460      微軟

徹底幹掉迅雷隱藏在kernel內的xlwfp服務

迅雷該服務在Services.msc內不可見，sc query 內也不可見，隻有在注冊表內可以看到，我是通過分析kernel模塊發現xlwfp服務的，不知道迅雷是否在後台幹什麼壞事？不然為什麼要在注冊表內設置了2個參數NoUseClass和NoDisplayClass

下麵是我做的bat文件，有需要的朋友可以參考。

::::::::::::::::::::::::::::::::::::::::::::::::::::::
::If user use Windows then Unlock the UAC at first
::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
@ECHO off

CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
CLS
ECHO.
ECHO **************************************
ECHO Please Note:
ECHO You must click Yes on the upcoming User Access Control pop-up window
ECHO to give this update privileges to run.
ECHO **************************************
PAUSE
if '%1'=='ELEV' (shift & goto gotPrivileges)  
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B

:gotPrivileges

setlocal & pushd .
::::::::::::::::::::::::::::::::::::::::::::::::::::::
::Unlock UAC Done
::::::::::::::::::::::::::::::::::::::::::::::::::::::
sc delete xlwfp
del %SystemRoot%\System32\Drivers\xlwfp.sys
reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{9FB5F2D4-203E-41D2-932F-6DE145F9756C} /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9FB5F2D4-203E-41D2-932F-6DE145F9756C} /f

最後更新：2017-05-12 11:35:42

  上一篇： 我的Zune更新諾基亞 Lumia 900 電腦顯示 Vista Clear Type Fonts for

  下一篇： 已安裝Windows Defender 還有必要安裝其他安全軟件嗎？