----- Original Message ----- From: åè± Sent: Tuesday, November 14, 2000 6:06 PM Subject: Re: å°å¿ç æ¯
Dear all: æ©ä¸æ¼æ 14.æ¸ææ©åæé æ å°ç¶²è·¯ç·æåå» éææ¨åè½å¯çµ¦äººçä¿¡, 空ç½å­å èé½è®åèäº !! åè±

該ç æ¯æè½å¯ä¸æ¯æ¬¡å¯çæ¨é¡éä¸å,
ä½éå æªåä¸å¾çºNavidad.exe,è«åä½æåååå¿å·è¡,
以å æ´å¤äººé­å°ä¸æ¸¬,
å¦å¤è¥ä½ ççæ¶å°ä¸¦ä¸­æ¯äº,解決æ¹æ³é 便å¯çµ¦åä½äº

å¦ææ¨æ¾ç¶å·è¡é Navidad.exe æå·è¡ä»»ä½ç¨å¼ç¼çæ¾ä¸å° WINSVRC.EXE
é就表示æ¨ä¸­æ¯äº.

中æ¯èçæ¹å¼å¦ä¸:

1. å å°æ¸ææ©éæ æ å°ç¶²è·¯ç·ææ

2. é¸éå§->ç¨å¼é->é屬æç¨ç¨å¼->MS-DOS 模å¼, é樣æå° Windws çç®éä¸

3. åÔ͘ MS-DOS 模å¼ä¸, å°ç»é編輯ç¨å¼ regedit.exe æ¹åæéæªåçº regedit.com,å ¶ dos æ令å¦ä¸
??? ren? regedit.exe?? regedit.com

4. åÔ͘ MS-DOS 模å¼ä¸å·è¡ç»é編輯ç¨å¼ regedit.com, å ¶ dos æ令å¦ä¸
??? regedit.com

5. å¨ç»é編輯ç¨å¼å·¦éæ¾å° HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
??? æ¾å° Win32BaseServiceMOD = %windir%\SYSTEM\WINSVRC.EXE
??? å¨ç«é¢å³éé»é¸ Win32BaseServiceMOD = %windir%\SYSTEM\WINSVRC.EXE 並åªé¤.

6. å¨ç»é編輯ç¨å¼å·¦éæ¾å° HKEY_CLASSES_ROOT\exefile\shell\open\command
??? å¨ç«é¢å³éé»é¸ â%windir%\SYSTEM\WINSVRC.EXEâ%1ââ%â å ©ä¸
??? åºç¾ %windir%\SYSTEM\WINSVRC.EXE "%1" % å°è©±æ¡ä»¥å¾, å°å ¶ä¿®æ¹æçº?"%1" %*

7. é¸åè½è¡¨é¢éç»é編輯ç¨å¼

8. åÔ͘ MS-DOS 模å¼ä¸, å°ç»é編輯ç¨å¼ regedit.com éååéæªåçº exe,? å ¶ dos æ令å¦ä¸
??? ren? regedit.com? regedit.exe

9. åÔ͘ MS-DOS 模å¼ä¸, åæç®éå° Windws ä¸ç SYSTEM ç®éä¸, åⁿ WINSVRC.EXE æªæ¡åªé¤,? å ¶ dos æ令å¦ä¸
??? cd? system
??? delete winsvrc.*

10. åÔ͘ MS-DOS 模å¼ä¸, åå° Windows , å ¶ dos æ令å¦ä¸
??? exit

11. é»é¸éå§->éæ©->éæ°éæ©

12. å°éµä»¶è»é«çå¯ä»¶å¤¾, å°å°æªå¯åºçå«éä»¶æª Navidad.exe éµä»¶åªé¤, æ¶ä»¶å¤¾çå«éä»¶æª Navidad.exe ç æ¯éµä»¶ä¹åªé¤

13. å·è¡ææ°çææ¯è»é«, åⁿ TROJ_NAVIDAD.A.? ç æ¯åªé¤