自組電腦分享 - XP電腦無法正常開機 開機後只有黑色螢幕+滑鼠箭頭指標 - 電腦

前往內容


XP電腦無法正常開機 開機後只有黑色螢幕+滑鼠箭頭指標

BJack wrote:
很肯定的告訴你,我公...(恕刪)


Yes , you're right!!

我跟有修到同樣狀況電腦的朋友討論過共同點
的確是不分正版盜版都有一樣的狀況
目前判斷應該是中毒造成的
且好像都是XP SP2 (目前只有三台可以統計...)
DeΨil.卑鄙無恥香腸伯
目前公司有一部xp sp2 電腦也發生這種情況,無解中~~~~我不想重灌阿.......
國外有解囉~~確定是病毒造成的
只要用XPE或是救援光碟開機,然後刪機碼就可以解決


以下是內容部份節錄,因為在上班不方便打字
所以就請大家先看看
原始討論串連結

I found an entry under
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
A string name "midi9" was present with value "C:\DOCUME~1\Santosh\LOCALS~1\Temp\..\leqrbdr.old 0yAAAAAAAA"

Just delete this string, it will solve the problem.
You need to Boot with some Bootable CD to access the registry & load the Software hive.


I found in other system the entry with name "midi888" this time, but the value was same C:\DOCUME~1\user\LOCALS~1\Temp\..\leqrbdr.old 0yAAAAAAAA"

it is indeed a Virus.

the infected registry key is the following:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
"midi9"="C:\\WINDOWS\\system32\\..\\bibcfbk.tmp 0yAAAAAAAA"
DeΨil.卑鄙無恥香腸伯

hayate43 wrote:
國外有解囉~~確定是...(恕刪)

給您拍拍手,小弟沒有加分權限無法加分給您,只能拍拍手
我公司的電腦已經被我GHOST回去了,無法驗證使否可行。
但是損壞的系統我有GHOST一份,所以剛剛把這個GHOST檔用GHOST EXPLORER開啟
發現在登錄檔中真的有奇怪機碼
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
"midi9"="C:\WINDOWS\system32\..\wlbjah.bak 0yAAAAAAAA"
而C:\WINDOWS底下也有wlbjah.bak這個檔案...
看來應該是有病毒作怪

再次給您拍拍手
我好想也有找到解毒方式 但是還沒試 明天試試看

DESCRIPTION

[Summary]

It causes abnormal system reboot.

[Symptom of Infection]

1. It creates files to below path.
(Windows Folder)\(Random Name).dat (Trojan.Win32.Delf.18432)

2. It creates below malicious code to driver related registry.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi9"="(System Folder)\..\(Random Name).dat 0yAAAAAAAA"

3. Infected system cannot be started normally on reboot.

[How to encounter manually]

1. Do slave connect the infected system's hard drive to normal system, then reboot the system.
2. Execute regedit. [Start]-[Run]-[regedit]-[Enter]
3. Select [HKEY_LOCAL_MACHINE], and click [File]-[Load Hive].
4. From WINDOWS\system32\config in infected hard drive, select software file and click [Open].
5. Enter certain key to key name.
6. Delete midi9 value in the path of [HKEY_LOCAL_MACHINE]\Key name\Microsoft\Windows NT\CurrentVersion\Driver32.
7. On Loading Hive, select entered certain key(HKEY_LOCAL_MACHINE\Key name) and unload hive.
8. Slave connected hard drive connects to infected system, and scan drive for repair by ViRobot with the latest engine.
------------------------------------------------------------
REMOVAL INSTRUCTION

[How to repair]

1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.

2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.

a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)
b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)

3. How to scan the virus.

a. Run your ViRobot, and choose "all files" in scan option.
- ViRobot Desktop 5.0 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files

- ViRobot Desktop 5.5 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check

b. Repair all viruses detected.

c. If [Auto-repair after rebooting] message shows up, please try to re-scan after rebooting the PC.
解毒成功了!!!

電腦重生了 雖然也用了另一顆硬碟灌入一個全新的系統了 但是還是原來的硬碟好用些 免除一堆設定.
以下是我的解毒方式 中毒者可以試試

1. 可以把重讀那顆硬碟先接到可開機的電腦上 或是用XPE開機 或是其他方式開機

2. 到以下網址下載30天試用版防毒軟體
http://www.hauri.net/security/virus_view.html?intSeq=1705&strPart=&key=&cpage=1

接者跟著他的步驟走:
[How to repair]

1. If you are WinXP/ME users, please be inactivate System Recovery Function.
The reason why being inactivate of the system recovery is to clean the virus completely.
You can refer to MS technical documents(Q263455) for more details.

2. Update the engine module for the latest one.
To repair this virus, you need to update the engine for the latest one.

a. ViRobot products users
-Download the latest engine files via our website (www.hauri.net)
b. Non-ViRobot products users
- Use the LiveCall (Free Scan) via the website (http://www.livecall.co.kr)
- Use the trial version of ViRobot products (30days only)

3. How to scan the virus.

a. Run your ViRobot, and choose "all files" in scan option.
- ViRobot Desktop 5.0 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files

- ViRobot Desktop 5.5 : [Tools] -> [Configuration] -> [Virus Scan] : Check all files
- LiveCall (Free Scan) : [Advanced Scan] : Check

b. Repair all viruses detected.

c. If [Auto-repair after rebooting] message shows up, please try to re-scan after rebooting the PC.

3. 把硬碟接回來當做開機硬碟 應該就可以恢復了.

以上是我所找到的解毒方式 也成功完成了
中毒的朋友可以試試喔
解決方法是:嘗試利用Windows PE複製新的系統執行檔(例如:services.exe,Lsass.exe,alg.exe,msiexec.exe......)到/Windows/System32,然後重新開機.[建議先利用Windows PE檢查系統有沒有系統執行檔(例如:services.exe,Lsass.exe,alg.exe,msiexec.exe......),後複製新的系統執行檔(例如:services.exe,alg.exe,msiexec.exe......)到/Windows/System32]
若不是病毒的問題,還有什麼可能的情況呢?

2頁 (共2頁) » 分享到

前往



廣告
廣告