²M°£ºµ¿ß¿N»¯f¬r
¤U¦C¤å³¹¤DÂà¸ü¬YÓ¤j³°ºô¯¸¡A©Ò¥Ü¤§¸Ñ¨M¤èªk¥¼ª¾¬O§_¥i¦æ¡A©h¥B¦b¦¹Âà¶K¡C
¥ÎDOS ¤èªk²M°£¡yºµ¿ß¿N»¯f¬r¡z
¬Q±ß¹q¸£¤£©¯¤¤¤F¬r¡A¯gª¬¬°¨CÓ½L³£¦³Óºµ¿ß¹Ï¥Üªºsetup.exe©Mautorun.inf¤å¥ó¡A
c:\windows\system32\driversùر¦³Óspoclsv.exe¤å¥ó¡C¥Î§R±¼¤F¹L¨â¤T¬í¤S¦Û°Ê¥Í¦¨¡C¥Î
ctrl+alt+delÁ䥴¶}¸ê·½ºÞ²z¾¹¡A襴¶}´N³QÃö±¼¤F¡AµM«áµo²{¨¾¤õÀð³QÃö¤F¡A¥d¤Ú¤]¥´¤£¶}¡A·Q¸Ë¤ì°¨²M¹D¤Ò¤]¬Oè±Ò°Ê´N¦Û°ÊÃö³¬¤F¡C¤Wºô¬d¤F¤U¡A³o¬OÓįÂίf¬r¡A·|µs¨ú±b¸¹¤°»òªº¡C
¾Úª÷¤s¬rÅQ¤Ï¯f¬r±M®a¤¶²Ð¡A¡§ºµ¿ß¿N»¡¨Ä¯ÂΤ£¦ý¥i¥H¹ï¥Î¤á¨t²Î¶i¦æ¯}Ãa¡A¾ÉP¤j¶qÀ³¥Î³nÅéµLªk¨Ï¥Î¡A¦Ó¥BÁÙ¥i§R°£°ÆÀɦW¬°ghoªº©Ò¦³ÀÉ¡A³y¦¨¥Î¤áªº¨t²Î³Æ¥÷Àɮץᥢ¡A±q¦ÓµLªk¶i¦æ¨t²Î«ì´_;¦P®É¸Ó¯f¬rÁÙ¯à²×¤î¤j¶q¤Ï¯f¬r³nÅé¶iµ{¡A¤j¤j°§C¥Î¤á¨t²Îªº¦w¥þ©Ê¡C ¾Úª÷¤s¬rÅQ¤Ï¯f¬r±M®a¤¶²Ð¡A¡§ºµ¿ß¿N»¡¨Ä¯ÂΤ£¦ý¥i¥H¹ï¥Î¤á¨t²Î¶i¦æ¯}
Ãa¡A¾ÉP¤j¶qÀ³¥Î³nÅéµLªk¨Ï¥Î¡A¦Ó¥BÁÙ¥i§R°£°ÆÀɦW¬°ghoªº©Ò¦³ÀÉ¡A³y¦¨¥Î¤áªº¨t²Î³Æ¥÷Àɮץᥢ¡A±q¦ÓµLªk¶i¦æ¨t²Î«ì´_;¦P®É¸Ó¯f¬rÁÙ¯à²×¤î¤j¶q¤Ï¯f¬r³nÅé¶iµ{¡A¤j¤j°§C¥Î¤á¨t²Îªº¦w¥þ©Ê¡C
µ¥¤@¤U¦b«á±¶K¥X¨Ó¡A³oùØ¥u¬O¤¶²Ð§Úªºdos¾Þ§@ªºÂ²³æ§Ö³t²M°£ªº¤èªk¡G(²n¡Adosì¨Ó³o»ò¦³¥Îªº¡C)
¤@¡B¦A¥ô¤@Ó½L¤¤¡A«Ø¥ß¤@ÓbatÀÉ¡A¤º®e¦p¤U¡G(§Úªº¹q¸£¦³6Ó½Lc,d,e,f,g,h.¬Gn§R°£³o¤»Ó½Lªº¯f¬rÀÉ¡C³oÓ¶}§A¹q¸£ªº±¡ªp)
attrib -h -s -r d:\autorun.inf
attrib -h -s -r d:\setup.exe
del d:\autorun.inf
del d:\setup.exe
md d:\setup.exe
attrib -h -s -r c:\autorun.inf
attrib -h -s -r c:\setup.exe
del c:\autorun.inf
del c:\setup.exe
md c:\setup.exe
attrib -h -s -r e:\autorun.inf
attrib -h -s -r e:\setup.exe
del e:\autorun.inf
del e:\setup.exe
md e:\setup.exe
attrib -h -s -r f:\autorun.inf
attrib -h -s -r f:\setup.exe
del f:\autorun.inf
del f:\setup.exe
md f:\setup.exe
attrib -h -s -r g:\autorun.inf
attrib -h -s -r g:\setup.exe
del g:\autorun.inf
del g:\setup.exe
md g:\setup.exe
attrib -h -s -r h:\autorun.inf
attrib -h -s -r h:\setup.exe
del h:\autorun.inf
del h:\setup.exe
md h:\setup.exe
del c:\windows\system32\drivers\spoclsv.exe
¹B¦ædatÀÉ«ásetup.exe,autorun.inf¦¨¥\§R±¼¡C
¦ýc:\windows\system32\drivers¤U ªºspoclsv.exe§R¤£±¼¡A¦ôp¬O¦b¹B¦æ·í¤¤¡A¦ýª½±µ¦b¸ê·½ºÞ²z¾¹Ãö³¬¤S¦æ¤£³q¡AºÞ²z¾¹¥´¤£¶}ªü¡C©Ò¥H¶i¦æ¤U¤@¨B¡A¦bdos¤UÃö³¬¦A§R°£¡A¤U±¬O¾Þ§@¹Lµ{¡Cµ·²@¨S§ï°Ê¹Lªº¡C
¤G¡B¶}©l-¡r¹B¦æ->cmd->½T©w¡A¥´¶}cmd
c:\documents and settings\administrator>d:
d:\>attrib -h -r -s autorun.inf
d:\>del autorun.inf
§ä¤£¨ì d:\autorun.inf
d:\>dir
d:\>attrib -h -r autorun.inf
¥¼«³]¨t²ÎÀÉ - d:\autorun.inf
d:\>attrib -h -r -s autorun.inf
d:\>tasklist /svc
d:\>attirb -h -r -s autorun.inf
d:\>tasklist /svc /////¥Î¨Ó¬d¬Ý¨t²Î¥´¶}¶iµ{¡CÅã¥Ü¹Ï¹³¦W ©M pidªA°È¸¹¡A¦ýcopy¤£¥X¨Ó¡Asorry¤F¡C
d:\ntsd -c q -p 133440 ////////133440¬°¯f¬rµ{¦¡spoclsv.exeªºpid¸¹¡C¥Î¨ÓÃö±¼¸Ó¯f¬r¶iµ{¡C
¥Ñ©ó§Ú¹ï©R¥O°O±o¤£¤Ó²M·¡¤F¤~¶i¦æ¤F³o»ò¦h¾Þ§@¡A¨ä¹ê¥un³o´X¨B´N¦æ¤F¡G
c:\documents and settings\administrator
c:\documents and settings\administrator cd d:\ //////////¶i¤Jd½L±þ¦w¥þÂI¡C
d:\>attrib -h -r -s autorun.inf
d:\>tasklist /svc /////¥Î¨Ó¬d¬Ý¨t²Î¥´¶}¶iµ{¡CÅã¥Ü ¹Ï¹³¦W ©M pidªA°È¸¹¡A¦ýcopy¤£¥X¨Ó¡Asorry¤F¡C
d:\ntsd -c q -p 133440 ////////133440¬°¯f¬rµ{¦¡spoclsv.exeªºpid¸¹¡C¥Î¨ÓÃö±¼¸Ó¯f¬r¶iµ{¡C
¤T¡B¦¨¥\Ãö³¬spoclsv.exe¡A¥´¶}c:\windows\system32\drivers,§R±¼spoclsv.exe¡C¨þ¨þ¡A¤j¥\§i¦¨!³o¬O§A¥i¥HÀH«K¥´¶}±þ¬r³nÅé²M°£´Ý¾lªºµù¥Uªí¸ê°T¤F¡C±þ§¹¬r«á´N¥i¥H§a¦UÓ½L¤W¥Ñ©ó¹B¦æ¤W±«Ø¥ßªºbatÀɥͦ¨ªºsetup¡Cexe¤å¥ó§¨§R±¼¤F
