穿透DEEP-igm.exe病毒的中毒表现及其手杀方法

解决方案

1.先结束掉IGM.EXE 进程

2.禁用IGM.EXE

在运行里输入: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IGM.EXE" /v debugger /t reg_sz /d debugfile.exe /f

3．将以下文件使用XDELBOX删除一次确保完全清除！

c:\\windows\\igw.exe
c:\\windows\\igm.exe
c:\\windows\\system32\\ser2vet.exe
C:\\WINDOWS\\system32\\serdst.exe
C:\\WINDOWS\\system32\\sedrsvedt.exe
C:\\WINDOWS\\49400MM.DLL
C:\\WINDOWS\\338448WO.DLL
C:\\windows\\235780mm.dll
c:\\windows\\235780WO.dll
c:\\windows\\system32\\0.exe
c:\\windows\\system32\\1.exe
c:\\windows\\system32\\2.exe
c:\\windows\\system32\\3.exe
c:\\windows\\system32\\4.exe
c:\\windows\\system32\\5.exe
c:\\windows\\system32\\6.exe
c:\\windows\\system32\\7.exe
c:\\windows\\system32\\8.exe
c:\\windows\\system32\\9.exe
c:\\windows\\system32\\10.exe
c:\\windows\\system32\\11.exe
c:\\windows\\system32\\12.exe
c:\\windows\\system32\\13.exe
c:\\windows\\system32\\14.exe
c:\\windows\\system32\\15.exe
c:\\windows\\system32\\16.exe
c:\\windows\\system32\\17.exe
c:\\windows\\system32\\18.exe
c:\\windows\\system32\\19.exe


4．“免疫”把下面的内容另存为BAT文件运行

md c:\WINDOWS\AVPSrv.exe >nul 2>nul

md c:\WINDOWS\DiskMan32.exe >nul 2>nul

md c:\WINDOWS\IGM.exe >nul 2>nul

md c:\WINDOWS\Kvsc3.exe >nul 2>nul

md c:\WINDOWS\lqvytv.exe >nul 2>nul

md c:\WINDOWS\MsIMMs32.exe >nul 2>nul

md c:\WINDOWS\system32\3CEBCAF.EXE >nul 2>nul

md %windir%\system32\drivers\svchost.exe >nul 2>nul

md c:\WINDOWS\system32\a.exe >nul 2>nul

md c:\WINDOWS\upxdnd.exe >nul 2>nul

md c:\WINDOWS\WinForm.exe >nul 2>nul

md c:\WINDOWS\system32\rsjzbpm.dll >nul 2>nul

md c:\WINDOWS\system32\racvsvc.exe >nul 2>nul

md c:\WINDOWS\cmdbcs.exe >nul 2>nul

md c:\WINDOWS\dbghlp32.exe >nul 2>nul

md c:\WINDOWS\nvdispdrv.exe >nul 2>nul

md c:\WINDOWS\system32\cmdbcs.dll >nul 2>nul

md c:\WINDOWS\system32\dbghlp32.dll >nul 2>nul

md c:\WINDOWS\system32\upxdnd.dll >nul 2>nul

md c:\WINDOWS\system32\yfmtdiouaf.dll >nul 2>nul

echo y|cacls.exe c:\WINDOWS\AVPSrv.exe /d everyone >nul 1>nul

echo y|cacls.exe %windir%\system32\drivers\svchost.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\DiskMan32.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\IGM.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\Kvsc3.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\lqvytv.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\MsIMMs32.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\3CEBCAF.EXE /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\a.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\upxdnd.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\WinForm.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\rsjzbpm.dll /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\racvsvc.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\cmdbcs.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\dbghlp32.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\nvdispdrv.exe /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\cmdbcs.dll /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\dbghlp32.dll /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\upxdnd.dll /d everyone >nul 1>nul

echo y|cacls.exe c:\WINDOWS\system32\yfmtdiouaf.dll /d everyone >nul 1>nul

echo reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IGM.EXE" /v debugger /t reg_sz /d debugfile.exe /f

echo gpupdate

exit


5．在路由上把下面的域名和IP封锁


t.11se.com

www.94ak.com

www.99mmm.com

ask.35832.com

www.35832.com


212.22.225.82

203.174.87.210

64.233.167.99

58.211.79.107

219.153.42.98

221.130.191.207




在这病毒横行的年代，网络没有绝对的安全；因为总是先有“魔”后有“道”。