引用 | 編輯
mowshow
2005-05-07 11:29 |
樓主
▼ |
||
x0
我的電腦好像中毒了出現已被病毒Trojan-PSW.win32.Lineage.ef感染 並說無法刪除.此動作對於賦予壓縮檔的類型是禁止的 請問誰能幫幫我教我把他刪除 x0
|
引用 | 編輯
ddtny
2005-05-07 15:32 |
1樓
▲ ▼ |
2個網站~
賽門鐵克: http://www.symantec.com.tw/ 趨勢: http://www.trendmicro.com/tw/home/enterprise.htm 去賽門鐵克找了一下.只有最接近的"PWSteal.Lineage"有關說明.(有的是英文,有的是日文.沒中文慘念) 會有以下動作: 1.病毒本身會copy到以下的程式上... %ProgramFiles%\rundll32.exe %ProgramFiles%\explorer.exe %ProgramFiles%\Internat.exe %Windir%\rundll32.exe %Windir%\Internat.exe 針對不同版本會有不同表示... Notes: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP)or C:\Winnt (Windows NT/2000). %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP) %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files. The genuine Microsoft "rundll32.exe" exists in %system%. The genuine Microsoft "Internat.exe" exists in %system%. The genuine Microsoft "explorer.exe" exists in %windir%. 2.Adds one of the following values: "[Random Name]" = "%ProgramFiles%\rundll32.exe" "[Random Name]" = "%ProgramFiles%\explorer.exe" "[Random Name]" = "%ProgramFiles%\Internat.exe" "[Random Name]" = "%windir%\rundll32.exe" "[Random Name]" = "%windir%\Internat.exe" 最好把機碼也清一清.. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 3.生成檔案%system%\htdll.dll 4.把收集來的Lineage密碼寄出 pchome.com.tw tom.com 163.com 驅除方法: 1.把系統復原機能關掉 (因為系統會自動修復刪除的檔案,但這刪除的檔案裏面有可能含有病毒,暫時關掉吧) 2.更新最新防毒程式病毒碼 3.進入安全模式 4.全系統scan,把檢出的病毒全部砍掉 5.Reverse the changes made to the registry.(我不會翻><"sorry) 希望有幫到你... x0 |