求助 - 最近很容易中毒

milk · 2007-07-02, 08:56 AM

不知道走什麼霉運
最近很容易中毒
然後NOD32 老是後知後覺

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 上午 08:56:09, on 2007/7/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ching-Ping Yang\桌面\HiJackThis_v2.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\dl_text.html
O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\Ching-Ping Yang\桌面\SmartGet1.2\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\dl_url.html
O8 - Extra context menu item: 使用 S&martGet 下載 - C:\Documents and Settings\Ching-Ping Yang\桌面\SmartGet1.2\dl_link.htm
O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://milkygp.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor...n/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1144384069520
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com/Kor/vc4w_ocx/Vcrscan.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing)
O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 12062 bytes

milk · 2007-07-02, 08:59 AM

Antivirus Version Update Result
AhnLab-V3 2007.6.30.0 06.29.2007 no virus found
AntiVir 7.4.0.37 07.01.2007 HEUR/Crypted
Authentium 4.93.8 06.29.2007 no virus found
Avast 4.7.997.0 07.02.2007 no virus found
AVG 7.5.0.476 07.01.2007 no virus found
BitDefender 7.2 07.02.2007 GenPack:Trojan.Downloader.VB.AGZ
CAT-QuickHeal 9.00 06.30.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 07.01.2007 no virus found
DrWeb 4.33 07.02.2007 no virus found
eSafe 7.0.15.0 06.30.2007 Suspicious Trojan/Worm
eTrust-Vet 30.8.3752 06.29.2007 no virus found
Ewido 4.0 07.01.2007 no virus found
FileAdvisor 1 07.02.2007 no virus found
Fortinet 2.91.0.0 07.01.2007 W32/VB.AG!tr
F-Prot 4.3.2.48 06.29.2007 no virus found
F-Secure 6.70.13030.0 07.02.2007 no virus found
Ikarus T3.1.1.8 07.01.2007 Backdoor.Win32.Bifrose.DF
Kaspersky 4.0.2.24 07.02.2007 no virus found
McAfee 5064 06.29.2007 New Malware.dq
Microsoft 1.2701 07.01.2007 no virus found
NOD32v2 2368 07.01.2007 Win32/TrojanDownloader.VB.ANF
Norman 5.80.02 06.29.2007 no virus found
Panda 9.0.0.4 07.01.2007 no virus found
Sophos 4.19.0 06.28.2007 no virus found
Sunbelt 2.2.907.0 06.29.2007 no virus found
Symantec 10 07.02.2007 W32.SillyDC
TheHacker 6.1.6.140 06.28.2007 no virus found
VBA32 3.12.0.2 07.02.2007 suspected of Trojan-PSW.Game.63 (paranoid heuristics)
VirusBuster 4.3.23:9 07.01.2007
Webwasher-Gateway 6.0.1 07.01.2007 Heuristic.Crypted

rezard · 2007-07-02, 10:06 AM

大大要不要再多裝個軟體防火牆？並定期用反間諜軟體掃瞄PC？

小弟現在使用的軟體防火牆：COMODO Firewall Pro（免費，有官方中文介面）、Agnitum Outpost Firewall 1.0.1817.1645（免費，很舊的版本，不過吃系統資源小，適合舊機器使用，只是ftpfilt.dll這個核心模組易導致當機，要手動拿掉）。

小弟現在常用的反間諜軟體：AVG Anti-Spyware Free Edition 7.5。

古里特 · 2007-07-02, 11:31 AM

其實我是認為
只要有良好的上網習慣、平時間不要亂點來路不明的連接
不要下載來路不明可疑的檔案、不要亂逛來路不明的網站
基本上，要養成良好習慣，要中毒都很困難

我的防毒軟體都是拿來心安的
我之前用諾頓，現在用avast
跳出病毒的視窗機會，少之又少，非常少見
我也有用BT抓東西，也逛網站，就差我沒玩線上遊戲

養成良好的上網習慣才是真正最好的防毒軟體

milk · 2007-07-02, 12:42 PM

防火牆以前有用
可是後來發現
我根本到最後都會開放通過
有跟沒有差不多....

至於良好習慣...我也知道
問題在於
這毒(木馬)是在學校內部流竄
實驗的data 我又不能不開

很煩

plunderer · 2007-07-02, 08:39 PM

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing)

O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing)

勾選並修復上述項目, 重新開機, 以安全模式登入windows, 刪除 C:\WINDOWS\system32\ODBCJET.exe

"後知後覺" 總比 "不知不覺" 好....

你不是走霉運, 最近容易中毒可能的原因:
1. 常用 DSLite 及 SmartGet 下載到不明程式
2. USB 磁碟到處用

milk · 2007-07-03, 12:53 AM

引用:

作者: plunderer

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing)

O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing)

勾選並修復上述項目, 重新開機, 以安全模式登入windows, 刪除 C:\WINDOWS\system32\ODBCJET.exe

"後知後覺" 總比 "不知不覺" 好....

你不是走霉運, 最近容易中毒可能的原因:
1. 常用 DSLite 及 SmartGet 下載到不明程式
2. USB 磁碟到處用

我已經照您的方式刪除
不過...既然system32內的檔不能亂刪,為什麼可以這麼處理?我很好奇

這兩種中毒原因
我比較傾向第二種...因為我DSL通常是回家才用桌上電腦使用

至於USB...這我沒辦法,大家的資料都這麼存取
我比較火的是NOD32 老偵查不出來
每次都中鏢了才告訴我....
偵測的到,卻又無法及時防護.....
難道這暗示我該換防毒軟體了

plunderer · 2007-07-03, 01:07 AM

system32內的檔只是"不能亂刪", 並非不能刪...有問題的當然要刪

用 USB 磁碟是無法避免的, 但別讓電腦自動讀取光碟或可攜式裝置, 就可避免插上已被感染的USB磁碟時自動讀取....隨時看看USB磁碟根目錄內有無 autorun.inf , 有就刪除

NOD 算不錯了, 你中的標大概都是經過綑綁或加殼加密過, 這類檔案任何防毒軟體都防不勝防, 能查出被釋放出來的檔案就算不錯了, 除非你用 HIPS 軟體監控程式的動作(若不怕煩的話)

milk · 2007-07-03, 01:24 AM

引用:

作者: plunderer

system32內的檔只是"不能亂刪", 並非不能刪...有問題的當然要刪

用 USB 磁碟是無法避免的, 但別讓電腦自動讀取光碟或可攜式裝置, 就可避免插上已被感染的USB磁碟時自動讀取....隨時看看USB磁碟根目錄內有無 autorun.inf , 有就刪除

NOD 算不錯了, 你中的標大概都是經過綑綁或加殼加密過, 這類檔案任何防毒軟體都防不勝防, 能查出被釋放出來的檔案就算不錯了, 除非你用 HIPS 軟體監控程式的動作(若不怕煩的話)

這我倒有興趣了
麻煩是不怕
怕是不知道怎麼操縱

不知道那兒可以找到HIPS 軟體監控程式

plunderer · 2007-07-03, 01:47 AM

國外的 SSM, Safe'n'Sec, GSS 都不錯, 大陸也有些 HIPS 軟體, 不過完全成熟的幾乎沒有

HIPS 軟體主要在於對行為的判斷及規則的設定
國內論壇關於 HIPS 軟體的相關訊息很少, 大陸的論壇較多

我目前是用這個:
http://forum.slime.com.tw/showthread.php?t=199835
已出到1.4 beta, 不過還不是很穩定

milk · 2007-07-03, 01:57 AM

引用:

作者: plunderer

國外的 SSM, Safe'n'Sec, GSS 都不錯, 大陸也有些 HIPS 軟體, 不過完全成熟的幾乎沒有

HIPS 軟體主要在於對行為的判斷及規則的設定
國內論壇關於 HIPS 軟體的相關訊息很少, 大陸的論壇較多

我目前是用這個:
http://forum.slime.com.tw/showthread.php?t=199835
已出到1.4 beta, 不過還不是很穩定

感謝指教

2007-07-02, 08:56 AM	#1
milk 長老會員榮譽勳章勳章總數5 UID - 7334 在線等級: 註冊日期: 2002-12-09 住址: Molecular Lab. 文章: 1140 精華: 0 現金: 58513 金幣資產: 71348 金幣	求助 - 最近很容易中毒不知道走什麼霉運最近很容易中毒然後NOD32 老是後知後覺 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 上午 08:56:09, on 2007/7/2 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\RoamMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\ASUS Probe\AsusProb.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ching-Ping Yang\桌面\HiJackThis_v2.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\ASUS Probe\AsusProb.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\dl_text.html O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\Ching-Ping Yang\桌面\SmartGet1.2\dl_text.html O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\dl_url.html O8 - Extra context menu item: 使用 S&martGet 下載 - C:\Documents and Settings\Ching-Ping Yang\桌面\SmartGet1.2\dl_link.htm O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\DSLite.exe O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Ching-Ping Yang\桌面\DSLite2\DSLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw O15 - Trusted Zone: http://arcaonline.arcabit.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://milkygp.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor...n/pestscan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1144384069520 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com/Kor/vc4w_ocx/Vcrscan.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing) O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe -- End of file - 12062 bytes
	__________________ ∼∼∼∼~ 　@ 天氣冷ㄌ∼＃ ∼∼∼~ ／︳＼@ 吃ㄍ熱包子∼＃ ∼∼~ ／　︳＼　@ 要幸福哦∼！ ^^~　　　　　　　　@ ~　　　　　　　　　　 @ ／　　﹏﹏　　　﹏﹏　　＼ \| 　　　　　　　　　　　　︱ ╰▄▄▃▃▂▽▂▃▃▄▄╯
	送花文章: 90, 收花文章: 259 篇, 收花: 789 次

2007-07-02, 08:59 AM	#2 (permalink)
milk 長老會員榮譽勳章勳章總數5 UID - 7334 在線等級: 註冊日期: 2002-12-09 住址: Molecular Lab. 文章: 1140 精華: 0 現金: 58513 金幣資產: 71348 金幣	Antivirus Version Update Result AhnLab-V3 2007.6.30.0 06.29.2007 no virus found AntiVir 7.4.0.37 07.01.2007 HEUR/Crypted Authentium 4.93.8 06.29.2007 no virus found Avast 4.7.997.0 07.02.2007 no virus found AVG 7.5.0.476 07.01.2007 no virus found BitDefender 7.2 07.02.2007 GenPack:Trojan.Downloader.VB.AGZ CAT-QuickHeal 9.00 06.30.2007 (Suspicious) - DNAScan ClamAV devel-20070416 07.01.2007 no virus found DrWeb 4.33 07.02.2007 no virus found eSafe 7.0.15.0 06.30.2007 Suspicious Trojan/Worm eTrust-Vet 30.8.3752 06.29.2007 no virus found Ewido 4.0 07.01.2007 no virus found FileAdvisor 1 07.02.2007 no virus found Fortinet 2.91.0.0 07.01.2007 W32/VB.AG!tr F-Prot 4.3.2.48 06.29.2007 no virus found F-Secure 6.70.13030.0 07.02.2007 no virus found Ikarus T3.1.1.8 07.01.2007 Backdoor.Win32.Bifrose.DF Kaspersky 4.0.2.24 07.02.2007 no virus found McAfee 5064 06.29.2007 New Malware.dq Microsoft 1.2701 07.01.2007 no virus found NOD32v2 2368 07.01.2007 Win32/TrojanDownloader.VB.ANF Norman 5.80.02 06.29.2007 no virus found Panda 9.0.0.4 07.01.2007 no virus found Sophos 4.19.0 06.28.2007 no virus found Sunbelt 2.2.907.0 06.29.2007 no virus found Symantec 10 07.02.2007 W32.SillyDC TheHacker 6.1.6.140 06.28.2007 no virus found VBA32 3.12.0.2 07.02.2007 suspected of Trojan-PSW.Game.63 (paranoid heuristics) VirusBuster 4.3.23:9 07.01.2007 Webwasher-Gateway 6.0.1 07.01.2007 Heuristic.Crypted

	送花文章: 90, 收花文章: 259 篇, 收花: 789 次

2007-07-02, 10:06 AM	#3 (permalink)
rezard 長老會員榮譽勳章勳章總數11 UID - 5875 在線等級: 註冊日期: 2002-12-08 住址: 夢幻之島福爾摩沙文章: 4595 精華: 0 現金: 258 金幣資產: 25680236 金幣	大大要不要再多裝個軟體防火牆？並定期用反間諜軟體掃瞄PC？小弟現在使用的軟體防火牆：COMODO Firewall Pro（免費，有官方中文介面）、Agnitum Outpost Firewall 1.0.1817.1645（免費，很舊的版本，不過吃系統資源小，適合舊機器使用，只是ftpfilt.dll這個核心模組易導致當機，要手動拿掉）。小弟現在常用的反間諜軟體：AVG Anti-Spyware Free Edition 7.5。
	__________________ 的歷流光小，飄颻弱翅輕。恐畏無人識，獨自暗中明。 [IMG][/IMG]
	送花文章: 127322, 收花文章: 3952 篇, 收花: 21079 次

2007-07-02, 11:31 AM	#4 (permalink)
古里特長老會員榮譽勳章勳章總數15 UID - 266346 在線等級: 註冊日期: 2007-04-16 住址: 天外天文章: 16251 精華: 0 現金: 49069 金幣資產: 26177647 金幣	其實我是認為只要有良好的上網習慣、平時間不要亂點來路不明的連接不要下載來路不明可疑的檔案、不要亂逛來路不明的網站基本上，要養成良好習慣，要中毒都很困難我的防毒軟體都是拿來心安的我之前用諾頓，現在用avast 跳出病毒的視窗機會，少之又少，非常少見我也有用BT抓東西，也逛網站，就差我沒玩線上遊戲養成良好的上網習慣才是真正最好的防毒軟體

	送花文章: 37553, 收花文章: 17188 篇, 收花: 66019 次

2007-07-02, 12:42 PM	#5 (permalink)
milk 長老會員榮譽勳章勳章總數5 UID - 7334 在線等級: 註冊日期: 2002-12-09 住址: Molecular Lab. 文章: 1140 精華: 0 現金: 58513 金幣資產: 71348 金幣	防火牆以前有用可是後來發現我根本到最後都會開放通過有跟沒有差不多.... 至於良好習慣...我也知道問題在於這毒(木馬)是在學校內部流竄實驗的data 我又不能不開很煩

	送花文章: 90, 收花文章: 259 篇, 收花: 789 次

2007-07-02, 08:39 PM	#6 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe, O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O21 - SSODL: ZipExt32 - {35CEC8A3-2BE6-11D2-8773-92E220524140} - C:\WINDOWS\Downloaded Program Files\ZipExt32.dll (file missing) O21 - SSODL: AceExt - {35CEC8A3-2BE6-11D2-8773-92E220524150} - C:\WINDOWS\system32\AceExt32.dll (file missing) 勾選並修復上述項目, 重新開機, 以安全模式登入windows, 刪除 C:\WINDOWS\system32\ODBCJET.exe "後知後覺" 總比 "不知不覺" 好.... 你不是走霉運, 最近容易中毒可能的原因: 1. 常用 DSLite 及 SmartGet 下載到不明程式 2. USB 磁碟到處用
	__________________ 刑天舞干戚
	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-07-03, 01:07 AM	#8 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	system32內的檔只是"不能亂刪", 並非不能刪...有問題的當然要刪用 USB 磁碟是無法避免的, 但別讓電腦自動讀取光碟或可攜式裝置, 就可避免插上已被感染的USB磁碟時自動讀取....隨時看看USB磁碟根目錄內有無 autorun.inf , 有就刪除 NOD 算不錯了, 你中的標大概都是經過綑綁或加殼加密過, 這類檔案任何防毒軟體都防不勝防, 能查出被釋放出來的檔案就算不錯了, 除非你用 HIPS 軟體監控程式的動作(若不怕煩的話)

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-07-03, 01:47 AM	#10 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	國外的 SSM, Safe'n'Sec, GSS 都不錯, 大陸也有些 HIPS 軟體, 不過完全成熟的幾乎沒有 HIPS 軟體主要在於對行為的判斷及規則的設定國內論壇關於 HIPS 軟體的相關訊息很少, 大陸的論壇較多我目前是用這個: http://forum.slime.com.tw/showthread.php?t=199835 已出到1.4 beta, 不過還不是很穩定

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

Google 提供的廣告