原來如此 在中此毒之前 是否有使用過 小弟所製作過的程式
如果是的話 那就是該防毒程式的誤判
因為 小弟所製作的批次查殺工具 有特別加上此功能
就是會建立此資料夾並且設成唯讀
用意在於 真正的威金病毒 是會建立此檔案
再進行系統感染
故小弟的設計 就是先解除該病毒 最後再設立此資料夾
以免日後 若再中威金病毒之時 會建立此檔案
當威金病毒 要開始感染系統時 會先檢查此檔案是否已建立
若已建立則不會動作 讓威金病毒也會誤判 以達到防護的效果

但此法可能也造成 防毒程式的誤判 因為系統內的確不可能會出現此檔案或資料夾
防毒程式竟然也使用檔名來判斷 所以造成誤判 並非特徵比對法

此法造成大大的不便 深感抱歉 請稍候一下 小弟另外製作解除工具

哈哈～～我也剛好剛才用安全模式掃的時候不小心喵到問題點（安全模式程式跑的慢）
～～我還以為是大大放毒的勒～～～
因為在3.bat裡面出現的指令和我出現的目錄名稱一模一樣～～～而且刪不掉～～
指令如下～～
才會在我家三台電腦都出現相同的目錄～～不過別台刪的掉～～這台被設成唯讀～～
用unlocker刪掉後重開機又跑出來了～～
對了～那我現在有目錄建立後應該不會在中威金毒了嗎？？？
總算虛驚一場～～ps：即時通掃木馬程式掃到的

md %systemroot%\1.com
cacls %systemroot%\1.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\sws32.dll
cacls %systemroot%\sws32.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\kill.exe
cacls %systemroot%\kill.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS

md %systemroot%\EXP10RER.com
cacls %systemroot%\10RER.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS

md %systemroot%\finders.com
cacls %systemroot%\finders.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Shell.sys
cacls %systemroot%\Shell.sys /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo_.exe
cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo_.exe
cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\1Sy.exe
cacls %systemroot%\1Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\2Sy.exe
cacls %systemroot%\2Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\3Sy.exe
cacls %systemroot%\3Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\4Sy.exe
cacls %systemroot%\4Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\5Sy.exe
cacls %systemroot%\5Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\6Sy.exe
cacls %systemroot%\6Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\7Sy.exe
cacls %systemroot%\7Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\8Sy.exe
cacls %systemroot%\8Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\9Sy.exe
cacls %systemroot%\9Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\exerouter.exe
cacls %systemroot%\exerouter.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo1_.exe
cacls %systemroot%\Logo1_.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\rundl132.exe
cacls %systemroot%\rundl132.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\rundll32.exe
cacls %systemroot%\rundll32.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\smss.exe
cacls %systemroot%\smss.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\vDll.dll
cacls %systemroot%\vDll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Dll.dll
cacls %systemroot%\Dll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\svhost32.exe"
cacls "C:\Program Files\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Intel\rundll32.exe"
cacls "C:\Program Files\Intel\rundll32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Intel\svhost32.exe"
cacls "C:\Program Files\Intel\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Microsoft\svhost32.exe"
cacls "C:\Program Files\Microsoft\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\richnotify.exe
cacls %systemroot%\system32\richnotify.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\reshtm.dll
cacls %systemroot%\system32\reshtm.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\resPro.dll
cacls %systemroot%\system32\resPro.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\stdie.dll
cacls %systemroot%\stdie.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS

的確沒錯 此指令是將該資料夾設為最高權限
md %systemroot%\1.com
cacls %systemroot%\1.com /T /E /C /R