Ukuhumusha I-Log Data Ukuze Usize Susa i-Spyware kanye nabaHlengi beziphequluli
UkuqhaqhaLokhu kuyithuluzi lamahhala kusuka ku-Trend Micro. Ekuqaleni lakhiwa nguMerijn Bellekom, umfundi waseThe Netherlands. Isofthiwe yokususa i-spyware njenge-Adaware noma i-Spybot S & D yenza umsebenzi omuhle wokuthola nokususa izinhlelo eziningi ze-spyware, kodwa ezinye izisulu ze-spyware neziphequluli azikhohlisi ngisho nalezi zinsiza ezinkulu zokulwa ne-spyware.
Ukuthunjwa Lokhu kubhaliwe ngokuqondile ukubona nokususa isiphequluli se-browser, noma isofthiwe esithatha isiphequluli sakho sewebhu, ishintsha ikhasi lakho elizenzakalelayo le-injini yokusesha nezinye izinto ezinonya. Ngokungafani nesofthiwe evamile yokulwa ne-spyware, ukuthungatha Lokhu akusebenzisi ama-signatures noma kuhlose noma yiziphi izinhlelo ezithile noma i-URL ukuthola nokuvimbela. Kunalokho, iHijackLokhu kubheka izinkomba nezindlela ezisetshenziswe i- malware ukuthelela isistimu yakho bese uqondisa kabusha isiphequluli sakho.
Akuwona konke okubonakalayo ku-HijackLezi izingodo izinto ezimbi futhi akufanele zisuswe sonke. Eqinisweni, ngokuphambene kakhulu. Kuqinisekisiwe ukuthi ezinye zezinto ezitholakala ku-Hijack yakhoLezi izingodo zizoba isofthiwe esemthethweni futhi zisuse lezo zinto zingathinteka kakhulu uhlelo lwakho noma lunikeze ngokuphelele. Ukusebenzisa i-HijackLokhu kufana nokuhlela i- Windows Registry ngokwakho. Akuyona i-rocket isayensi, kodwa kufanele nakanjani ungenzi ngaphandle kwesiqondiso somchwepheshe ngaphandle uma wazi ngempela okwenzayo.
Uma usufaka i-HijackThis bese uyigijima ukuze udale ifayela logi, kunezinkundla ezihlukahlukene nezindawo lapho ungathumela khona noma ulayishe idatha yakho yelogi. Ochwepheshe abakwazi ukuthi bangabheka bangakusiza ukuthi uhlaziye idatha yelogi bese ukukwazisa ukuthi yiziphi izinto ongazisusa nokuthi yiziphi ozishiya yedwa.
Ukulanda inguqulo yamanje ye-HijackLokhu, ungavakashela isayithi elisemthethweni ku-Trend Micro.
Nansi ukubuka kabanzi kwe-HijackLokhu okufakwayo kwelogi ongayisebenzisa ukuze ufinyelele kolwazi olufunayo:
- R0, R1, R2, R3 - Ama-URL we-Internet Explorer Qala / Usesho lwamakhasi
- F0, F1 - Izinhlelo zokulayisha ngokuzenzakalela
- I-N1, N2, N3, N4 - I-Netscape / Mozilla Qala / amakhasi we-Usesho ama-URL
- I-O1 - AmaHhovisi amafayela aqondisa kabusha
- I-O2 - Izinto Zokusiza Isiphequluli
- Ama-toolbar we-O3 - i-Inthanethi Explorer
- O4 - Ukulayisha ngokuzenzakalelayo izinhlelo ezivela kwi-Registry
- I-O5 - IE Izinketho zezinketho ezingabonakali ku-Panel Yokulawula
- O6 - IE Izinketho zokukhetha zivinjelwe nguMlawuli
- I-O7 - Ukufinyelela kwe-Regedit kuvinjelwe uMlawuli
- O8 - Izinto ezingeziwe ku-IE imenyu yokuchofoza ngakwesokudla
- O9 - Izinkinobho ezingeziwe kubha yamathuluzi yenkinobho ye-IE eyinhloko, noma izinto ezingaphezulu kwimenyu ye-IE 'Amathuluzi'
- I-O10 - I-Winsock isigelekeqe
- I-O11 - Iqembu elengeziwe ku-IE 'Izinketho Eziphambili'
- Ama-plugin we-O12-IE
- O13 - IE DefaultPrefix hijack
- O14 - 'Hlela kabusha i-hijack'
- O15 - Indawo engadingeki ku-Trusted Zone
- I-O16 - I-ActiveX Objects (Amafayela Ohlelo Olulandwayo Loku)
- O17 - Izigebengu zesizinda se-Lop.com
- O18 - Izivumelwano ezingeziwe kanye nezigebengu ze-protocol
- I-O19 - I-hijack yomshicileli wesitayela somsebenzisi
- I-O20 - AppInit_DLLs I-Registry value authoriun
- I-O21 - ShellServiceObjectDelayLoad Registry keyun key
- O22 - I-autorun key ye-Registry SharedTaskScheduler
- I-O23 - Izinhlelo ze-Windows NT
R0, R1, R2, R3 - IE amakhasi Okuqala Nokusesha
Okubukeka sengathi:
I-R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Ikhasi Lokuqala = http://www.google.com/
I-R1 - HKLM \ Software \ Microsoft \ InternetExplorer \ Main, Default_Page_URL = http://www.google.com/
R2 - (lolu hlobo alusetshenzisiwe yi-HijackLokho okwamanje)
I-R3 - I-URL engalungileI-SearchHook ayitholakali
Okufanele ngikwenze:
Uma ubona i-URL ekupheleni njengekhasi lakho eliyisiqalo noma injini yokusesha, kulungile. Uma ungayitholi, hlola futhi ube ne-HijackLokhu kulungisa. Ngezinto ezingu-R3, zilungise ngaso sonke isikhathi ngaphandle kokuthi ikhulume ngohlelo owaziwayo, njengeCopernic.
F0, F1, F2, F3 - Ukulayisha ngokuzenzakalelayo izinhlelo ezivela kumafayela we-INI
Okubukeka sengathi:
I-F0 - system.ini: Shell = Explorer.exe Openme.exe
F1 - win.ini: run = hpfsched
Okufanele ngikwenze:
Izinto ze-F0 zihlala zimbi njalo, ngakho zilungise. Izinto ze-F1 ngokuvamile ziyizinhlelo ezindala kakhulu eziphephile, ngakho kufanele uthole ulwazi oluthe xaxa kwigama lokufaka igama ukuze ubone ukuthi kuhle noma kubi. Uhlu lwe-Pacman's Startup lungasiza ngokukhomba into.
N1, N2, N3, N4 - Netscape / Mozilla Qala & amp; Ikhasi lokusesha
Okubukeka sengathi:
I-N1 - Netscape 4: umsebenzisi_pref "isiphequluli.startup.homepage", "www.google.com"); (C: \ Uhlelo Lamafayela \ Netscape \ Abasebenzisi \ okuzenzakalelayo \ prefs.js)
I-N2 - Netscape 6: umsebenzisi_pref ("browser.startup.homepage", "http://www.google.com"); (C: \ Imibhalo kanye nezilungiselelo \ Umsebenzisi \ Application Data \ Mozilla \ Profiles \ defaulto9t1tfl.slt \ prefs.js)
I-N2 - Netscape 6: umsebenzisi_pref ("browser.search.defaultengine", "injini: //C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C: \ Imibhalo kanye nezilungiselelo \ Umsebenzisi \ Application Data \ Mozilla \ Profiles \ defaulto9t1tfl.slt \ prefs.js)
Okufanele ngikwenze:
Ngokuvamile ikhasi lasekhaya le-Netscape ne-Mozilla kanye nekhasi lokusesha liphephile. Abavami ukuthunjwa, i-Lop.com kuphela eyaziwa ukwenza lokhu. Uma ubona i-URL ongayiboni njengekhasi lakho eliyisiqalo noma ikhasi lokusesha, yiba ne-HijackLokhu kulungisa.
O1 - Ukubuyiswa kwe-Hostsfile
Okubukeka sengathi:
O1 - AmaHhovisi: 216.177.73.139 auto.search.msn.com
O1 - AmaHhovisi: 216.177.73.139 search.netscape.com
O1 - AmaHhovisi: 216.177.73.139 ieautosearch
Ifayela le-O1 - I-Hosts lisendaweni ye-C: \ Windows \ Help \ hosts
Okufanele ngikwenze:
Lesi sigeleko sizoqondisa kabusha ikheli ngakwesokudla ekhelini le-IP ngakwesobunxele. Uma i-IP engeyona ikheli, uzoqondiswa kusayithi elingalungile njalo uma ufaka ikheli. Ungahlala u-HijackLokhu kulungiselela lokhu, ngaphandle kokuthi wazi ngokucacile leyo migqa kwifayili yakho yamaHhovisi.
Into yokugcina ngezinye izikhathi ivela ku-Windows 2000 / XP nge-infection ye-Coolwebsearch. Njalo lungisa le nto, noma ube ne-CWShredder ukuyilungisa ngokuzenzekelayo.
I-O2 - Izinto Zokusiza Isiphequluli
Okubukeka sengathi:
O2 - BHO: Yahoo! Umngane we-BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C: \ IZIPHUMA ZENQUBO \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
I-O2 - BHO: (ayikho igama) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C: \ I-FILES FILES \ POPUP EPHELA \ AUTODISPLAY401.DLL (ifayili engekho)
I-O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C: \ IZIPHUMA ZENKULUMO \ IZIMPILO ZOKUSEBENZA \ ME1.DLL
Okufanele ngikwenze:
Uma ungaqapheli ngokuqondile igama le-Object Helper, sebenzisa uhlu lwe-BHO ne-Toolbar lwe-TonyK ukuze uluthole nge-ID yocingo (CLSID, inombolo ephakathi kwamakaki abalukiweyo) bese ubona ukuthi kuhle noma kubi. Kuhlu lwe-BHO, i-'X 'isho ukuthi i-spyware ne-'L' isho ephephile.
Ama-toolbar we-O3 - IE
Okubukeka sengathi:
O3 - Ibha yamathuluzi: & Yahoo! Umlingani - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: \ IZIPHUMA ZENQUBO \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
I-O3 - Ibha yamathuluzi: I-Eliminator ye-Popup - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C: \ I-FILES FILES \ POPUP EPHELA \ PETOOLBAR401.DLL (ifayili engekho)
O3 - Ibha yamathuluzi: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C: \ WINDOWS \ APPLICATION DATA \ CKSTPRLLNQUL.DLL
Okufanele ngikwenze:
Uma ungaqapheli ngokuqondile igama lesigcawu samathuluzi, sebenzisa uhlu lwe-TonyK's BHO & Uhlu lwamathuluzi ukuze uluthole nge-ID yocingo (CLSID, inombolo ephakathi kwamakaki aphethiwe) bese ubona ukuthi kuhle noma kubi. Uhlu lwe-Toolbar, 'X' lisho ukuthi i-spyware ne-'L 'isho ephephile. Uma kungewona ohlwini futhi igama libonakala luchungechunge olungahleliwe lwezinhlamvu futhi ifayela lisefolda 'yeDatha yedatha' (njengeyokugcina kulezi zibonelo ezingenhla), mhlawumbe i-Lop.com, futhi ngokuqinisekile kufanele ube ne-HijackLokhu kulungisa it.
O4 - Ukulayisha ngokuzenzakalelayo izinhlelo ezivela kwiRegistry noma iqembu lokuqalisa
Okubukeka sengathi:
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Kwabiwa \ ccApp.exe"
I-O4 - Ukuqalisa: I-Microsoft Office.lnk = C: \ Uhlelo Lamafayela \ Microsoft Office \ Office \ OSA9.EXE
I-O4 - I-Global Startup: winlogon.exe
Okufanele ngikwenze:
Sebenzisa uhlu lwe-PacMan's Startup ukuze uthole ukungena bese ubona ukuthi kuhle noma kubi.
Uma le nto ibonisa uhlelo ehlezi eqenjini lokuqalisa (njengezinto zokugcina ezingenhla), i-hijackLokhu akukwazi ukulungisa into uma lolu hlelo lusasesikhumulweni. Sebenzisa i-Windows Task Manager (TASKMGR.EXE) ukuvala inqubo ngaphambi kokulungisa.
Izinketho ze-O5 - IE ezingabonakali ku-Panel Yokulawula
Okubukeka sengathi:
O5 - control.ini: inetcpl.cpl = cha
Okufanele ngikwenze:
Ngaphandle kokuthi wena noma umlawuli wakho wesistimu uye wazifihla ngokucacile isithonjana kusuka ku-Control Panel, yiba ne-HijackLokhu kulungisa.
O6 - IE Izinketho zokukhetha zivinjelwe nguMlawuli
Okubukeka sengathi:
I-O6 - HKCU \ Software \ Izinqubomgomo \ Imithombo ye-Microsoft \ Internet Explorer \ ikhona
Okufanele ngikwenze:
Ngaphandle kokuthi unenketho ye - Spybot S & D 'Khiya ikhasi lasekhaya kusuka ekushintsheni' lisebenza, noma umlawuli wakho wesistimu ufake lokhu, yiba neHjackLokhu kulungise lokhu.
I-O7 - Ukufinyelela kwe-Regedit kuvinjelwe uMlawuli
Okubukeka sengathi:
I-O7 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Izinqubomgomo \ Isistimu, Khubaza iRegedit = 1
Okufanele ngikwenze:
Hlala u-HijackLokhu kulungise lokhu, ngaphandle kokuthi umlawuli wakho wesistimu abeke lo mkhawulo endaweni.
O8 - Izinto ezingeziwe ku-IE imenyu yokuchofoza ngakwesokudla
Okubukeka sengathi:
I-O8 - Into eyengeziwe yemenyu yenkambiso: & Google Usesho - i-res: // C: \ WINDOWS \ DOWNLOADED IMIPHUMA YENKQUBO \ GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL / cmsearch.html
I-O8 - Into eyengeziwe yemenyu yenkathi: Yahoo! Sesha - ifayela: /// C: \ Uhlelo Lamafayela \ Yahoo! \ Common / ycsrch.htm
I-O8 - Into engaphezulu yemenyu yenkathi: Sondeza & C - C: \ WINDOWS \ WEB \ zoomin.htm
I-O8 - Into engaphezulu yemenyu yenkathi: Sondeza u-O & ut-C: \ WINDOWS \ WEB \ zoomout.htm
Okufanele ngikwenze:
Uma ungaqapheli igama lento kumenyu yokuchofoza ngakwesokudla ku-IE, yiba ne-HijackLokhu kulungisa.
O9 - Izinkinobho ezengeziwe kubha yamathuluzi e-IE enkulu, noma izinto ezengeziwe ku-IE & # 39; Amathuluzi & # 39; imenyu
Okubukeka sengathi:
O9 - Inkinobho eyengeziwe: I-Messenger (HKLM)
I-O9 - I-Extra 'Tools' menuitem: I-Messenger (HKLM)
O9 - Inkinobho eyengeziwe: AIM (HKLM)
Okufanele ngikwenze:
Uma ungaqapheli igama lenkinobho noma into yemenyu, yiba ne-HijackLokhu kuyilungisa.
O10 - Abaqashi be-Winsock
Okubukeka sengathi:
I-O10 - Ukutholakala kwe-intanethi ngokuphangwa nge-New.Net
I-O10 - Ukufinyelela kwe-Intanethi ephukile ngenxa ye-LSP umhlinzeki 'c: \ progra ~ 1 \ ovamile ~ 2 \ ibha yamathuluzi \ cnmib.dll' engekho
I-O10 - Ifayela elingaziwa ku- Winsock LSP: c: \ files files \ newton uyazi \ vmain.dll
Okufanele ngikwenze:
Kungcono ukulungisa lokhu usebenzisa i-LSPFix ku-Cexx.org, noma i-Spybot S & D evela ku-Kolla.de.
Qaphela ukuthi amafayela 'angaziwa' esitokisini se-LSP ngeke agcinwe yi-HijackLokhu, ngezinkinga zokuphepha.
I-O11 - Iqembu elengeziwe ku-IE & # 39; Izinketho ezithuthukisiwe & # 39; iwindi
Okubukeka sengathi:
I-O11 - Iqembu lokukhetha: [CommonName] CommonName
Okufanele ngikwenze:
I-hijacker kuphela njengaleyo manje enezela iqembu layo lokukhetha kwi-IE Advanced Options iwindi yi-CommonName. Ngakho ungahlala u-HijackLokhu kulungisa lokhu.
Ama-plugin we-O12-IE
Okubukeka sengathi:
I-O12 - I-Plugin ye-.spop: C: \ Izinhlelo Zamafayela \ I-Internet Explorer \ Plugins \ NPDocBox.dll
I-O12 - I-plugin yePDF: C: \ Uhlelo lweFiles \ Internet Explorer \ PLUGINS \ nppdf32.dll
Okufanele ngikwenze:
Isikhathi esiningi lezi ziphephile. I-OnFlow kuphela yengeza i-plugin lapha ongafuni (.ofb).
O13 - IE DefaultPrefix hijack
Okubukeka sengathi:
I-O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
O13 - Isiqalo se-WWW: http://prolivation.com/cgi-bin/r.cgi?
O13 - WWW. Isiqalo: http://ehttp.cc/?
Okufanele ngikwenze:
Lezi zimbi njalo. Yiba ne-hijackLokhu ukulungisa.
O14 - & # 39; Setha kabusha izilungiselelo zewebhu & # 39; ukuphanga
Okubukeka sengathi:
O14 - IERESET.INF: START_PAGE_URL = http: //www.searchalot.com
Okufanele ngikwenze:
Uma i-URL engeyona umhlinzeki wekhompuyutha yakho noma i-ISP yakho, yiba ne-hijackLokhu kuyilungisa.
O15 - Amasayithi angafuneki ku-Trusted Zone
Okubukeka sengathi:
I-O15 - Indawo Ethembekile: http://free.aol.com
I-O15 - Indawo Ethembekile: * .coolwebsearch.com
I-O15 - Indawo Ethembekile: * .msn.com
Okufanele ngikwenze:
Esikhathini esiningi nje i-AOL ne-Coolwebsearch yileli engeza amasayithi kwi-Trusted Zone. Uma ungangezanga isizinda esilandelwe ku-Trusted Zone ngokwakho, yiba ne-HijackLokhu kulungisa.
I-O16 - I-ActiveX Objects (Amafayela Ohlelo Olulandwayo Loku)
Okubukeka sengathi:
O16 - DPF: Yahoo! Ingxoxo - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Okufanele ngikwenze:
Uma ungaqapheli igama lento, noma i-URL ilayishwe kusuka, yiba ne-HijackLokhu kukulungiselela. Uma igama noma i-URL iqukethe amagama afana ne-'dayer ',' i-casino ',' i-free_plugin 'njll, nakanjani uyilungise. I-Javacool's SpywareBlaster ine-database enkulu yezinto ezinonya ze-ActiveX ezingasetshenziswa ukubuka i-CLSID. (Chofoza ngakwesokudla ohlwini ukuze usebenzise umsebenzi wokuthola.)
I-O17 - i-Lop.com domain hijacks
Okubukeka sengathi:
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: Domain = aoldsl.net
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = W21944.find-quick.com
O17 - HKLM \ Software \ .. \ Telephony: DomainName = W21944.find-quick.com
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {D196AB38-4D1F-45C1-9108-46D367F19F7E}: Isizinda = W21944.find-quick.com
O17 - HKLM \ System \ CS1 \ Amasevisi \ Tcpip \ Parameters: SearchList = gla.ac.uk
O17 - HKLM \ System \ CS1 \ Amasevisi \ VxD \ MSTCP: NameServer = 69.57.146.14,69.57.147.175
Okufanele ngikwenze:
Uma ngabe lesi sizinda asiveli ku- ISP yakho noma inethiwekhi yenkampani, yiba ne-HijackLokhu kuyilungisa. Okufanayo kuya kokufakiwe kwe- 'SearchList'. Nge-'ServerServer '( amaseva e-DNS ) okufakwayo, i-Google ye-IP noma i-IP futhi kuzoba lula ukubona ukuthi zilungile noma zimbi.
O18 - Izivumelwano ezingeziwe kanye nezigebengu ze-protocol
Okubukeka sengathi:
I-O18 - Iprotocol: izixhumanisi ezihlobene - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ MSIETS \ msielink.dll
I-O18 - Iprotocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
I-O18 - I-projection ye-Protocol: http - {66993893-61B8-47DC-B10D-21E0C86DDCC}
Okufanele ngikwenze:
Abagibeli abambalwa kuphela aboniswa lapha. Ama-Baddies awaziwa yi-'nn '(CommonName),' ayb '(Lop.com) ne'-relatedlinks' (i-Huntbar), kufanele ube ne-HijackLokhu kulungisa lokho. Ezinye izinto ezivelayo aziqinisekisiwe okwamanje, noma ziphangiwe (ie i-CLSID ishintshiwe) yi-spyware. Esikhathini sokugcina, yiba ne-HijackLokhu kukulungiselela.
I-O19 - I-hijack yomshicileli wesitayela somsebenzisi
Okubukeka sengathi:
O19 - Ishidi lesitayela somsebenzisi: c: \ WINDOWS \ Java \ my.css
Okufanele ngikwenze:
Uma kwenzeka ukuhlaziya kwesiphequluli nokuphambuka okuvamile, yiba ne-hijackLokhu kulungisa le nto uma kuboniswa kugijimi. Noma kunjalo, njengoba i-Coolwebsearch kuphela eyenza lokhu, kungcono ukusebenzisa i-CWShredder ukuyilungisa.
I-O20 - AppInit_DLLs I-Registry value authoriun
Okubukeka sengathi:
O20 - AppInit_DLLs: msconfd.dll
Okufanele ngikwenze:
Leli xabiso le-Registry elitholakala ku-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows lilayisha i-DLL ememori lapho umsebenzisi engena ngemvume, emva kwalokho ahlale enkumbulweni kuze kube yi-logoff. Izinhlelo ezimbalwa kakhulu ezisemthethweni ziyisebenzisa (i-Norton CleanSweep isebenzisa i-APITRAP.DLL), ngokuvamile isetshenziselwa ama-trojans noma izigijimi zesiphequluli esibuhlungu.
Uma kwenzeka i-DLL 'efihliwe' ilayishwa kusuka kulolu xabiso loRejista (ebonakalayo kuphela uma usebenzisa i-'Hlela Hlela idatha yeDinary 'kuRededit) igama le-dll lingase lifakwe ngaphambili ngepayipi' | ' ukwenza kube kubonakale kulogi.
O21 - ShellServiceObjectDelayLoad
Okubukeka sengathi:
I-O21 - SSODL - I-AUHOOK - {11566B38-955B-4549-930F-7B7482668782} - C: \ WINDOWS \ System \ auhook.dll
Okufanele ngikwenze:
Lena indlela engavumelekile yokugunyaza, evame ukusetshenziswa yizingxenye ezimbalwa ze-Windows system. Izinto ezibhalwe ku-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ ShellServiceObjectDelayLoad zilayishwe yi-Explorer uma iWindows iqala. UkuziqhenyaLokhu kusebenzisa umhlophe wezinto eziningana ezijwayelekile ze-SSODL, ngakho-ke noma nini lapho into ekhonjiswa kugijimi ayingaziwa futhi mhlawumbe iyingozi. Phatha ngokunakekelwa okukhulu.
O22 - SharedTaskScheduler
Okubukeka sengathi:
I-O22 - SharedTaskScheduler: (ayikho igama) - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c: \ windows \ system32 \ mtwirl32.dll
Okufanele ngikwenze:
Lokhu kuvunyelwe ukungena ngemvume kwe-Windows NT / 2000 / XP kuphela, okusetshenziselwa ngokungajwayelekile kakhulu. Kuze kube manje i-CWS.Smartfinder kuphela isebenzisa. Phatha ngokunakekelwa.
Izinsiza ze-O23 - NT
Okubukeka sengathi:
O23 - Isevisi: Kerio Personal Firewall (PersFw) - Kerio Technologies - C: \ Uhlelo Files \ Kerio \ Personal Firewall \ persfw.exe
Okufanele ngikwenze:
Lona uhlu lwezinsizakalo ezingekho zeMicrosoft. Uhlu kufanele lufane nalokho obonayo ku-Msconfig yesevisi ye-Windows XP. Izigebengu eziningana ze-trojan zisebenzisa isevisi eyenziwe ngokwenziwe ngokwezifiso kwezinye iziqalo zokuzibuyisela zona. Igama eligcwele ngokuvamile libalulekile-ukuzwakala, njengokuthi 'Insizakalo Yezokuphepha Yenethiwekhi', 'Isevisi Yokungena ngemvume Yomsebenzi' noma 'Inqubo Yomzila Wokusekela Umsebenzi,' kodwa igama langaphakathi (phakathi kwabakaki) luyizintambo zenkunkuma, njenge 'Ort'. Ingxenye yesibili yomugqa ingumnikazi wefayela ekupheleni, njengoba kuboniswe ezindaweni zefayela.
Qaphela ukuthi ukulungisa into ye-O23 kuzomisa kuphela isevisi bese uyikhubaza. Isevisi idinga ukususwa ku-Registry ngesandla noma ngenye ithuluzi. Ku-HijackLokhu 1.99.1 noma ngaphezulu, inkinobho ethi 'Susa NT Service' esigabeni seMisc Tools ingasetshenziselwa lokhu.