病毒表現：

在各個盤符里生成autorun.inf、xywrebh.exe兩個文件
只要用戶雙擊在打開各盤符，那么就自動運行了xywrebh.exe文件
在C:Program FilesCommon FilesSystem下生成terebmi.exe文件;
在C:Program FilesCommon FilesMicrosoft Shared下生成nuygtvw.exe文件
無法打開所有帶”病毒”字樣的文檔
無法打開IE(開一會就自動關閉)

解決方法：

必須在斷網的前提下進行。

過程如下：

首先，我發現的是該病毒沒把精銳網吧輔助工具5.7禁用，所以我在其里面的進程管理項目欄里找到了上面那兩個病毒的進程名與路徑，直接右鍵選擇“終止進程并禁止運行”，之后在限制恢復欄目里點擊瀏覽找到病毒路徑，直接選刪除文件。并在啟動管理項目欄里將病毒啟動項清除。
使用”eFix--Hidden(恢復系統隱藏文件).reg”示隱藏屬性
此時，路徑病毒已經被清除，但還有殘留。用資源管理器找到以下兩個路徑：
C:Program Filescommon filessystem和C:Program FilesCommon FilesMicrosoft Shared
將可疑文件刪掉。（主要是terebmi.exe和nuygtvw.exe兩個）
需要特別注意的是在HOSTS里，將其內容改為
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

即可

附：FileFix--Hidden(恢復系統隱藏文件).reg內容（針對XP）

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,
00
"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN]
"RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL]
"RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

將以上內容復制到記事本中，保存為*.reg格式文件，雙擊導入注冊表即可。