Step: CFScript
* 開啟記事本,貼上以下內容
KILLALL::
File::
C:\WINDOWS\svshost.exe
C:\WINDOWS\bless.exe
C:\32788R22FWJFW.0.tmp
c:\program files\god.exe
c:\windows\um6kr17re3h17.bak
c:\ipy.cmd
c:\jg.com
Driver::
npkycryp
zotyup
Rootkit::
npkycryp
zotyup
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Newis"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8f9d3e-ffb0-11dc-967b-00115bba54a0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{839ba6b8-ec3f-11dd-9831-00115bba54a0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a24b6bfa-93a7-11dd-979d-00115bba54a0}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
把CFScript.txt 拉到 ComboxFix.exe
* ComboxFix 將會被執行
* 執行完會有報告於C:\ComboFix.txt.
Step: Report Back
* 貼上 以下報告
* 如果報告太長,可以上傳到 這裡
http://www.box.net