<<新主題 | 舊主題>>
娛樂滿紛 26FUN » 電腦區 » Help from spyware infection
返回列表 回復 發帖
Originally posted by 147ak477 at 2006-1-15 23:40:
(1)
by TEMP, you mean c:\ TEMP
or C:\Documents and Settings\Administrator\Local Settings\Temp?

scan log please change to .log

[ Last edited by 147ak477 on 2006-1-15 at 11:42 PM ]
all~~~記住連隱含嗰啲一並DEL

where is log?
http://filehost.to/files/2005-11-30_02/102358_faeuste_ballen.gif
http://filehost.to/files/2005-11-30_02/102807_vtffani.gif
http://www3.filehost.to/files/2006-02-22_01/055823_00000001.gif
sorry forgot to attach

msconfig.JPG

msconfig.JPG (211.1 KB)
1024 x 768 PIXEL下載

hijackthis.rar (7.3 KB)

all contents in c:\ TEMP deleted
and
C:\Documents and Settings\Administrator\Local Settings\Temp
some files cannot be deleted , other including hidded files are deleted
see attached

temp.JPG

temp.JPG (90.4 KB)
1024 x 768 PIXEL下載

睇過曬,問題係呢兩個,用HIJACKTHIS修復後,最後手工入去呢兩個位置(記住個路徑同啲數字),再CHECK一次,DEL lv0u09d9e.dll(唔係刪咗後入Recycled嗰種,係不可恢復),順手改返HOST
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B69C40C-4719-4BCA-85F7-49A8AFC67880}: NameServer = 205.252.144.28 218.102.23.77
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lv0u09d9e.dll

用殺毒軟件(更新咗個病毒庫先)再全機完整掃一次(用NORTON可能未必查,可以試下其他),懷疑造成呢個問題嘅代碼嵌入咗啲程序度。
http://filehost.to/files/2005-11-30_02/102358_faeuste_ballen.gif
http://filehost.to/files/2005-11-30_02/102807_vtffani.gif
http://www3.filehost.to/files/2006-02-22_01/055823_00000001.gif
Originally posted by gergermen at 2006-1-16 12:32 AM:
睇過曬,問題係呢兩個,用HIJACKTHIS...
非常厲害的電腦博士-隱貓,小弟完全唔明,喵~~喵~~~
O17 --deleted and doesn't  appear anymore

but
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lv0u09d9e.dll
after use hijackthis to fix , still appear, when i manually click delete it
it said other program/user using it , cannot delete

i use norton to scan sometime before and there 's also a .dll ( scanned as a threat) that cannot be deleted.
咁你入SAFE MODE度再睇搞一次
HIJACKTHIS掃一次,手工CHECK一次
NORTON掃一次
開始——執行,REGSVR32 /U lv0u09d9e.dll ,再一次相同命令REGSVR32 /U <norton 掃到有問題又DEL唔到個DLL>
再手工刪一次。

[ Last edited by gergermen on 2006-1-16 at 10:29 AM ]
http://filehost.to/files/2005-11-30_02/102358_faeuste_ballen.gif
http://filehost.to/files/2005-11-30_02/102807_vtffani.gif
http://www3.filehost.to/files/2006-02-22_01/055823_00000001.gif
用HIJACKTHIS修復以下items:

O4 - HKLM\..\Run: [MS Messenger] C:\WINDOWS\msm. exe

Delete the following files:
ssocks5.dll
%systemdir%\SSocks32.dll
Regsock32. exe
MSM. EXE

[ Last edited by kingwong on 2006-1-16 at 06:06 PM ]
Originally posted by kingwong at 2006-1-16 06:03 PM:
用HIJACKTHIS修復以下items:

O4 -...
where can i find these:
ssocks5.dll
%systemdir%\SSocks32.dll
Regsock32. exe
MSM. EXE
Originally posted by gergermen at 2006-1-16 10:09 AM:
咁你入SAFE MODE度再睇搞一次
HIJACK...
how to enter safe mode?
返回列表 回復 發帖
<<新主題 | 舊主題>>
娛樂滿紛 26FUN » 電腦區 » Help from spyware infection

重要聲明:26fun.com為一個討論區服務網站。本網站是以即時上載留言的方式運作,26fun.com對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意見,並非本網站之立場,用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者發現有留言出現問題,請聯絡我們。26fun.com有權刪除任何留言及拒絕任何人士上載留言,同時亦有不刪除留言的權利。切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。