1) Tìm và xóa bỏ những giá trị trong Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run\"[RANDOM NAME]" = "rundll32.exe "[RANDOM FILE NAME].dll", ydmmgvos"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Applets\"dl" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Applets\"dl" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Applets\"ds" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Applets\"ds" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"DisplayName" = "[WORM GENERATED SERVICE NAME]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"Type" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"Start" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"ErrorControl" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\"ImagePath" = "%SystemRoot%\system32\svchost.exe -k
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[WORM GENERATED SERVICE NAME]\Parameters\"ServiceDll" = "[PATH TO WORM]"
2) Khôi phục lại các giá trị trong Registry trước đó
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\P arameters\"TcpNumConnections" = "00FFFFFE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"
Không có nhận xét nào:
Đăng nhận xét