遭遇恶意代码后的处理方法

最新推荐文章于 2023-07-22 12:20:07 发布

cn_chenfeng

最新推荐文章于 2023-07-22 12:20:07 发布

阅读量1.2k

点赞数

分类专栏：精华文章文章标签： microsoft 杀毒软件 comments file google 浏览器

本文链接：https://blog.csdn.net/cn_chenfeng/article/details/384276

版权

精华文章专栏收录该内容

18 篇文章 0 订阅

订阅专栏

这两天打开IE浏览器去诺顿网站下载最新病毒库，突然发现上不了了，怀疑是中了木马程序，于是打开注册表，找到"HKEY_LOCAL_MACHINE/Software/Microsoft/Windwos/Currentversion/Run"，仔细查看，没发现什么可疑程序。再打开进程查看器，也没有什么可疑的进程。用诺顿到"安全模式"下查毒，也没发现病毒。

　再试一下，发现不止诺顿，连goole也上不去了，但是上sina、sohu等网站却没问题。

　怀疑是本地的域名解析出现了问题，打开C:/Winnt/System32/Drivers/etc目录，用记事本编缉hosts文件。果然，Google、诺顿等网站被转向到了某个IP地址上，把它们统统删除，再打开IE，OK，一切正常。分析造成该问题的原因可能是由于上某类网站，提示让下载插件，结果下载成功后却中了招，建议网友们以后在浏览网站的时候，要小心出现下载插件的提示，一定要看清楚后再下载，否则中了招后就非常难看了，对于这类恶意代码，有时候连杀毒软件也无能为力。

以下是hosts文件的内容：

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

127.0.0.1 www.google.com
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.grisoft.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.virustotal.com
127.0.0.1 virustotal.com