Re: [中毒] 首頁被綁架&越來越多毒

看板AntiVirus作者 (幹麻誠實 XD)時間15年前 (2008/12/05 22:50), 編輯推噓2(204)
留言6則, 3人參與, 最新討論串2/4 (看更多)
頭昏 好多東西要砍... 不過推測仍然有漏砍的就是 XDD 先試試看吧... 複製下列網址內容 並將其貼在筆記本上 http://sun.cis.scu.edu.tw/~92a39/upload/33661.txt 將此筆記本命名為CFScript.txt 並將此筆記本拖曳至combofix上 有指令就照著做~過程不要動電腦 待他跑完~ 使用hijackthis fix checked下列項次 O2 - BHO: (no name) - {1307E689-5CA1-4a15-9583-F2350790290D} - (no file) O2 - BHO: (no name) - {25E69F5B-3915-454d-BA25-44969D7623CA} - (no file) O2 - BHO: (no name) - {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} - (no file) O2 - BHO: (no name) - {324F1A74-F333-439a-9618-E5D7626FB926} - (no file) O2 - BHO: (no name) - {3DF8DC32-0A8F-47fa-A759-AC792F98C6EC} - (no file) O2 - BHO: archibidll.dll - {5A041F13-A111-12A5-B0CF-F99818AA68A5} - C:\WINDOWS\system32\archibidll.dll O2 - BHO: (no name) - {5F25239B-3850-451f-B4AA-D43932E4B6DE} - (no file) O2 - BHO: (no name) - {5FE5502C-368B-40b7-9E3F-9471393357F4} - (no file) O2 - BHO: Invoke Class - {77C35306-16FD-4f3c-84C5-74EC42F77A50} - C:\WINDOWS\system32\8jxf.dll (file missing) O2 - BHO: (no name) - {7986BE86-4383-4ee1-A5D1-09349F6FCFA7} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9D2EB85F-02FF-4fd6-BD59-B42327B1EA0A} - (no file) O2 - BHO: (no name) - {B9ACAADD-FC2E-4EC4-8E02-9821735C202C} - (no file) O2 - BHO: (no name) - {BCBD80C9-6AD7-48ed-8DF1-6963414B3649} - (no file) O2 - BHO: (no name) - {C9793AF6-1599-483a-A818-D7ED2ED43F96} - (no file) O2 - BHO: (no name) - {D1A7035D-A83C-43d5-8ABF-C50318F2826B} - (no file) O2 - BHO: (no name) - {D44A7C31-7D76-4cce-AB9E-7C0DEE5B8D04} - (no file) O2 - BHO: (no name) - {E41910D2-F838-40d3-AFB2-15F390269C86} - (no file) O2 - BHO: (no name) - {E5DCD408-3090-4d4b-A394-0CBF8C613683} - (no file) O2 - BHO: (no name) - {F305CFA3-5A5D-4d8c-9ACB-7A0B384DE070} - (no file) O4 - HKLM\..\Run: [HBService32] System.exe O4 - HKLM\..\Policies\Explorer\Run: [bqe0] rundll32 "C:\WINDOWS\Downlo~1\bqe0.dll",start O4 - HKLM\..\Policies\Explorer\Run: [7a1] rundll32 C:\WINDOWS\system32\fe1.dll,Always O4 - HKLM\..\Policies\Explorer\Run: [d8bb] rundll32 "C:\WINDOWS\Downlo~1\d8bb.dll",Run O4 - HKLM\..\Policies\Explorer\Run: [8bfa] C:\WINDOWS\system32\8bfa.exe 到c:\windows\Tasks下刪除所有排程 到C:\WINDOWS\system32\drivers\etc下 用筆記本打開hosts 然後全數清除 只留下localhost那行 再清除暫存資料夾 (用ATF-cleaner or CCleaner) 先這樣試試看 (遮 好長 orz -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.115.205.146
12/05 23:12, , 1F
不行,被修改的四個系統服務檔要先替換回來,不然上面作的
12/05 23:12, 1F
12/05 23:12, , 2F
重開個機就全都回去了
12/05 23:12, 2F
12/05 23:22, , 3F
嗯嗯 XDD
12/05 23:22, 3F
12/05 23:23, , 4F
冏..我剛用好說~XD 還是要先跑EFix495??
12/05 23:23, 4F
12/05 23:24, , 5F
就先照j大說的做作看吧 -ˇ- 我得學學怎麼弄 XDD
12/05 23:24, 5F
12/05 23:32, , 6F
原來修復是載新的檔案回去 囧"...
12/05 23:32, 6F
更多 ases0118 的文章
文章代碼(AID): #19EJ-PRf (AntiVirus)
更多 ases0118 的文章
文章代碼(AID): #19EJ-PRf (AntiVirus)