<<新主題 | 舊主題>>
娛樂滿紛 26FUN » 電腦區 » Help from spyware infection
返回列表 回復 發帖
最好先唔好上網住,暫時關閉系統還原(若有開嘅話),開機時按“F5”,將隱含文件全部先顯示出嚟,等清完毒,再隱藏返。
1、先試下用殺毒軟件睇下可唔可以清除
殺毒軟件全機掃一次

2、上面方法唔得,再人手刪除佢
按 kingwong 講用HIJACKTHIS修復下面呢個同上面我講嗰兩個(竟然冇留意到呢項=.=)
O4 - HKLM\..\Run: [MS Messenger] C:\WINDOWS\msm. exe

跟住手工刪除下面呢啲(記得睇下HOST使唔使改)
DEL(呢幾個要徹底刪除,如果刪唔到,試下用上面講先regsvr32 /u 文件名,再刪)
C:\windows\system32\SSock32.dll
C:\WINDOWS\msm. exe
Regsock32. exe & ssocks5.dll: 一係 C:\windows\system32\,or 一係 C:\windows\
——開始——查找(或只有桌面冇打開窗口時按“F3”),輸入ssock32.*,msn.*,ssocks5.*,regsock32.*,位置選C:或所有分區(all driver)/我的電腦
del(入註冊表)
[quote]HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-000000000004}
  HKEY_CLASSES_ROOT\HTMLEdit.SSocks32
  HKEY_CLASSES_ROOT\HTMLEdit.SSocks32.1
  HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
  HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks32
  HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks32.1
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{000000000004}

HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5
HKEY_CLASSES_ROOT\HTMLEdit.SSocks5.1
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5
HKEY_LOCAL_MACHINE\Software\CLASSES\HTMLEdit.SSocks5.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951A}[/quote]
暫時關閉系統還原(若有開嘅話),開機時按“F5”
but still cannot enter safe mode
i use win XP

when i reboot ,, it first show toshiba , then window XP ( loading screen). then log in screen
when shall i press F5
entered saft mode
disable 系統還原
set show hidden files

hijackthis remove O 17 and O4

scan norton ( nothing  wrong detected! , even the file last time)

search but cannot find all the files:
C:\windows\system32\SSock32.dll
C:\WINDOWS\msm. exe
Regsock32. exe & ssocks5.dll

also all the things in the registry inside the quote cannot be find
still have pop up
after i connect to internet
microsoft anti-spyware detected the contextplus.com wants to modify the windows host file and i click block it


an add pop up in IE, but cannot load

then my toolbar style suddenly changed , from blue XP style to classic grey style and warning windoe ( cannot find power(sth else in the name) .dll ) and rebooted!
sorry~~~~is press F8
As your computer restarts but before Windows launches, press F8
first show toshiba ,press F8
select safe made with network,but you no need to use network
http://filehost.to/files/2005-11-30_02/102358_faeuste_ballen.gif
http://filehost.to/files/2005-11-30_02/102807_vtffani.gif
http://www3.filehost.to/files/2006-02-22_01/055823_00000001.gif
Originally posted by gergermen at 2006-1-18 12:25 AM:
sorry~~~~is press F8
As your computer restarts but before Windows launches, press F8
first show toshiba ,press F8
select safe made with network,but you no need to use network
你好少可咁夜喎
seems to fix , using another method from another forum
but thanks anyway
especially gergermen!!!
what method~~~~

can you tell me?
http://filehost.to/files/2005-11-30_02/102358_faeuste_ballen.gif
http://filehost.to/files/2005-11-30_02/102807_vtffani.gif
http://www3.filehost.to/files/2006-02-22_01/055823_00000001.gif
download a program called l2mfix, and clean up using the programme
(but i do not know what it does, i just enter the command to make it fix :-))
返回列表 回復 發帖
<<新主題 | 舊主題>>
娛樂滿紛 26FUN » 電腦區 » Help from spyware infection

重要聲明:26fun.com為一個討論區服務網站。本網站是以即時上載留言的方式運作,26fun.com對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意見,並非本網站之立場,用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者發現有留言出現問題,請聯絡我們。26fun.com有權刪除任何留言及拒絕任何人士上載留言,同時亦有不刪除留言的權利。切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。