ding
2003-03-30, 06:20 PM
我的電腦中了PWSteal Trojan,該如何解 ? 我有使用Trojan remover,但掃描完電腦發現幾個地方有問題,
且其將某些檔案做了處理.
1. Key=Igg
ImagePath=C:\WINNT\system32\MDS.exe
改成 MDS.ex$
2. Error trying to process C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" for Trojans
Key=MDM
ImagePath="C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" - this reference has benn left in place
3. Error trying to process C:\WINNT\Fonts\PLUGINS\update.exe" for Trojans
Key=r server
ImagePath="C:\WINNT\Fonts\PLUGINS\update.exe" /service - this reference has been left in place
掃完重開機後,
使用terminal service 依然無法簽入,且畫面會出現無法登入使用者介面DLL kernelcode.dll, 請置換DLL 或更換為原來的DLL
且主機開機時會 Show 至少有一件週邊設備或驅動程式產生錯誤.
另外,再用norton antivirus來掃時,發現更多
Backdoor.Fluxay , Backdoor.Trojan 於
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\PipeCmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\ControlService.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\FluxaySensor.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqIRcmd\SqIRcmd_Express\sqIrcmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqIRcmd\SqIRCmd_Normal\SqIrcmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\sqIrcmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Tools\IIS5Hack.exe
PWSteal.Trojan 於
C:\WINNT\Help\InstGina.exe
C:\WINNT\Help\Kernelcode.dll
C:\WINNT\system32\Kernelcode.dll
我要如何處理才能清掉這些呢?
此外,我用 the cleaner3 來掃時,出來的訊息為 :
FILE: C:\pagefile.sys
PROBLEM: I could not scan this file. Error Code 32: "程序無法存取檔案,因為檔案正由另一個程序使用。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\Fluxay47.exe
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\PipeCmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay47.exe
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\ControlService.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\FluxaySensor.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\PipeCmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqlRcmd\SqlRCmd_Express\sqlrcmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqlRcmd\SqlRCmd_Normal\sqlrcmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\sqlrcmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Tools\IIS5Hack.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\WINNT\Help\InstGina.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\WINNT\Help\Kernelcode.dll
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\WINNT\regedit.exe
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\WINNT\system32\CMD.EXE
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\WINNT\system32\inetsrv\MetaBase.bin
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\WINNT\system32\Kernelcode.dll
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
有沒有人可以幫忙呢? 快瘋了
贊助商連結
且其將某些檔案做了處理.
1. Key=Igg
ImagePath=C:\WINNT\system32\MDS.exe
改成 MDS.ex$
2. Error trying to process C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" for Trojans
Key=MDM
ImagePath="C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" - this reference has benn left in place
3. Error trying to process C:\WINNT\Fonts\PLUGINS\update.exe" for Trojans
Key=r server
ImagePath="C:\WINNT\Fonts\PLUGINS\update.exe" /service - this reference has been left in place
掃完重開機後,
使用terminal service 依然無法簽入,且畫面會出現無法登入使用者介面DLL kernelcode.dll, 請置換DLL 或更換為原來的DLL
且主機開機時會 Show 至少有一件週邊設備或驅動程式產生錯誤.
另外,再用norton antivirus來掃時,發現更多
Backdoor.Fluxay , Backdoor.Trojan 於
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\PipeCmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\ControlService.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\FluxaySensor.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqIRcmd\SqIRcmd_Express\sqIrcmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqIRcmd\SqIRCmd_Normal\SqIrcmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\sqIrcmd.exe
C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Tools\IIS5Hack.exe
PWSteal.Trojan 於
C:\WINNT\Help\InstGina.exe
C:\WINNT\Help\Kernelcode.dll
C:\WINNT\system32\Kernelcode.dll
我要如何處理才能清掉這些呢?
此外,我用 the cleaner3 來掃時,出來的訊息為 :
FILE: C:\pagefile.sys
PROBLEM: I could not scan this file. Error Code 32: "程序無法存取檔案,因為檔案正由另一個程序使用。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\Fluxay47.exe
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\PipeCmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay47.exe
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\ControlService.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\FluxaySensor.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\PipeCmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqlRcmd\SqlRCmd_Express\sqlrcmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqlRcmd\SqlRCmd_Normal\sqlrcmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\sqlrcmd.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Tools\IIS5Hack.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\WINNT\Help\InstGina.exe
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\WINNT\Help\Kernelcode.dll
PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"
SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.
FILE: C:\WINNT\regedit.exe
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\WINNT\system32\CMD.EXE
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\WINNT\system32\inetsrv\MetaBase.bin
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
FILE: C:\WINNT\system32\Kernelcode.dll
PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"
SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.
有沒有人可以幫忙呢? 快瘋了
贊助商連結