Recycler病毒有哪些查殺方法?

在每個盤符下生成RECYCLER文件夾和autorun.inf。RECYCLER文件夾是隱藏只讀的屬性，在RECYCLER文件夾下有三個隱藏回收站，文件名分別為：S-1-5-21-855582601-134036064-58889803-500、S-1-5-21-1292428093-2111687655-1343024091-1003、S-1-5-21-2797706238-1410940092-4153244740-500，不能直接刪除它們，只有進入DOS系統刪除它們，進入DOS系統刪除它們後，過壹會兒又重新在每個盤符下生成RECYCLER文件夾，RECYCLER文件夾還是隱藏只讀的屬性，在RECYCLER文件夾下有壹個隱藏回收站；autorun.inf是隱藏系統只讀的屬性，用記事本打開，其內容為：

[AutoRun]

Shell=打開(&O)

shell\打開(&O)\command=RECYCLER\UcHelp.exe。分析：

通過批處理去掉三個隱藏回收站（S-1-5-21-855582601-134036064-58889803-500、S-1-5-21-1292428093-2111687655-1343024091-1003、S-1-5-21-2797706238-1410940092-4153244740-500）的回收站圖標及隱藏屬性，發現S-1-5-21-855582601-134036064-58889803-500、S-1-5-21-1292428093-2111687655-1343024091-1003、S-1-5-21-2797706238-1410940092-4153244740-500為三個文件夾，其是通過Desktop.ini配置設置偽裝成回收站，並設置隱藏屬性，在其文件夾下有病毒文件INFO2、UcHelp.exe及配置設置文件Desktop.ini。autorun.inf文件的作用大家都知道，這裏就不作介紹。

解決方法：

壹、斷網，運行批處理（清理RECYCLER病毒文件.bat）；

二、不要重啟，直接帶電拔電源插座強行關機，然後開機用系統盤修復即可！“清理RECYCLER病毒文件.bat“的內容如下：

======================================================================

@echo off

taskkill /im explorer.exe /f

for /d %%i in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist "%%i:/RECYCLER" (

attrib %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\desktop.ini -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\desktop.ini

attrib %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\INFO2 -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\INFO2

attrib %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\UcHelp.exe -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\UcHelp.exe

attrib %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500 -s -h -r

rd /q/s %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500attrib %%i:\RECYCLER\S-1-5-21-1960408961-1450960922-682003330-500\desktop.ini -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-1960408961-1450960922-682003330-500\desktop.ini

attrib %%i:\RECYCLER\S-1-5-21-1960408961-1450960922-682003330-500\INFO2 -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-1960408961-1450960922-682003330-500\INFO2

attrib %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\UcHelp.exe -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\UcHelp.exe

attrib %%i:\RECYCLER\S-1-5-21-1960408961-1450960922-682003330-500 -s -h -r

rd /q/s %%i:\RECYCLER\S-1-5-21-1960408961-1450960922-682003330-500attrib %%i:\RECYCLER\S-1-5-21-2516078899-3036549676-3356972236-500\desktop.ini -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-2516078899-3036549676-3356972236-500\desktop.ini

attrib %%i:\RECYCLER\S-1-5-21-2516078899-3036549676-3356972236-500\INFO2 -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-2516078899-3036549676-3356972236-500\INFO2

attrib %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\UcHelp.exe -s -h -r

@del /q/s/f %%i:\RECYCLER\S-1-5-21-151679604-1924401545-338918334-500\UcHelp.exe

attrib %%i:\RECYCLER\S-1-5-21-2516078899-3036549676-3356972236-500 -s -h -r

rd /q/s %%i:\RECYCLER\S-1-5-21-2516078899-3036549676-3356972236-500rd /q/s %%i:\RECYCLER

)echo Windows Registry Editor Version 5.00>C:\seesaw.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] >>C:\seesaw.reg

echo "DisableRegistryTools"=dword:00000000 >>C:\seesaw.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >>C:\seesaw.reg

echo "NoFolderOptions"=dword:00000000 >>C:\seesaw.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] >>C:\seesaw.reg

echo "DisableTaskMgr"=dword:00000000 >>C:\seesaw.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>C:\seesaw.reg

echo "CheckedValue"=dword:00000001 >>C:\seesaw.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt] >>C:\seesaw.reg

echo "UncheckedValue"=dword:00000000 >>C:\seesaw.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] >>C:\seesaw.reg

echo "@shell32.dll,-30500"="顯示所有文件和文件夾" >>C:\seesaw.reg

echo "@shell32.dll,-30501"="不顯示隱藏的文件和文件夾" >>C:\seesaw.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >>C:\seesaw.reg

echo "Shell"="Explorer.exe" >>C:\seesaw.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >>C:\seesaw.reg

echo "NoDriveAutoRun"=hex:ff,ff,ff,03 >>C:\seesaw.reg

echo "NoSetTaskbar"=dword:00000000 >>C:\seesaw.reg

echo "NoDriveTypeAutoRun"=dword:000000ff >>C:\seesaw.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] >>C:\seesaw.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] >>C:\seesaw.reg

echo "NoDriveTypeAutoRun"=dword:000000ff >>C:\seesaw.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] >>C:\seesaw.reg

@reg import C:\seesaw.reg

@del /q C:\seesaw.reg

start explorer.exe

echo 清理RECYCLER病毒文件完成!

Pause

exit 相信lz肯定能解決問題的