熊猫烧香最近疯狂扩散,所以,结合网上的介绍和我自己清除熊猫烧香的实际操作,介绍如下:
熊猫烧香表现一般如下:每个分区盘符根目录下都多了两个文件,分别是AUTORUN.INF 和 SETUP.EXE,此两文件为系统隐藏文件.而经常确看不到这两个文件,因为是隐藏的,且中熊猫后修改文件系统的查看隐藏文件项失效,点击查看全部后它自己立即又变回不显示隐藏文件..EXE、.HTM、.ASP、.CHM 等类型文件无法打开使用,且图标变成熊猫头.而且越来越多的此类文件无效,熊猫头越来越多.瑞星等杀毒软件都不能使用了,包括兔子等.XP的安全中心也可能遭到破坏.无法运行注册表,无法通过CTRL+ALT+DEL打开查看系统进程
所以,清除有一定困难.
在清除前,准备如下工具,一个结束系统进程的软件,如进程杀手;下载一个"超级巡警"3.0,因为它里边有个"熊猫专杀,而且在瑞星等无法启动时,它也可做杀毒软件用下.
1.在任务管理器的进程列表中关闭 SPCOLSV.EXE 病毒进程。注意,不是SPOOLSV.EXE,是SPCOLSV.EXE .如果不能正常打开进程列表,就用我们准备的进程管理软件,如进程杀手.
2.删除位于 %SystemRoot%system32Drivers 文件夹中的 SPCOLSV.EXE 文件,如果曾用杀软或专杀清除过,可能会没有,就不用管它了.
3.恢复资源管理器不能显示隐含文件的问题,就是恢复无法将文件查看选项的"不显示隐藏文件"改为"显示全部文件"的故障.打开记事本,里边输入如下代码:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]
"Type"="group"
"Text"="@shell32.dll,-30498"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51140"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState]
"Type"="checkbox"
"Text"="@shell32.dll,-30506"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ClassicViewState"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51076"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons"
"Text"="@shell32.dll,-30497"
"Type"="checkbox"
"ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000001
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51150"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]
"Type"="checkbox"
"Text"="@shell32.dll,-30507"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="SeparateProcess"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51079"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache]
"Type"="checkbox"
"Text"="@shell32.dll,-30517"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="DisableThumbnailCache"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51155"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30514"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FolderContentsInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]
"Type"="checkbox"
"Text"="@shell32.dll,-30511"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="FriendlyTree"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51149"
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"Type"="checkbox"
"Text"="@shell32.dll,-30503"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="HideFileExt"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]
"Type"="checkbox"
"Text"="@shell32.dll,-30509"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="NoNetCrawling"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51147"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers]
"Type"="checkbox"
"Text"="@shell32.dll,-30513"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="PersistBrowsers"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51152"
"DefaultValue"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]
"Type"="checkbox"
"Text"="@shell32.dll,-30512"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowCompColor"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51130"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
"Type"="checkbox"
"Text"="@shell32.dll,-30504"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPath"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress]
"Type"="checkbox"
"Text"="@shell32.dll,-30505"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState"
"ValueName"="FullPathAddress"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51107"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]
"Type"="checkbox"
"Text"="@shell32.dll,-30502"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowInfoTip"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"DefaultValue"=dword:00000001
"HelpID"="shell.hlp#51102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing]
"Type"="checkbox"
"Text"="@shell32.dll,-30518"
"HKeyRoot"=dword:80000002
"RegPath"="System\\CurrentControlSet\\Control\\LSA"
"ValueName"="ForceGuest"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51154"
"DefaultValue"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"Type"="checkbox"
"Text"="@shell32.dll,-30508"
"WarningIfNotDefault"="@shell32.dll,-28964"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="ShowSuperHidden"
"CheckedValue"=dword:00000000
"UncheckedValue"=dword:00000001
"DefaultValue"=dword:00000000
"HelpID"="shell.hlp#51103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets]
"Text"="管理 Web 页和文件夹对"
"Type"="group"
"Bitmap"="C:\\WINDOWS\\system32\\\\SHELL32.DLL,4"
"HelpID"="TBD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
"Text"="作为单一文件显示和管理对"
"Type"="radio"
"CheckedValue"=dword:00000000
"ValueName"="NoFileFolderConnection"
"DefaultValue"=dword:00000000
"HKeyRoot"=dword:80000001
"HelpID"="TBD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
"Text"="显示两部分但是作为单一文件进行管理"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="NoFileFolderConnection"
"DefaultValue"=dword:00000000
"HKeyRoot"=dword:80000001
"HelpID"="TBD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"
"Text"="显示两部分并分别进行管理"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="NoFileFolderConnection"
"DefaultValue"=dword:00000000
"HKeyRoot"=dword:80000001
"HelpID"="TBD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade]
"Type"="checkbox"
"Text"="@shell32.dll,-30510"
"HKeyRoot"=dword:80000001
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"ValueName"="WebViewBarricade"
"CheckedValue"=dword:00000001
"UncheckedValue"=dword:00000000
"HelpID"="shell.hlp#51148"
"DefaultValue"=dword:00000000
然后另存为"Advanced.reg"文件,做一个注册表文件,双击运行,导入注册表.此时就可以将查看文件选项改为显示所有文件.
4.可以查看隐藏文件后,删除每个硬盘分区的根目录下的两个隐含的文件 AUTORUN.INF 和 SETUP.EXE,。如果用专杀杀过后,也可能已经删除了.自己看下,记得是在显示系统文件且显示隐藏文件的前提下才能看到.
5.在注册表 HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion /
Run 中把病毒的启动项 svcshare 删除。如果存在多个用户帐户,每个用户帐户的 HKEY_CURRENT_USER 都要清理。
6.如果是XP系统,且安全中心不能使用了,在另一台“安全中心”服务正常的电脑上打开注册表,将 HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/wscsvc 的全部内容导出为 .REG 文件,复制到故障电脑上导入注册表,然后重新启动 Windows,恢复被病毒删除的“安全中心”服务。
然后,用《超级巡警》里的熊猫烧香病毒专杀工具,扫描计算机,清理病毒,清理完后,最好立即删掉坏掉的杀毒软件,重新安装,且更新后,立即全面扫描计算机,彻底杀毒.
基本上绝大多数软件都可正常使用了,但后遗症是可能存在的,可能会有部分软件不能使用
那你只能把所有的熊猫图标都一个个的删掉,程序损坏了再装吧
http://it.rising.com.cn/Channels/Service/2006-11/1163505486d38734.shtml
下载专杀工具,用U盘拷进计算机杀。一般手动很难杀除,而且它感染了很多文件,手动是无法清除的。
杀毒咯~
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024