原来如此 在中此毒之前 是否有使用过 小弟所制作过的程式
如果是的话 那就是该防毒程式的误判
因为 小弟所制作的批次查杀工具 有特别加上此功能
就是会建立此资料夹并且设成唯读
用意在于 真正的威金病毒 是会建立此档案
再进行系统感染
故小弟的设计 就是先解除该病毒 最后再设立此资料夹
以免日后 若再中威金病毒之时 会建立此档案
当威金病毒 要开始感染系统时 会先检查此档案是否已建立
若已建立则不会动作 让威金病毒也会误判 以达到防护的效果

但此法可能也造成 防毒程式的误判 因为系统内的确不可能会出现此档案或资料夹
防毒程式竟然也使用档名来判断 所以造成误判 并非特征比对法

此法造成大大的不便 深感抱歉 请稍候一下 小弟另外制作解除工具

哈哈～～我也刚好刚才用安全模式扫的时候不小心喵到问题点（安全模式程式跑的慢）
～～我还以为是大大放毒的勒～～～
因为在3.bat里面出现的指令和我出现的目录名称一模一样～～～而且删不掉～～
指令如下～～
才会在我家三台电脑都出现相同的目录～～不过别台删的掉～～这台被设成唯读～～
用unlocker删掉后重开机又跑出来了～～
对了～那我现在有目录建立后应该不会在中威金毒了吗？？？
总算虚惊一场～～ps：即时通扫木马程式扫到的

md %systemroot%\1.com
cacls %systemroot%\1.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\sws32.dll
cacls %systemroot%\sws32.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\kill.exe
cacls %systemroot%\kill.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS

md %systemroot%\EXP10RER.com
cacls %systemroot%\10RER.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS

md %systemroot%\finders.com
cacls %systemroot%\finders.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Shell.sys
cacls %systemroot%\Shell.sys /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo_.exe
cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo_.exe
cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\1Sy.exe
cacls %systemroot%\1Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\2Sy.exe
cacls %systemroot%\2Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\3Sy.exe
cacls %systemroot%\3Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\4Sy.exe
cacls %systemroot%\4Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\5Sy.exe
cacls %systemroot%\5Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\6Sy.exe
cacls %systemroot%\6Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\7Sy.exe
cacls %systemroot%\7Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\8Sy.exe
cacls %systemroot%\8Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\9Sy.exe
cacls %systemroot%\9Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\exerouter.exe
cacls %systemroot%\exerouter.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Logo1_.exe
cacls %systemroot%\Logo1_.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\rundl132.exe
cacls %systemroot%\rundl132.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\rundll32.exe
cacls %systemroot%\rundll32.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\smss.exe
cacls %systemroot%\smss.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\vDll.dll
cacls %systemroot%\vDll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\Dll.dll
cacls %systemroot%\Dll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\svhost32.exe"
cacls "C:\Program Files\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Intel\rundll32.exe"
cacls "C:\Program Files\Intel\rundll32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Intel\svhost32.exe"
cacls "C:\Program Files\Intel\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md "C:\Program Files\Microsoft\svhost32.exe"
cacls "C:\Program Files\Microsoft\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\richnotify.exe
cacls %systemroot%\system32\richnotify.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\reshtm.dll
cacls %systemroot%\system32\reshtm.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\system32\resPro.dll
cacls %systemroot%\system32\resPro.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS
md %systemroot%\stdie.dll
cacls %systemroot%\stdie.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS

的确没错 此指令是将该资料夹设为最高权限
md %systemroot%\1.com
cacls %systemroot%\1.com /T /E /C /R