为你提供几种手动方法:
原来它利用svchost.exe装载了一个在windows\system32\hbmter.dll。这个DLL是一个winsock2 SPI,所以当大家上网时,hbmter.dll就会重新copy hbhelper.dll进去C:\WINDOWS\Downloaded Program Files
删除的方法如下,备份
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
然后,用dos启动盘(不要进windows的保护摸式,因为hbmter.dll也会装载的)
删除如下两个文件
C:\WINDOWS\Downloaded Program Files\hbhelper.dll
C:\windows\system32\hbmter.dll
最后,导入如下的注册表
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65, 6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,03,00,0c,00,00,00,03,00,03, 00,0f,00,00,00,03,00,03,00,12,00,00,00,03,00,03,00,15,00,00,00,03,00,03,00, 18,00,00,00,03,00,03,00,1b,00,00,00,03,00,03,00,1e,00,00,00,03,00,03,00,21, 00,00,00,03,00,03,00,24,00,00,00,03,00,03,00,27,00,00,00,03,00,03,00,2a,00, 00,00,03,00,03,00,2d,00,00,00,04,00,03,00,30,00,00,00,03,00,03,00,34,00,00, 00,04,00,03,00,37,00,00,00,1c,00,03,00,3b,00,00,00,04,00,03,00,57,00,00,00, 04,00,03,00,5b,00,00,00,04,00,03,00,5f,00,00,00,04,00,03,00,63,00,00,00,04, 00,03,00,67,00,00,00,04,00,03,00,6b,00,00,00,04,00,03,00,6f,00,00,00,04,00, 03,00,73,00,00,00,04,00,03,00,77,00,00,00,04,00,03,00,7b,00,00,00,04,00,03, 00,7f,00,00,00,04,00,03,00,83,00,00,00,04,00,03,00,66,00,02,00,00,00,00,00, 00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f, 48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00, 00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70, 00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65, 6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,03,00,0c,00,00,00,03,00,03, 00,0f,00,00,00,03,00,03,00,12,00,00,00,03,00,03,00,15,00,00,00,03,00,03,00, 18,00,00,00,03,00,03,00,1b,00,00,00,03,00,03,00,1e,00,00,00,03,00,03,00,21, 00,00,00,03,00,03,00,24,00,00,00,03,00,03,00,27,00,00,00,03,00,03,00,2a,00, 00,00,03,00,03,00,2d,00,00,00,04,00,03,00,30,00,00,00,03,00,03,00,34,00,00, 00,04,00,03,00,37,00,00,00,1c,00,03,00,3b,00,00,00,04,00,03,00,57,00,00,00, 04,00,03,00,5b,00,00,00,04,00,03,00,5f,00,00,00,04,00,03,00,63,00,00,00,04, 00,03,00,67,00,00,00,04,00,03,00,6b,00,00,00,04,00,03,00,6f,00,00,00,04,00, 03,00,73,00,00,00,04,00,03,00,77,00,00,00,04,00,03,00,7b,00,00,00,04,00,03, 00,7f,00,00,00,04,00,03,00,83,00,00,00,04,00,03,00,09,06,02,00,00,00,00,00, 00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f, 48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00, 00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70, 00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
解决新版的hbhelper.dll(参考:xuper - 童生 一级 http://zhidao.baidu.com/question/6348764.html)大家可以试试
这是因为它利用svchost.exe装载了一个在windows\system32\hbmter.dll。这个DLL是一个winsock2 SPI,所以当大家上网第一次打开ie时,hbmter.dll就会重新copy hbhelper.dll进去C:\WINDOWS\Downloaded Program Files
删除的方法如下:
1.首先进如安全模式.注意不要打开ie.
2.用进程管理器首先关掉rundll32启动的hbhelper.dll
3.删除掉C:\Program Files\hbclient目录
4.手动或用工具删除启动项目里的richmedia启动hbhelper.dll的启动项.可以借助这个软件来办到:Autoruns:开机启动项管理 http://www.onlinedown.net/soft/21022.htm
5.进如注册表编辑器搜索richmedia和hbhelper删除所有的相关注册表值.大概有10多个吧.
6.找个好用的没有中过hbhelper的机器,备份好好用的机器的注册表项目.下面键值(以后待用)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
7.然后,用dos启动盘或者maxdos等支持dos启动的软件进入dos模式。要是nt分区请启ntfsdos(删除如下两个文件)
C:\WINDOWS\Downloaded Program Files\hbhelper.dll
C:\windows\system32\hbmter.dll
这里如果你对DOS不熟悉,可以试试下面的这2个软件(那么在安全模式下就可以操作):
顽固文件删除终极武器:
你从这地址下载一个名为Softscape Tools的DOS工具:
http://www.newhua.com/cfan/200515/stools.rar
下载解压缩后,直接双击运行该文件就是了,其使用方法比较简单,是菜单式的键盘操作。要删除某文件,只需定位后按下“D”并确认即可。
Copylock汉化版下载:http://www1.skycn.com/soft/8642.html
该软件可以删除正在被调用的文件。
8.进如目录恢复模式启动机器.这时候打开ie是不好用的。最后导入先前备份好的正确安全的注册表项.
参考资料:http://www.25xs.net/blog/blogview.asp?logID=399&cateID=4