
taskkill /f /im Ravmon.exe
taskkill /f /im Eghost.exe
taskkill /f /im Mailmon.exe
taskkill /f /im KAVPFW.EXE
taskkill /f /im IPARMOR.EXE
taskkill /f /im Ravmond.exe
taskkill /f /im 0sy.exe
taskkill /f /im 1sy.exe
taskkill /f /im 2sy.exe
taskkill /f /im 3sy.exe
taskkill /f /im 4sy.exe
taskkill /f /im 5sy.exe
taskkill /f /im 6sy.exe
taskkill /f /im 7sy.exe
taskkill /f /im 8sy.exe
taskkill /f /im 9sy.exe
taskkill /f /im 10sy.exe
taskkill /f /im 11sy.exe
taskkill /f /im 12sy.exe
taskkill /f /im 13sy.exe
taskkill /f /im 15sy.exe
taskkill /f /im 25sy.exe
::以上为结束病毒进程.
del /f /s /q /a s h %systemdrive%\rundl132.exe
del /f /s /q /a s h %systemdrive%\rundll32.exe
del /f /s /q /a s h %systemdrive%\Dll.dll
del /f /s /q /a s h %systemdrive%\vdll.dll
del /f /s /q /a s h %systemdrive%\logo_1.exe
del /f /s /q /a s h %systemdrive%\Logo1_.exe
del /f /s /q /a s h %systemdrive%\Logo1.exe
del /f /s /q /a s h %systemdrive%\?sy.exe
del /f /s /q /a s h c:\_desktop.ini>维金日志文件.log
del /f /s /q /a s h d:\_desktop.ini>>维金日志文件.log
del /f /s /q /a s h e:\_desktop.ini>>维金日志文件.log
del /f /s /q /a s h f:\_desktop.ini>>维金日志文件.log
::删除病毒相关文件.
IF EXIST %WINDIR%\logo1_.exe attrib %WINDIR%\logo1_.exe -r -h
IF EXIST %WINDIR%\logo1_.exe del %WINDIR%\logo1_.exe
IF EXIST %WINDIR%\logo_1.exe attrib %WINDIR%\logo_1.exe -r -h
IF EXIST %WINDIR%\logo_1.exe del %WINDIR%\logo_1.exe
IF EXIST %WINDIR%\logo1.exe attrib %WINDIR%\logo1.exe -r -h
IF EXIST %WINDIR%\logo1.exe del %WINDIR%\logo1.exe
echo > %WINDIR%\Logo1_.exe
echo > %WINDIR%\logo_1.exe
echo > %WINDIR%\logo1.exe
echo > %WINDIR%\rundl132.exe
echo > %WINDIR%\0Sy.exe
echo > %WINDIR%\vDll.dll
echo > %WINDIR%\1Sy.exe
echo > %WINDIR%\2Sy.exe
echo > %WINDIR%\rundll32.exe
echo > %WINDIR%\3Sy.exe
echo > %WINDIR%\5Sy.exe
echo > %WINDIR%\1.com
echo > %WINDIR%\exerouter.exe
echo > %WINDIR%\EXP10RER.com
echo > %WINDIR%\finders.com
echo > %WINDIR%\Shell.sys
echo > %WINDIR%\smss.exe
echo > %WINDIR%\kill.exe
echo > %WINDIR%\sws.dll
echo > %WINDIR%\sws32.dll
attrib %WINDIR%\Logo1_.exe +s +r +h
attrib %WINDIR%\Logo_1.exe +s +r +h
attrib %WINDIR%\Logo1.exe +s +r +h
attrib %WINDIR%\rundl132.exe +s +r +h
attrib %WINDIR%\0Sy.exe +s +r +h
attrib %WINDIR%\vDll.dll +s +r +h
attrib %WINDIR%\1Sy.exe +s +r +h
attrib %WINDIR%\2Sy.exe +s +r +h
attrib %WINDIR%\rundll32.exe +s +r +h
attrib %WINDIR%\3Sy.exe +s +r +h
attrib %WINDIR%\5Sy.exe +s +r +h
attrib %WINDIR%\1.com +s +r +h
attrib %WINDIR%\exerouter.exe +s +r +h
attrib %WINDIR%\EXP10RER.com +s +r +h
attrib %WINDIR%\finders.com +s +r +h
attrib %WINDIR%\Shell.sys +s +r +h
attrib %WINDIR%\smss.exe +s +r +h
attrib %WINDIR%\kill.exe +s +r +h
attrib %WINDIR%\sws.dll +s +r +h
attrib %WINDIR%\sws32.dll +s +r +h
net share c$ /del
net share d$ /del
net share e$ /del
net share f$ /del
net share admin$ /del
net share ipc$ /del
taskkill /f /im cmd.exe
这是网上一位朋友进行优化过的,可以结束病毒进程,阻止病毒运行.
可以删除病毒发作后的文件,然后在%WINDIR%目录下下写入同病毒名的文件,并设置为只读、系统、隐藏属性,使病毒无法写入病毒文件,达到防范目的.
如果病毒已经感染,请注意小心运行*.exe,可能被感染!
同样保存为bat
参考资料: