알약, 보통백신으로 치료안되는 바이러스에 걸렸는데요
본문
Rootkit.MBR.Mayachok.B(boot image)란 위험한 바이러스에
걸렸어요ㅠㅠ
좀 싸게 고쳐줄실분 문자주세요
0412 619 729, bentleigh 지역
걸렸어요ㅠㅠ
좀 싸게 고쳐줄실분 문자주세요
0412 619 729, bentleigh 지역
추천0 비추천 0
댓글목록 8
노바지롱님의 댓글
노바지롱 쪽지보내기 자기소개 아이디로 검색 작성일
아 이미지가 안나와서, 이해하기 어렵겠군여, 여기 사이트 참조 하세여
http://blog.mitechmate.com/remove-rootkit-mbr-mayachok-b-boot-image-virus/
노바지롱님의 댓글
노바지롱 쪽지보내기 자기소개 아이디로 검색 작성일p1: Restart your computer in safe mode with networking.
Turn on the power of your computer, before windows starts up,
keep pressing ‘F8’ button on your keyboard, you will see Windows Advanced Option menu. Select the Safe Mode with Networking option from the list and hit‘Enter’.
safe-mode-with-networking
Step 2 – launch the Task Manager by pressing keys CTRL + Shift + ESC. then stop the malignant processes:
windows-task-manager-processes
Random.exe
Step3: Delete Rootkit.MBR.Mayachok.B (Boot image) files from PC:
malicious files
%windows%\\system32\\ Rootkit.MBR.Mayachok.B (Boot image)
%documents and settings%\\all users\\ application data\\ Rootkit.MBR.Mayachok.B (Boot image) virus
%program files% Rootkit.MBR.Mayachok.B (Boot image)
%AllUsersProfile%\\{random}\\
%AllUsersProfile%\\{random}.lnk
Step 4: Click Start menu> choose “Run.”> Type “regedit”>click “OK ” to open up Registry Editor. If your operating system is win7, just type “regedit” into the “Search programs and files” box in the Start menu. Remove registry keys added by Rootkit.MBR.Mayachok.B (Boot image)
xp-start-run-command
xp-start-regedit-command
registry editor
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnHTTPSToHTTPRedirect 0
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings\\ID 4
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings\\UID [rnd]
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Settings\\net [date of installation]
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system\\ConsentPromptBehaviorAdmin 0
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system\\ConsentPromptBehaviorUser 0
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system\\EnableLUA 0
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AAWTray.exe
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AAWTray.exe\\Debugger svchost.exe
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVCare.exe
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVCare.exe\\Debugger svchost.exe
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVENGINE.EXE
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\AVENGINE.EXE\\Debugger svchost.exe
”