巧用“记事本” 让病毒白白运行

<H2>巧用“记事本” 让病毒白白运行</H2>
<DIV class=t_msgfont id=postmessage_17183995><SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%B5%E7%C4%D4"><NOBR><B class=kgb onmouseover='isShowAds = false;isShowAds2 = false;isShowGg = true;InTextAds_GgLayer="_u7535_u8111";KeyGate_ads.ShowGgAds(this,"_u7535_u8111",event)' style="BORDER-TOP-WIDTH: 0px; PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; BORDER-LEFT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; CURSOR: hand; COLOR: #ff8000; PADDING-TOP: 0px; BORDER-RIGHT-WIDTH: 0px; TEXT-DECORATION: underline" onclick='javascript:window.open("http://pagead2.googlesyndication.com/pagead/iclk?sa=l&amp;ai=Bsq43nuDESOzsD5LQvAO2yOWGCvOb4IUBi_fmsAnAjbcBwLgCEAEYASCsvJEKKBQ4AFDirObuAWCdwduBzAWyAQ9iYnMuMzY2dGlhbi5uZXTIAQHaAS1odHRwOi8vYmJzLjM2NnRpYW4ubmV0L3RocmVhZC04OTk1NDItMS0xLmh0bWzIAsWNowSoAwHoA7cE6APhBegDrwKIBAGQBAGYBAA&amp;num=1&amp;adurl=http://www.intel.com/cn/technology/architecture-silicon/index.htm%3Fcid%3Dprc:ggl%7Cchips_cn_gen%7Ck10147%7Cs&amp;client=ca-pub-1681215984289622");GgKwClickStat("电脑","www.intel.com","afc","2000072008");' onmouseout='isShowGg = false;InTextAds_GgLayer="_u7535_u8111"'>电脑</B></NOBR></SPAN>中毒后，许多朋友会打开“进程管理器”，将几个不太熟悉的程序关闭掉，但有时会碰到这种情况：关掉一个，再去关闭另外一个时，刚才关闭的那个马上又运行了。再从注册表里先把启动项删除后，重启试试，刚删除的那些启动项又还原了。<BR><BR>　　由于电脑只装一个操作<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%CF%B5%CD%B3"><NOBR><B class=kgb onmouseover='isShowAds = false;isShowAds2 = false;isShowGg = true;InTextAds_GgLayer="_u7CFB_u7EDF";KeyGate_ads.ShowGgAds(this,"_u7CFB_u7EDF",event)' style="BORDER-TOP-WIDTH: 0px; PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; BORDER-LEFT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; CURSOR: hand; COLOR: #ff8000; PADDING-TOP: 0px; BORDER-RIGHT-WIDTH: 0px; TEXT-DECORATION: underline" onclick='javascript:window.open("http://pagead2.googlesyndication.com/pagead/iclk?sa=l&amp;ai=Bsq43nuDESOzsD5LQvAO2yOWGCvOb4IUBi_fmsAnAjbcBwLgCEAEYASCsvJEKKBQ4AFDirObuAWCdwduBzAWyAQ9iYnMuMzY2dGlhbi5uZXTIAQHaAS1odHRwOi8vYmJzLjM2NnRpYW4ubmV0L3RocmVhZC04OTk1NDItMS0xLmh0bWzIAsWNowSoAwHoA7cE6APhBegDrwKIBAGQBAGYBAA&amp;num=1&amp;adurl=http://www.intel.com/cn/technology/architecture-silicon/index.htm%3Fcid%3Dprc:ggl%7Cchips_cn_gen%7Ck10147%7Cs&amp;client=ca-pub-1681215984289622");GgKwClickStat("系统","www.intel.com","afc","2000072008");' onmouseout='isShowGg = false;InTextAds_GgLayer="_u7CFB_u7EDF"'>系统</B></NOBR></SPAN>，也没办法在另一个<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%CF%B5%CD%B3">系统</SPAN>下删除这些<NOBR><B class=kgb onmouseover='isShowAds = false;isShowAds2 = false;isShowGg = true;InTextAds_GgLayer="_u75C5_u6BD2";KeyGate_ads.ShowGgAds(this,"_u75C5_u6BD2",event)' style="BORDER-TOP-WIDTH: 0px; PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; BORDER-LEFT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; CURSOR: hand; COLOR: #ff8000; PADDING-TOP: 0px; BORDER-RIGHT-WIDTH: 0px; TEXT-DECORATION: underline" onclick='javascript:window.open("http://pagead2.googlesyndication.com/pagead/iclk?sa=l&amp;ai=Bsq43nuDESOzsD5LQvAO2yOWGCvOb4IUBi_fmsAnAjbcBwLgCEAEYASCsvJEKKBQ4AFDirObuAWCdwduBzAWyAQ9iYnMuMzY2dGlhbi5uZXTIAQHaAS1odHRwOi8vYmJzLjM2NnRpYW4ubmV0L3RocmVhZC04OTk1NDItMS0xLmh0bWzIAsWNowSoAwHoA7cE6APhBegDrwKIBAGQBAGYBAA&amp;num=1&amp;adurl=http://www.intel.com/cn/technology/architecture-silicon/index.htm%3Fcid%3Dprc:ggl%7Cchips_cn_gen%7Ck10147%7Cs&amp;client=ca-pub-1681215984289622");GgKwClickStat("病毒","www.intel.com","afc","2000072008");' onmouseout='isShowGg = false;InTextAds_GgLayer="_u75C5_u6BD2"'>病毒</B></NOBR>。上网<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%CF%C2%D4%D8">下载</SPAN>专杀工具后，仍然不能杀掉。<BR><BR>　　如此翻来覆去，病毒未杀掉，人却濒临崩溃。这时怎么办呢?遇到这种情况，笔者向大家推荐一种方法。<BR><BR>　　第一步：在“开始→运行”中输入CMD，打开“命令提示符”窗口。<BR><BR>　　第二步：输入ftype exefile=notepad.exe %1，这句话的意思是将所有的EXE<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%CE%C4%BC%FE">文件</SPAN>用“记事本”打开。这样原来的病毒就无法启动了。<BR><BR>　　第三步：重启电脑，你会看见打开了许多“记事本”。当然，这其中不仅有病毒文件，还有一些原来的系统文件，比如：输入法程序。<BR><BR>　　第四步：右击任何文件，选择“打开方式”，然后点击“浏览”，转到<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=Windows">Windows</SPAN>System32下，选择cmd.exe，这样就可以再次打开“命令提示符”窗口。<BR><BR>　　第五步：运行ftype exefile=%1 %*，将所有的EXE文件关联还原。现在运行杀毒<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=%C8%ED%BC%FE">软件</SPAN>或直接改回注册表，就可以杀掉病毒了。<BR><BR>　　第六步：在每一个“记事本”中，点击菜单中的“文件→另存为”，就可看到了路径以及文件名了。找到病毒文件，手动删除即可，但得小心，必须确定那是病毒才能删除。建议将这些文件改名并记下，重启后，如果没有病毒作怪，也没有系统问题，再进行删除，<BR>附：Ftype的用法<BR>在Windows中，Ftype命令用来<NOBR><B class=kgb onmouseover='isShowAds = false;isShowAds2 = false;isShowGg = true;InTextAds_GgLayer="_u663E_u793A";KeyGate_ads.ShowGgAds(this,"_u663E_u793A",event)' style="BORDER-TOP-WIDTH: 0px; PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; BORDER-LEFT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; CURSOR: hand; COLOR: #ff8000; PADDING-TOP: 0px; BORDER-RIGHT-WIDTH: 0px; TEXT-DECORATION: underline" onclick='javascript:window.open("http://pagead2.googlesyndication.com/pagead/iclk?sa=l&amp;ai=BlYShnuDESOzsD5LQvAO2yOWGCpLvpmDUz-DmBsCNtwHAixEQAhgCIKy8kQooFDgAULf_uyNgncHbgcwFsgEPYmJzLjM2NnRpYW4ubmV0yAEB2gEtaHR0cDovL2Jicy4zNjZ0aWFuLm5ldC90aHJlYWQtODk5NTQyLTEtMS5odG1sqQK9whPkHaGDPsgCstGtBqgDAegDtwToA-EF6AOvAogEAZAEAZgEAA&amp;num=2&amp;adurl=http://www.konzesys.com&amp;client=ca-pub-1681215984289622");GgKwClickStat("显示","www.konzesys.com","afc","2000072008");' onmouseout='isShowGg = false;InTextAds_GgLayer="_u663E_u793A"'>显示</B></NOBR>及<NOBR><B class=kgb onmouseover='isShowAds = false;isShowAds2 = false;isShowGg = true;InTextAds_GgLayer="_u4FEE_u6539";KeyGate_ads.ShowGgAds(this,"_u4FEE_u6539",event)' style="BORDER-TOP-WIDTH: 0px; PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: normal; BORDER-LEFT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; CURSOR: hand; COLOR: #ff8000; PADDING-TOP: 0px; BORDER-RIGHT-WIDTH: 0px; TEXT-DECORATION: underline" onclick='javascript:window.open("http://pagead2.googlesyndication.com/pagead/iclk?sa=l&amp;ai=B5-Z6nuDESOzsD5LQvAO2yOWGCpXI-XTXqK_7B8CNtwGQsAoQAxgDIKy8kQooFDgAUOP2sOoDYJ3B24HMBbIBD2Jicy4zNjZ0aWFuLm5ldMgBAdoBLWh0dHA6Ly9iYnMuMzY2dGlhbi5uZXQvdGhyZWFkLTg5OTU0Mi0xLTEuaHRtbKkCvcIT5B2hgz7IAvWT9AWoAwHoA7cE6APhBegDrwKIBAGQBAGYBAA&amp;num=3&amp;adurl=http://www.hiseate.net/index.htm%3FActiveNode%3D1&amp;client=ca-pub-1681215984289622");GgKwClickStat("修改","www.hiseate.net/index.htm?ActiveNod","afc","2000072008");' onmouseout='isShowGg = false;InTextAds_GgLayer="_u4FEE_u6539"'>修改</B></NOBR>不同扩展名文件所关联的打开程序。相当于在注册表编辑器中修改“H<SPAN class=t_tag onclick=tagshow(event) href="tag.php?name=KEY">KEY</SPAN>_CLASSES_ROOT”项下的部分内容一样。<BR>Ftype的基本使用格式为：Ftype [文件类型[=[打开方式/程序]]]<BR>比如：像上例中的ftype exefile=notepad.exe %1，表示将所有文件类型为EXE(exefile表示为EXE类型文件)的文件都通过“记事本”程序打开，后面的%1表示要打开的程序本身(就是双击时的那个程序)。<BR>ftype exefile=%1 %*则表示所有EXE文件本身直接运行(EXE 可以直接运行，所以用表示程序本身的%1即可)，后面的%*则表示程序命令后带的所有参数(这就是为什么EXE文件可以带参数运行的原因)。</DIV>