|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2004-07-29, 12:28 PM | #1 |
榮譽會員
|
系統過一會就彈出一個IE視窗去訪問一個站點
Q:
系統過一會就彈出一個IE視窗去訪問一個站點 即使一個IE也不開,它過一會就出來一個IE視窗,去訪問69.20.62.53的一個站點。 ft 用了木馬剋星也不行。只找到了一個inetadpt.dll. 用google找了一下,用LSPFix.exe把它幹掉了,但是問題還是存在。 A: 似乎FlashGET沒有註冊就會談出一個IE視窗 Q: 沒有裝flashget. 而且系統裡面基本沒有可疑行程了。用taskinfo檢視,IE是winlogon.exe 起的。 但是我把有問題的電腦上的winlogon.exe和正常電腦上的比較,一模一樣的。 其中一個廣告在http://www.look2me.com/ A: 不幸的事情發生了,中了look2me 在電腦上不慎安裝了間諜程序 Look2Me (vx2.betterinternet)後 很難清除 。 在國外某軟體論壇上對這個間諜程序有比較多的深入討論和相關工具下載。 http://forums.broadbandmedic.com/cgi.../ikonboard.cgi Look2me Removal Instructions and Help What is Look2Me? Look2Me is an advertising and information network that uses a shell extension to attach itself to Windows and display pop up advertising for its clients. It monitors visited web sites and submits this information to a server. How do I Remove Look2Me? Because the software highly integrates itself with Explorer, it can be hard to remove. Included below is a basic manual removal method for Look2Me as well as an excellent Visual Basic Script that can be run to help remove it. Automatic Removal Program from Look2Me Follow the instructions below to manually remove Look2Me Click on Start, Run, and type REGEDIT and click Ok to start the Registry Editor Now open the Windows Task Manager On Windows 95/98/ME, Press CTRL+ATL+DEL On Windows NT/2000/XP, Press CTRL+ALT+DEL, Select the Task Manager if needed, and click on the Processes tab In the list of programs, click on EXPLORER.EXE and select End Task or End Process. Repeat this procedure until no explorer.exe process is running (The Start Menu, Task Bar, and System Tray will disappear) Select the Registry Editor (you may have to press ALT + Tab) Delete the following registry keys if they exist HKEY_LOCAL_MACHINE \SOFTWARE\Classes\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ShellExtensions \ Approved \ {DDFFA75A-E81D-4454-89FC-B9FD0631E726} Close the Registry Editor Restart your computer Now open My Computer and Drive C, open the Windows directory, and then the System directory Note: %SystemDir% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). Delete all files that look similar to the following, where * represents a letter or number msg{********-****-****-****-************}****.dll The known variants of Look2Me are associated with the following files: msg{*.dll msg116.dll msg117.dll msg118.dll msg119.dll msg120.dll msg121.dll msg122.dll Open Internet Explorer Click Tools, Internet Options Click the Programs tab and then click Reset Web Settings to restore default settings for home page, search page, and other settings. If Look2Me remains or popups from NicTechNetworks remain, then proceed with the following extra instructions 1) Download and run VX2.BetterInternet Finder which will search for files that are tied to Explorer and very tough to remove. These files usually are .dll files found in the Windows\System32 directory with backup files similar to *.cpy.dll 2) Write these files down for later removal 3) To remove these files, you'll need to boot into the Recovery Console. Reboot your computer with your Windows XP or 2000 cd now. If your computer does not boot from the CD-ROM disk, you'll have to change settings in your BIOS to do this to boot from the CD-ROM first. During the loading of the Windows XP or Windows 2000 CD, you'll eventually be given the choice to load the "Recovery Console" by pressing R. Next, Choose your Windows Installation, usually by pressing 1 and pressing Enter. You'll have to enter the Administrator password, if you dont know the password try leaving it blank. Once logged into the Recovery Console, you'll be at a C:\WINDOWS> prompt. If the system does not let you in because of a bad password or you cant access the recovery console from the CD-ROM, you'll have to use the alternate instructions below to access the Recovery Console. 4) At the C:\WINDOWS> prompt type CD SYSTEM32 and press Enter 5) At the C:\WINDOWS\SYSTEM32> prompt, use the DEL command to delete the files you wrote down previously. Ex: DEL AYMPARSE.DLL and press Enter DEL AYMPARSE.CPY.DLL and press Enter 6) After you have deleted the files, type EXIT and restart your computer in normal mode. Look2Me and the files that were previously unable to be deleted should be removed. -------------------------------------------------------------------------------- FIX FOR BAD OR UNKNOWN ADMINSTRATOR PASSWORD 1) In Windows, click on Start, Run, and Type REGEDIT 2) Click on the plus signs (+) next to the following keys HKEY_LOCAL_MACHINE SOFTWARE MICROSOFT WINDOWS NT CURRENTVERSION SETUP RECOVERY CONSOLE 3) Double-click on the option SECURITYLEVEL in the right-hand column and change the Value Data number to 1 then press OK 4) Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD or by the option below. -------------------------------------------------------------------------------- ALTERNATE ACCESS TO RECOVERY CONSOLE If you have Internet access still, place your Windows XP or Windows 2000 CD in the Drive and cancel out of any autostart menus. 1) Log onto the Internet 2) Click on the Start button 3) Click on Run 4) Type the following in the RUN line and Press Enter D:\I386\WINNT32.EXE /CMDCONS Make sure you use your CD Drive letter in place of the letter D above 5) The computer will start to install the Recovery Console and add it as a boot option. 6) Once installed, you'll be able to restart your computer and press F8 to start the Boot Menu. Press the ESC key and you should have the following option available to choose MICROSOFT WINDOWS RECOVERY CONSOLE 7) Choose your Windows Installation, usually by pressing 1 and pressing Enter. You'll have to enter the Administrator password, or you'll be logged in automatically if you used the option shown above. -------------------------------------------------------------------------------- For Automatic Removal of Look2Me (option 1) Download and run the program Killbox created by Option^Explicit Software Solutions. or Download and run the program Kill2Me from Merijn. For Automatic Removal of Look2Me (option 2) Download the following Visual Basic script provided by Mosaic1, a member of Spywareinfo, and save it to c:\removel2me.vbs Look2Me Removal Program This is a Visual Basic Scripting file, so you'll have to have the Windows Scripting Host installed. You can download the following file to disable or reenable the Windows Scripting Host. noscript.exe Now open the Windows Task Manager On Windows 95/98/ME, Press CTRL+ATL+DEL On Windows NT/2000/XP, Press CTRL+ALT+DEL, Select the Task Manager if needed, and click on the Processes tab In the list of programs, click on EXPLORER.EXE and select End Task or End Process. Repeat this procedure until no explorer.exe process is running (The Start Menu, Task Bar, and System Tray will disappear) Click the Applications tab, click the New Task Button, and type the path to the script you saved. c:\removel2me.vbs Click Ok Click Shutdown on the Task Manager toolbar and scroll down to Restart your computer. |
送花文章: 3,
|