紧急求助：请问所有EXE文件打开不能，如何解决

望君珍重

这样的情况下

重装系统都不行

诺顿查出来的病毒好像是W32。PHLIS

是什么样蠕虫病毒？

CloudPRC

http://securityresponse.symantec ... ta/w32.sophily.html

望君珍重

CLOUD同学。。。

在下既然用诺顿查过病毒，就当然去赛门铁克的网站看过了

但是现在问题是，开机系统都进不去了

怎么办？

机器时东芝的TE2100本子

CloudPRC

When W32.Philis.C is executed, it performs the following actions:


Creates the following files:

%Windir%\\YZH.exe
%Windir%\\YZH.sys
%Windir%\\YZH.TMP

Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\\Windows or C:\\Winnt.


Creates the following files in the folder from which the virus was launched:

YZH.SYS
YZH.TMP
[Default filename].tmp
[Default filename].sys


Adds the value:

\"YZH.SYS\" =  \"%Windir%\\YZH.exe\"

to the following registry keys:

HKEY_LOCAL_MNACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

so that the virus is executed every time Windows starts.


Scans the hard drive for .exe files and infects any executable files that it finds.

The string \"Syphilis No 1\" is appended to the end of infected files.


Searches for passwords and confidential information, which it may send to a remote attacker via email.

@段是VIRUS工作原理

CloudPRC

Click Start > Run.
Type regedit

Then click OK.


Navigate to the keys:

HKEY_LOCAL_MNACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run


In the right pane, delete the value:

\"YZH.SYS\" =  \"%Windir%\\YZH.exe\"


Exit the Registry Editor.


Restart the computer in Normal mode. For instructions, read the section on returning to Normal mode in the document, \"How to start the computer in Safe Mode.\"

@是教你感染后消除方法，M安全模式，⒍荆然後]员硌Yc|西，@自己看啦

@病毒o非r加d一EXE，U柴型的啊。

望君珍重

首先谢谢您的帮助！！
253

您说的都对，可是进入不了系统，开机就黑屏。。。

望君珍重

问题已经解决

本子是MM的，我必须负责到底啊

[m]253[/m]Max

谢谢CLOUD

谁傻逼得

草 哪个MM？

望君珍重

名字不知道

反正所有权是个MM

谁傻逼得

MM个毛