本文讲述了如何处理System Volume Information文件夹中的病毒问题。在虚拟机中测试病毒样本后,作者发现该文件夹中有大量病毒。由于其默认权限限制,普通安全软件无法访问。建议可以通过设置Everyone完全控制权限来允许安全软件扫描该区域,或者在不使用系统还原的情况下,直接删除文件夹内的病毒文件。
前段时间下了个病毒样本在虚拟机里测试了一下,它首先干掉了我的安全模式,由于我事先将
安全模式相关注册表项备份了,所以导入reg文件后恢复了安全模式。你可以在注册表中的这个
位置找到它:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot
将它导出后,可以看到以下内容:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal]
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/AppMgmt]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/Base]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/Boot Bus Extender]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/Boot file system]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/CryptSvc]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/DcomLaunch]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/dmadmin]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/dmboot.sys]
@="Driver"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/dmio.sys]
@="Driver"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/dmload.sys]
@="Driver"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/dmserver]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/EventLog]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/HelpSvc]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/Netlogon]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/PCI Configuration]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/PlugPlay]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/PNP Filter]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/Primary disk]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/SCSI Class]
@="Driver Group"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/sermouse.sys]
@="Driver"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SafeBoot/Minimal/sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlS
最低0.47元/天 解锁文章
扫一扫
838
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
