病毒添加启兆拦动项:
[开始-程序-启动] Empty.pif
[Bron-Spizaetus] C:\WINDOWS\ShellNew\RakyatKelaparan.exe
[Tok-Cirrhatus]
[Tok-Cirrhatus-969] C:\Documents and Settings\[Users]\Local Settings\Application Data\br2961on.exe(数字有可能不是2961)
释放病毒文件:
C:\Documents and Settings\[Users]\Application Data\
和
C:\Documents and Settings\[Users]\Local Settings\Application Data
中有大量病毒程序,比如csrss.exe、inetinfo.exe、winlogon.exe、services.exe、smss.exe、lsass.exe、svchost.exe、Bron.tok-17-x.exe(x为数字)、以及带有“Bron tok”名字的文件,[Users]是指每一个用户名。
手动杀毒:
准备工具:木马杀客或者HijackThis或者其他。
说明:[Users]是指C:\Documents and Settings\下的每一个用户名,全文同。有些步骤可能会没有,则略过。
步骤:
1、由于病毒修改了cmd启动,安全模式下用命令提示符也没有作用,正常启动系统,关闭系统还原,打开木马杀客结束所有带有Application Data路径的进程。
2、在记事本里面输入以下内容(如果禁止了右键,我们可以从“郑段文件”这里新建一个):
dim wsh
set wsh=wscript.createobject("wscript.shell")
wsh.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled",""
wsh.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","0"
wsh.popup ("已经成功解开注册表")
另存为1.vbs或者1.vbe 运行这个文件,注册表就解开了。
3、解锁注册表、修复文件夹选项消失无法显示隐藏文件和扩展名、直接修改注册表显示系统文件和隐藏文件及扩展名,用记事本写以下内容:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"DisableCMD"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"喊猜誉HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001
另存为1.reg文件然后双击运行这个文件。
4、恢复显示“文件夹选项”,以便以后查看隐藏文件及文件扩展名:
运行-gpedit.msc-“本地计算机”策略-用户配置-管理模板-windows组件-windows资源管理器,更改设置:从“工具”菜单删除“文件夹选项”菜单!先选择“启用”,再选择
“已禁用”即可。
5、开始-运行-regedit,打开注册表搜索KesenjanganSosial、RakyatKelaparan、Bron、tok、Bron-Spizaetus、Tok-Cirrhatus、Tok-Cirrhatus-969、NendangBro,搜索到的子项删除。
此步尤为重要,病毒是嵌入到Explorer随着桌面进程启动运行的。如果有“瑞星注册表修复工具3.0.com”、“毒霸注册表修复.EXE”等注册表修复工具,用这些工具修复注册表。
比如:
删除
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell的值由Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"改为EXPLORER.EXE
[HKLM\SoftWare\Microsoft\Windows\CurrentVersion\Run]
删除:Bron-Spizaetus = "C:\%system%\ShellNew\RakyatKelaparan.exe"
(%system%在windows xp下指windows\system32,windows 2000下则为WINNT)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
删除C:\WINDOWS\KesenjanganSosial和C:\WINDOWS\ShellNew\RakyatKelaparan.exe
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
删除C:\WINDOWS\ShellNew\RakyatKelaparan.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
和
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
删除:Bron-Spizaetus、Tok-Cirrhatus、Tok-Cirrhatus-969等相关项。
如果有的话,
删除[HKEY_CURRENT_USER\Software\Microsoft\Windows\CarrentVersion]
注意是CarrentVersion,第二个字母是a
删除[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant]
6、搜索cmd-brontok.exe,得到下面类似的项:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
AlternateShell的值由cmd-brontok.exe改为cmd.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot]
AlternateShell的值由cmd-brontok.exe改为cmd.exe
7、开始-搜索-文件或文件夹-分别搜索含有“Bron、tok、empty.pif、Setting.scr、KesenjanganSosial、RakyatKelaparan.exe、cmd-brontok.exe、NendangBro”字符的所有文件,然后删除名字含有“Bron”且含有“tok”的文件,删除empty.pif和[Users]'s Setting.scr等全部文件。
8、删除在C:\Documents and Settings\[Users]\Application Data\和
C:\Documents and Settings\[Users]\Local Settings\Application Data文件夹里的病毒程序,比如csrss.exe、inetinfo.exe、winlogon.exe、services.exe、smss.exe、lsass.exe、svchost.exe、Bron.tok-17-x.exe(x为数字)、GDIPFONTCACHEV1.DAT、fusioncache.dat以及带有“Bron tok”名字的文件。控制面版-计划任务-删除全部任务。
9、修改C:\Autoexec.bat,删除里面的字符:"pause",保存退出。
10、清理IE临时文件、用超级兔子或者优化大师等工具清理临时文件。
比如清空C:\Documents and Settings\[user]\Local Settings\Temp\等文件夹。
VB6.0给已有图片添加文字可轿告通过定位的Print 方法实现。要将添加文字的位图储存为JPG格式文件,需要使用API函数等实现。
具体步骤:
1)在图片框加载需要添加文字水印的图片。
2)使用如下代码实现添加文字到图片框。
Private Sub CmdEdit_Click() '修改Dim strTxt As String
strTxt = "风雨无阻 拍摄"
Picture1.FontSize = 18
Picture1.CurrentY = Picture1.ScaleHeight - 30
Picture1.CurrentX = Picture1.ScaleWidth / 2 - Picture1.TextWidth(strTxt) / 2
Picture1.ForeColor = vbWhite
Picture1.FontItalic = True
Picture1.Print strTxt
End Sub
3)将以下API转换图片格式代码放置于标准模块,模块命名为saveApg。
Option ExplicitPublic Type GUID
Data1 As Long
Data2 As Integer
Data3 As Integer
唯帆让 Data4(0 To 7) As Byte
End Type
Public Type GdiplusStartupInput
GdiplusVersion As Long
指局 DebugEventCallback As Long
SuppressBackgroundThread As Long
SuppressExternalCodecs As Long
End Type
Public Type EncoderParameter
GUID As GUID
NumberOfValues As Long
type As Long
Value As Long
End Type
Public Type EncoderParameters
Count As Long
Parameter As EncoderParameter
End Type
Public Declare Function GdiplusStartup Lib "GDIPlus" (token As Long, inputbuf As GdiplusStartupInput, ByVal outputbuf As Long) As Long
Public Declare Function GdiplusShutdown Lib "GDIPlus" (ByVal token As Long) As Long
Public Declare Function GdipCreateBitmapFromHBITMAP Lib "GDIPlus" (ByVal hbm As Long, ByVal hpal As Long, Bitmap As Long) As Long
Public Declare Function GdipDisposeImage Lib "GDIPlus" (ByVal Image As Long) As Long
Public Declare Function GdipSaveImageToFile Lib "GDIPlus" (ByVal Image As Long, ByVal fileName As Long, clsidEncoder As GUID, encoderParams As Any) As Long
Public Declare Function CLSIDFromString Lib "ole32" (ByVal str As Long, id As GUID) As Long
Public Declare Function GdipCreateBitmapFromFile Lib "GDIPlus" (ByVal fileName As Long, Bitmap As Long) As Long
Public Function PictureBoxSaveJPG(ByVal pict As StdPicture, ByVal fileName As String, Optional ByVal quality As Byte = 80) As Boolean
Dim tSI As GdiplusStartupInput
Dim lRes As Long
Dim lGDIP As Long
Dim lBitmap As Long
'初始化 GDI+
tSI.GdiplusVersion = 1
lRes = GdiplusStartup(lGDIP, tSI, 0)
If lRes = 0 Then
'从句柄创建 GDI+ 图像
lRes = GdipCreateBitmapFromHBITMAP(pict.Handle, 0, lBitmap)
If lRes = 0 Then
Dim tJpgEncoder As GUID
Dim tParams As EncoderParameters
'初始化解码器的GUID标识
CLSIDFromString StrPtr("{557CF401-1A04-11D3-9A73-0000F81EF32E}"), tJpgEncoder
'设置解码器参数
tParams.Count = 1
With tParams.Parameter ' Quality
'得到Quality参数的GUID标识
CLSIDFromString StrPtr("{1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}"), .GUID
.NumberOfValues = 1
.type = 4
.Value = VarPtr(quality)
End With
'保存图像
lRes = GdipSaveImageToFile(lBitmap, StrPtr(fileName), tJpgEncoder, tParams)
'销毁GDI+图像
GdipDisposeImage lBitmap
End If
'销毁 GDI+
GdiplusShutdown lGDIP
End If
If lRes Then
PictureBoxSaveJPG = False
Else
PictureBoxSaveJPG = True
End If
End Function
4)使用以下代码实现将加好文字水印图片保存为jpg格式图片。
Private Sub Command3_Click() '保存为.jpg图片' 设置“CancelError”为 True
CommonDialog1.CancelError = True
On Error GoTo ErrHandler
' 设置标志
CommonDialog1.Flags = cdlOFNHideReadOnly
' 设置过滤器
CommonDialog1.Filter = "JPEG Files" & "(*.jpg)|*.jpg"
' 指定缺省的过滤器
CommonDialog1.FilterIndex = 2
' 显示“打开”对话框
CommonDialog1.ShowSave
' 显示选定文件的名字
'MsgBox CommonDialog1.fileName
Set Picture2.Picture = Picture1.Image '转移Picture1所绘图为Picture2.Picture赋值
Dim ret As Boolean
ret = PictureBoxSaveJPG(Picture2, CommonDialog1.fileName) '保存压缩后的图片
If ret = False Then
MsgBox "保存失败"
End If
Exit Sub
ErrHandler:
' 用户按了“取消”按钮
Exit Sub
End Sub
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)