跑不了是worm了~~引自Sophos
W32/RBot-A is a worm with a backdoor component that spreads on weakly protected network shares on the Windows platform. The worm spreads by scanning random IP addresses for open SMB ports (445) and trying to copy itself to the Windows system folder on the remote Admin$ and C$ shares as the file wuamgrd.exe.
如果需要删除的话~~
先得删除%HomeDrive%\debug.txt
然后编辑注册表
HKEY_LOCAL_MACHINE :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update = wuamgrd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Microsoft Update = wuamgrd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update = wuamgrd.exe
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\Run\Microsoft Update = wuamgrd.exe
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\RunRunOnce\Microsoft Update = wuamgrd.exe
如果有,就删除~~~HKU那个不太容易找到的是[code number] 反正,搜索吧~~~~
方法译自Sophos~~~:)
最后充启~~~我想应该就没有了~~~:)
