shinebeat
2003-02-18, 12:32 PM
:( :(
我是用 win 2000+IE+NORTON 2002
NORTON顯示在我 C 槽裡的 winnt/system32 有各 iexplore.exe 這個檔案有病
毒,可是那是IE的執行檔,我有看過網路上的說明,似乎是說會有空格
譬如 iexplore .exe 但是我的並沒有呀!!
上了賽門鐵克的網站下載了最新的病毒定義檔也是殺不掉
他說iexplore.exe這個檔案正在執行當中,用工作管理員把他停掉後還是一樣
殺不掉 >.<
救命呀~~~~~
病毒名稱是 Backdoor.Sdbot
贊助商連結
shinebeat
2003-02-18, 02:07 PM
http://www.computing.net/security/wwwboard/forum/3901.html
在這找到似乎可以清除的資訊
不過我實在是看不大懂
哪位大大幫幫忙呀!!
dkjfso
2003-03-06, 03:01 PM
最初由 shinebeat 發表
http://www.computing.net/security/wwwboard/forum/3901.html
在這找到似乎可以清除的資訊
不過我實在是看不大懂
哪位大大幫幫忙呀!!
那篇最後的結論是badnew說,他跟賽門鐵克的人問過了,
最好的解決辦法是,把自己還要的資料備份到存儲媒體上,
然後把硬碟格式化...重灌.....
試試看symantec網頁說明,看看能不能完全解決.如果您已經都做了這些動作,那可能格式化硬碟,再重灌比較能完全解決這困擾.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.b.html
2. Restarting the computer in Safe Mode (Windows 95/98/Me)
Windows 95/98/Me請重新開機並進入安全模式底下,執行norton進行掃毒.
For instructions on restarting your computer in Safe Mode, refer to the document, "How to restart Windows 9x or Windows Me in Safe mode."
如何進入Windows 95/98/Me安全模式.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/1999101916343139
作業系統是Windows NT/2000/XP者,請使用Ctrl+Alt+Delete來停止木馬程式的執行,跳出視窗後找到cnfgldr.exe點選它,並選擇結束處理程序,關掉視窗後,再進行掃毒,將所掃到的病毒將其刪除.
3. Stopping the Trojan process (Windows NT/2000/XP)
a. Press Ctrl+Alt+Delete once.
b. Click Task Manager.
c. Click the Processes tab.
d. Double-click the Image Name column header to alphabetically sort the processes.
e. Scroll through the list and look for cnfgldr.exe.
f. If you find the file, click it, and then click End Process.
g. Close the Task Manager.
4. Scanning with Norton AntiVirus to remove the Trojan
a. Start Norton AntiVirus and make sure that it is configured to scan all the files. For instructions on how to do this, read the document, "How to configure Norton AntiVirus to scan all files."
如何設定norton,進行所有檔案的掃描.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617
b. Run a full system scan.
執行所有系統掃描
c. Delete all the files detected as Backdoor.Sdbot.
刪除偵測到的Backdoor.Sdbot病毒.
5. Editing the registry
編輯登錄檔,並且事先備份.開始->執行->鍵入regedit->開啟下列登錄值之後,按滑鼠右鍵找到Cnfgldr.exe;Sysmon16.exe將其刪除.
CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
如何備份registry:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit, and then click OK. (The Registry Editor opens.)
c. Navigate to each of the following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunServices
d. In the right pane, delete any of the following values that you find, or any value that refers to the file detected as the Trojan:
Configuration Manager Cnfgldr.exe
System Monitor Sysmon16.exe
e. Exit the Registry Editor.