基本介紹
- 外文名:vml.exe
- 影響:自動加截某些控制項
- 辦法解決 :打下vml免疫補丁及微軟的IGM補丁
- 檔案類型:病毒檔案
臨時解決方法,vML免疫,VML封路由,Hosts免疫,
臨時解決方法
* 解除vgx.dll的註冊
點擊“開始”選單,選擇“運行”,在其中輸入下面的命令:
regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
然後點擊“確定”,在隨後出現的彈出視窗中點擊“確定”按鈕。
regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
* 修改訪問控制列表,限制用戶對vgx.dll訪問
* 配置Microsoft Windows XP SP2上的IE6在Internet和本地Intranet安全區中禁用“二進制和腳本行為”
* 以純文本方式讀取郵件訊息
vML免疫
@echo off
title KillIgm
MODE con: COLS=14 LINES=1
md c:\WINDOWS\Kvsc3.exe >nul 2>nul
md c:\WINDOWS\GenProtect.exe >nul 2>nul
md c:\WINDOWS\235780WL.DLL >nul 2>nul
md c:\WINDOWS\swchost.exe >nul 2>nul
md c:\WINDOWS\MsIMMs32.exe >nul 2>nul
md c:\WINDOWS\AVPSrv.exe >nul 2>nul
md c:\WINDOWS\WinForm.exe >nul 2>nul
md c:\WINDOWS\upxdnd.exe >nul 2>nul
md c:\WINDOWS\cmdbcs.exe >nul 2>nul
md c:\WINDOWS\NVDispDrv.exe >nul 2>nul
md c:\WINDOWS\system32\Vml.exe >nul 2>nul
md c:\WINDOWS\system32\kvdxsfis.exe >nul 2>nul
md c:\WINDOWS\system32\LYLOADER.EXE >nul 2>nul
md c:\WINDOWS\system32\zxatl.dll >nul 2>nul
md c:\WINDOWS\system32\gjatl.dll >nul 2>nul
md c:\WINDOWS\system32\wlatl.dll >nul 2>nul
md c:\WINDOWS\system32\djatl.dll >nul 2>nul
md c:\WINDOWS\system32\wf.dll >nul 2>nul
md c:\WINDOWS\system32\mcfer.dat >nul 2>nul
md c:\WINDOWS\system32\NBMediaInfo_Adv.ini >nul 2>nul
md c:\WINDOWS\system32\Kvsc3.dll >nul 2>nul
md c:\WINDOWS\system32\GenProtect.dll >nul 2>nul
md c:\WINDOWS\system32\AVPSrv.dll >nul 2>nul
md c:\WINDOWS\system32\oxelvchnty.dll >nul 2>nul
md c:\WINDOWS\system32\MsIMMs32.dll >nul 2>nul
md c:\WINDOWS\system32\MSDEG32.DLL >nul 2>nul
md c:\WINDOWS\system32\LYMANGR.DLL >nul 2>nul
md c:\WINDOWS\system32\WinForm.dll >nul 2>nul
md c:\WINDOWS\system32\sqmapi32.dll >nul 2>nul
md c:\WINDOWS\system32\msplay32.dll >nul 2>nul
md c:\WINDOWS\system32\kvdxsfcf.dll >nul 2>nul
md c:\WINDOWS\system32\cmdbcs.dll >nul 2>nul
md c:\WINDOWS\system32\upxdnd.dll >nul 2>nul
md c:\WINDOWS\system32\NVDispDrv.dll >nul 2>nul
cacls %systemroot%\system32\drivers\pcihdd.sys /e /p everyone:n
cacls %systemroot%\system32\userinit.exe /e /p everyone:r
exit
VML封路由
除此之外最好在路由器禁止如下IP及域名
203.174.87.210
64.233.167.99
4 58.211.79.107
219.153.42.98
221.130.191.207
60.190.218.101
122.224.11.2
122.224.11.3
122.224.11.4
xx.exiao01. com
kkcncn. com
t.11se. com
www.94ak. com
www.99mmm. com
ask.35832. com
www.35832. com
Hosts免疫
用記事本打開x:\WINDOWS\system32\drivers\etc下的hosts檔案(x:為系統目錄,Windows 9x/Me系統在x:\Windows資料夾中)
添加以下內空
127.0.0.1 | 203.174.87.210 |
127.0.0.1 | 64.233.167.99 |
127.0.0.1 | 4 58.211.79.107 |
127.0.0.1 | 219.153.42.98 |
127.0.0.1 | 221.130.191.207 |
127.0.0.1 | 60.190.218.101 |
127.0.0.1 | 122.224.11.2 |
127.0.0.1 | 122.224.11.3 |
127.0.0.1 | 122.224.11.4 |
127.0.0.1 | xx.exiao01. com |
127.0.0.1 | kkcncn. com |
127.0.0.1 | t.11se. com |
127.0.0.1 | www.94ak. com |
127.0.0.1 | www.99mmm. com |
127.0.0.1 | ask.35832. com |
127.0.0.1 | www.35832. com |
附加:目前大多數網頁病毒如IGM.EXE vml.exe 和fjOs0r.dll等病毒都通過此0day漏洞進入你的電腦
請在開機預留通道中加入如下命令行
\\ip或者主機名\menu\Windows2000-KB925902-x86-CHS.EXE /q /n
自動安裝不需要重啟,即時生效,然後再去訪問下剛剛中毒的網站,發現已經不能自動下載病毒了。