娛樂滿紛 26FUN's Archiver

147ak477 發表於 2006-1-13 12:56 AM

Help from spyware infection

**** 作者被禁止或刪除 內容自動屏蔽 ****

hello1997 發表於 2006-1-13 06:54 AM

did u try microsoft spyware removal tools?
[url]http://www.download.com/Microsoft-Windows-AntiSpyware/3000-8022_4-10418686.html?tag=lst-0-1[/url]

or

Adaware
[url]http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-1[/url]

They should work!!! Good luck!!!

gergermen 發表於 2006-1-13 11:25 AM

有冇試過 Hijackthis,呢度有POST過

desktop background cannot be changed
——呢個可以入註冊表搞,記得都有POST過。

lywv6 發表於 2006-1-14 03:33 PM

[quote]Originally posted by [i]hello1997[/i] at 2006-1-13 06:54 AM:
did u try microsoft spyware removal... [/quote]


used both
they detected some spywawre and removed
but still have pop-ups:(

gergermen 發表於 2006-1-14 04:46 PM

呢啲軟件清唔曬,入註冊表手工清除之。

入之前可用HIJACKTHIS掃一次,作一個分析,揾出位置。

[[i] Last edited by gergermen on 2006-1-14 at 04:47 PM [/i]]

147ak477 發表於 2006-1-14 08:23 PM

**** 作者被禁止或刪除 內容自動屏蔽 ****

gergermen 發表於 2006-1-14 10:46 PM

post 個掃描結果上嚟(爲免太長,用TXT格式上傳上嚟)。

147ak477 發表於 2006-1-15 08:49 AM

**** 作者被禁止或刪除 內容自動屏蔽 ****

gergermen 發表於 2006-1-15 10:51 AM

O4 - HKLM\..\Run: [TFNF5] TFNF5. exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar. exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK. exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY. EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy. exe /Type 01
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001. exe"
——呢幾個本人覺得有啲疑問,先將呢幾項導出後再DEL,睇下有問題,若有,再導入返。

desktop background cannot be changed
—— 入註冊表,start——run,type regedit
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop" , "NoActiveDesktopChanges"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000
"NoHTMLWallPaper"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
——值係唔係 1,若係改為 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL", "Search Page"
——睇下係唔係你自己SET嘅LINK,若唔係,就改返佢。

147ak477 發表於 2006-1-15 11:05 AM

**** 作者被禁止或刪除 內容自動屏蔽 ****

147ak477 發表於 2006-1-15 11:08 AM

**** 作者被禁止或刪除 內容自動屏蔽 ****

gergermen 發表於 2006-1-15 11:37 AM

O4 - HKLM\..\Run: [TFNF5] TFNF5. exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar. exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK. exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY. EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy. exe /Type 01
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001. exe"
——i scanned, and cliked those item and click fix checked, it said i will permanantly remove those item..so i clicked no....,指上面呢幾個?呢幾個係咩SOFTWARE,你知唔知。
導出(EXPORT)/導入(IMPORT),喺註冊表編輯器嘅“REGISTRY(註冊表)”嗰度。


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"force active desktop on"  have  0X0000001 (1)
—— 改為0,睇下得唔得

PS:desktop background cannot be changed,具體係點?喺DESKTOP,RIGHT CLICK MOUSE,SELECT“PROPERTISE”,有冇“BACKGROUND”呢項?

147ak477 發表於 2006-1-15 11:51 AM

**** 作者被禁止或刪除 內容自動屏蔽 ****

147ak477 發表於 2006-1-15 11:57 AM

**** 作者被禁止或刪除 內容自動屏蔽 ****

gergermen 發表於 2006-1-15 12:06 PM

WHAT ABOUT THIS
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurentVersion\\Policies\\Explores
“No Save Setting”若1 ,改為0

pop-up,maybe this one
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001. exe"

#12嗰幾個software,知唔知係咩嚟。

[[i] Last edited by gergermen on 2006-1-15 at 12:13 PM [/i]]

147ak477 發表於 2006-1-15 12:13 PM

**** 作者被禁止或刪除 內容自動屏蔽 ****

gergermen 發表於 2006-1-15 12:31 PM

REG:system.ini: Shell=explorer. exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001. exe"
HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001. exe"
——喺註冊表同呢個文件del曬佢。如果唔知,用HIJACKTHIS修復

HKLM\..\Run: [drsmartloadb] c:\\drsmartloadbfilter-031 —— 有冇掃過毒,呢個亦有可能,入註冊表,DEL咗呢項。

Winlogon Notify: Installer - C:\WINDOWS\system32\irl6l53s1.dll —— 呢個不少少懷疑?但唔肯定

147ak477 發表於 2006-1-15 12:49 PM

**** 作者被禁止或刪除 內容自動屏蔽 ****

147ak477 發表於 2006-1-15 03:26 PM

**** 作者被禁止或刪除 內容自動屏蔽 ****

gergermen 發表於 2006-1-15 03:53 PM

[quote]Originally posted by [i]147ak477[/i] at 2006-1-15 15:26:
still have popo-ups [/quote]

唔係啩~~~:o

CAP張圖睇下(下面幾張)

彈出嚟嘅係咩內容/ TASK MANAGER /  
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\启动

OR
用HIJACKTHIS再掃一次

[[i] Last edited by gergermen on 2006-1-15 at 03:58 PM [/i]]

頁: [1] 2 3

Powered by Discuz! Archiver 7.0.0  © 2001-2009 Comsenz Inc.