c:\windows\system32\wincfgs.exe

找到这两个文件不要急忙删出．在C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\systemnt.exe或是windows.exe删出就可以了．在到注册表中查找mslogon.exe删出即可重起就可以了．

3、当用户插入移动设备时，病毒将自身复制为以下文件:
%Root%\toy.exe
半生成自启动文件"%root%\autorun.inf",文件内容如下:
[autorun]
shellexecute=Toy.exe

4、用户机器中毒病毒，病毒在用户桌面显示如下信息:
PS: can you find the program',27h,'s interface ?
History Must Be Remeber !
God said: Let there be light. And there was light.
And darkness was upon the face of the deep.
And the earth was without form, and void
In the beginning God created the heaven and the earth.
仅以此悼念比肩!
......
比肩社区( Compare And Cooperation ):


＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋＋

变种的比肩是将winlogon.exe 改成winlogOn.exe

用记事本做一个.bat的文件放在桌面双击即可如下：

@echo

@清除＂比肩＂变种一

@cd ..

@cd  [开始]菜单\程序

@attrib -s -h -a -r 启动

＠cd  启动

@attrib -s -h -a -r systemnt.exe

@taskkill /im systemnt.exe

del mslogon.exe（将mslogon.exe改成winlog0n.exe)即可

@echo you computer safe!

@echo thank you!

@echo .

@pause

@exit

在用记事本写一个.reg放在桌面上双击即可！

[HKEY-CURRENT-USER\SOFWARE\MICROSOFT\WINDWOS\CURRENTVERSION\POLICIES\EXPLORER]

"NoDriveTypeAutoRun"=dowrd:000000ff

"NoSaveSettings"=dword:00000000

"NoResolveTrack"=dword:00000001

                                                   责任编辑：cy051799

 本文出自 51CTO.COM技术博客