schedl.exe

病毒信息文件名称: schedl.exe

文件大小: 223676 bytes

MD5: 1487e413823e8827f054020b7bb27da9

加壳: N/A

编写语言: VB

病毒名: kaspersky: Virus.Win32.VB.eurising: N/A

duba: Win32.Virut.n.84480

详细资料文件变化:释放文件%WINDOWS%WINDOWS.exe

%WINDOWS%Helpschedl.exe

c:Documents and SettingsAll UsersDocumentsMy MusicMy Music.exe

c:Documents and SettingsAll UsersDocumentsMy PicturesMy Pictures.exe

c:Documents and SettingsAll UsersDocumentsMy VideosMy Videos.exeX:Documents and Settings当前用户My DocumentsDownloadsDownloads.exe

c:Documents and Settings当前用户My DocumentsMy Ducuments.exeX:Documents and Settings当前用户My DocumentsMy MusicMy Music.exe

c:Documents and Settings当前用户My DocumentsMy PicturesMy Pictures.exe

c:Documents and SettingsDocuments and Settings.exe

c:Program FilesProgram Files.exeX:RECYCLERRECYCLER.exe

在对应盘符根目录生成以盘符命名的病毒副本.如下:

C:C.exe

D:D.exe

E:E.exe........注册表变动:病毒创建启动项

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "schedl"="%WINDOWS%Helpschedl.exe"其他行为:病毒在除系统盘以外的盘内,依据文件夹命名,在该文件夹内生成与文件夹命名相同的病毒副本清除方法:1. 结束进程 %WINDOWS%Helpschedl.exe

2. 删除病毒文件

%WINDOWS%WINDOWS.exe %WINDOWS%Helpschedl.exe

c:Documents and SettingsAll UsersDocumentsMy MusicMy Music.exe

c:Documents and SettingsAll UsersDocumentsMy PicturesMy Pictures.exe

c:Documents and SettingsAll UsersDocumentsMy VideosMy Videos.exeX:Documents and Settings当前用户My DocumentsDownloadsDownloads.exe

c:Documents and Settings当前用户My DocumentsMy Ducuments.exeX:Documents and Settings当前用户My DocumentsMy MusicMy Music.exe

c:Documents and Settings当前用户My DocumentsMy PicturesMy Pictures.exe

c:Documents and SettingsDocuments and Settings.exe

c:Program FilesProgram Files.exeX:RECYCLERRECYCLER.exe

3. 删除各盘符根目录病毒副本

4. 删除病毒创建启动项

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "schedl"

5. 在删除各盘符根目录病毒副本时,查看一下病毒副本所创建的时间,搜索除系统盘以外盘符,搜索出来的文件大小为 223676 字节,图标为文件夹图标的.exe 文件全部删除