sigverif 是XP自带的数字签名验证程序,用它可以发现哪些系统文件被改动了(例如被感染)
可以在开始---运行中直接输入 sigverif 回车,运行。
`````````````````````````````````````````````````````````````````````````````````````````````````````````````````
一台机器,十全大补总是复发,症状酷似机器狗,于是sigverif,userinit.exe果然感染,于是用干净文件覆盖之,居然还有问题,反复了数次,头疼不已,终于醒悟过来,于是继续sigverif所有c:/windows及c:/windows/system32里的EXE文件,终于发现
notepad.exe
explorer.exe
userinit.exe
mmc.exe
regedit.exe
sndvol32.exe
均已感染,于是均覆盖之,问题终于解决,初步看,还不感染以上所列以外的系统非系统EXE文件。