請問TROJ DYFUCA.F 這支病毒??【求助】



贊助商連結


masterpiece
2003-08-12, 09:15 AM
各位先進
我電腦前些時後發現了一隻病毒叫作 TROJ DYFUCA.F
但PC-cillin無法掃徐, 無法隔離
畫面如下..
請問它是那支病毒? 我在pc-cillin站上也查不到
我該怎麼解決呢?
對我電腦是否有重大影響?

贊助商連結


siliva
2003-08-13, 12:21 AM
This is a Trojan downloader program that has the ability to download updates of itself whenever there are available. It displays this End-User License Agreement window:

It runs on Windows 95, 98, ME, NT, 2000 and XP.

解決方案:



Terminating the Malware Program

This procedure terminates the running malware process from memory.

Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs*, locate the processes:
OPTIMIZE.EXE
ACTALERT.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 95/98/ME, Windows Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
Internet Optimizer = C:\Program Files\Internet Optimizer\optimize.exe
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.

Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as TROJ_DYFUCA.F. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micros free online virus scanner.

趨勢科技為企業及個人電腦提供best-of-breed 防毒及資訊安全解決方案.

720830
2003-08-13, 03:32 PM
我也中摟---但我的英文程度不好你可以直接告訴我怎麼解決嗎----麻煩你---

杯子
2003-08-13, 03:57 PM
趨勢科技有關troj_dyfuca.f網址如下
http://www.trendmicro.com/vinfo/zh-tw/virusencyclo/default5.asp?VName=TROJ_DYFUCA.F

masterpiece
2003-08-13, 11:34 PM
[QUOTE]最初由 siliva 發表
[B]This is a Trojan downloader program that has the ability to download updates of itself whenever there are available. It displays this End-User License Agreement window:

It runs on Windows 95, 98, ME, NT, 2000 and XP.

解決方案:

不好意思, 將您的引言切了, 怕暫用太多空間
真的很感謝你的協助
我己成功將之清除
不過後來在下載東西後, 不小心不佑什麼時後又中了類似這支病毒
不過這時我的防毒軟體己經可以把它隔離了吧, 我猜
因為我又掃了一次沒掃到

但想請問, 這是因為我在下載東西而中的毒嗎?
謝謝

ericlien
2003-08-14, 02:18 AM
1.養成好習慣下載檔案後用防木馬程式掃一掃吧
2.有可能若是用edonkey等下載回來的東西最好小心些

siliva
2003-08-14, 02:17 PM
Dear masterpiece :

您好!TROJ DYFUCA.F
是一種惡意程式, 它可能會收集您所去過的網址紀錄回報或將您的瀏覽器導向其預設之網頁或植入某些名為"最佳化....."等吸引人click之程式而此類型virus各家防毒軟體會對其有不同之認知.可能有些認定為病毒;有些則否
但最重要的是
建議您不妨在下載軟體時(例如果您使用fleshget下載,那您可在選項 勾選當下載完成後使用您的防毒軟體檢查)

1.養成良好習慣勿任意下載程式執行
2.您可使用windows protect files function來確保您的windows system file為正確版本
3.就您所中的此TROJ DYFUCA.F virus它在您下載時會跳出
End-User License Agreement window
詢問您是否安裝,
而顯然您就點選yes , so .......您便安裝了......

另外以下聯結是來自mcafee對 DyFuCA virus的判讀,在下面原文中亦敘訴了此類病毒亦有可能透過 mail , ICQ and AIM messages 作為傳遞媒介

http://vil.nai.com/vil/content/v_100486.htm

This program is detected as a "potentially unwanted application".
This is a program, that when active on a computer, can display pop-up advertising, and may also redirect browsers to websites controlled by the makers of this program. The EULA also allows updates and further programs to be installed on a computer running this application.

It may also send mail and ICQ and AIM messages promoting the software.

Files known to be involved with this application are:

COMEDY.EXE
NEM211.DLL (the "211" might vary in other versions)
OPTIMIZE.EXE
VIEW-M~1.EXE
Known variants will add a registry key under
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run under the name DyFuCA or "DyFuCA Active Alerts"
The detection of this type of files is not automatically activated. Users who would like to check for the presence of this kind of files on their system should run the command line scanner with the /PROGRAM switch. Please note that VirusScan 7 has also an option, which enables users to detect this kind of program automatically (see below).

masterpiece
2003-08-14, 07:47 PM
最初由 siliva 發表
Dear masterpiece :

2.您可使用windows protect files function來確保您的windows system file為正確版本


您好!
我想請問. windows protect files function怎麼開啟?
謝謝

siliva
2003-08-14, 11:15 PM
系統檔案檢查員
「系統檔案檢查程式 」(sfc.exe) 是指令行公用程式,重新啟動電腦之後,它可以掃描及驗證所有受保護系統檔案的版本。如果「系統檔案檢查程式」發現已經覆寫了受保護的檔案,則會從 %systemroot%\system32\dllcache 資料夾擷取正確的檔案版本,然後取代不正確的檔案。

語法:

sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/quiet] [/enable] [/purgecache] [/cachesize=x]

參數:

/scannow
立即掃描所有受保護的系統檔案。

/scanonce
將所有受保護的系統檔案掃描一次。

/scanboot
每次電腦重新啟動時,掃描所有受保護的系統檔案。

/cancel
取消受保護系統檔案的所有擱置掃描。

/quiet
取代全部不正確的檔案版本,而不提示使用者。

/enable
將 [Windows 檔案保護] 還原到預設操作,當偵測出不正確的檔案版本時,提示使用者還原受保護的系統檔案。

/purgecache
清除 [Windows 檔案保護] 檔案快取,並立即掃描所有受保護的系統檔案。

/cachesize=x
以 MB 為單位設定 [Windows 檔案保護] 檔案快取的大小。

附註

您必須以系統管理員登入,或以 Administrators 群組成員登入,才能執行「系統檔案檢查員」。
如果 %systemroot%\system32\dllcache 資料夾損毀或無法使用,請使用 Sfc /scannow、Sfc /scanonce 或 Sfc /scanboot,以修復 Dllcache 目錄的內容。


決定 Windows 檔案保護何時掃描受保護的檔案。這項原則會指示 Windows 檔案保護列舉並掃描所有變更的系統檔案。您可以使用這項原則來指示 Windows 檔案保護更加頻繁地掃描檔案。預設值只有在安裝期間才掃描檔案。

如果您要使用這項原則,請啟用原則並從 "掃描頻率" 方塊中選取一個頻率。

-- "啟動期間不要掃描" 是預設的,只有在安裝期間才掃描檔案。

-- "啟動時掃描" 會在您每次啟動 Windows 2000 時掃描檔案。這個設定會延遲每次的啟動。

-- "掃描一次" 會在您下次啟動系統時掃描檔案。

請注意: 這項原則只會影響檔案的掃描,它並不影響由 Windows 檔案保護所提供的標準在背景中偵測檔案變更。