|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2003-07-15, 12:18 PM | #1 |
|
病毒無法刪除???
OS : win 2000 pro
掃毒軟體 : Norton 2002 掃描到病毒 : C:\payload.dat 感染了 Backdoor.Trojan C:\WINNT\system32\bboy.dll 感染了 Trojan.Mumuboy C:\WINNT\system32\payload.dat 感染了 Backdoor.Trojan 小弟我想是不是我pc遭人入侵了.....因為我看這些名稱好像是木馬程式 or 入侵者留下後門程式以便下次再入侵.... 但是這些檔案我無法刪除....請教各位如何刪除.... Norton 2002 每次都會掃出這些....但又無法刪除... 要刪除時...就出現說 " 此檔案正在其他程式使用,無法刪除 "等這些字言.. 在此也謝謝大家的回覆!!! |
送花文章: 0,
|
2003-07-20, 02:20 PM | #7 (permalink) |
|
Download the FixMumuB.exe file from:
http://securityresponse.symantec.com...r/FixMumuB.exe Save the file to a convenient location, such as your downloads folder or the Windows Desktop (or removable media that is known to be uninfected, if possible). To check the authenticity of the digital signature, refer to the section, "Digital signature." Close all the running programs before running the tool. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet. If you are running Windows Me or XP, then disable System Restore. Refer to the section, "System Restore option in Windows Me/XP," for additional details. CAUTION: If you are running Windows Me/XP, we strongly recommend that you do not skip this step. The removal procedure may be unsuccessful if Windows Me/XP System Restore is not disabled, because Windows prevents outside programs from modifying System Restore. Double-click the FixMumuB.exe file to start the removal tool. Click Start to begin the process, and then allow the tool to run. Note: If, when running the tool, you see a message that the tool was not able to remove one or more files, run the tool in Safe mode. Shut down the computer, turn off the power, and wait 30 seconds. Restart the computer in Safe mode and run the tool again. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode." Restart the computer. Run the removal tool again to ensure that the system is clean. If you are running Windows Me/XP, then re-enable System Restore. Run LiveUpdate to make sure that you are using the most current virus definitions. When the tool has finished running, you will see a message indicating whether W32.Mumu.B.Worm infected the computer. In the case of a worm removal, the program displays the following results: Total number of scanned files. Number of deleted files. Number of terminated viral processes. |
送花文章: 0,
|
2003-07-20, 02:22 PM | #8 (permalink) |
|
WORM_MUMU.A
特性 技術細節 統計分析 快速連結 解決方案 -------------------------------------------------------------------------------- 病毒種類: 蠕蟲 具破壞性: 不會 可偵測之最新病毒碼: 576 可偵測之最新掃瞄引擎: 5.200 風險程度: 中度 -------------------------------------------------------------------------------- 感染報告: 低度 破壞力: 高度 感染力: 高度 -------------------------------------------------------------------------------- 說明: 此病毒是利用Windows SMB(Server Message Block) Share的方式進行散佈,它是使用一些容易猜測的administrator密碼進行滲透擴散的動作。 為了實行本身程式的惡性動作,此病毒會產生數個檔案去執行,包括了兩個惡性程式,趨勢科技偵測為BAT_SPYBOT.A和TROJ_HACLINE.A。 此病毒可執行於Windows95、98、ME、NT、2000與XP系統上。 解決方案: 自動清除步驟 個人用戶: 下載Trend Micro System Cleaner Package與 最新病毒碼 ,將檔案放置相同資料夾內. 執行sysclean.com掃描您的系統. 企業用戶: 部署TSC至OfficeScan用戶端 請先下載TSC.zip, 內含TSC.exe與TSC.ptn兩個檔案 將TSC解壓縮至OfficeScan Server上的..\PCCSRV\Admin. 刪除..\PCCSRV\Download\hotfix95.txt及hotfixnt.txt. 修改..\PCCSRV\Autopcc.cfg\AP95.ini, 新增下列文字: ADMIN\TSC.ptn 新增後請多按一次Enter確定文件末端多一行空白列. 修改..\PCCSRV\Autopcc.cfg\APNT.ini, 新增下列文字: ADMIN\TSC.ptn 新增後請多按一次Enter確定文件末端多一行空白列. 請將..\PCCSRV\Admin\Utility\Touch\TmTouch.exe複製到..\PCCSRV\Admin目錄下. 打開命令提示字元並移至..\PCCSRV\Admin>的狀態下, 輸入下列指令後按Enter: TmTouch.exe TSC.* 至\PCCSRV\Admin目錄確認TSC.exe及TSC.ptn日期是否為今日. 以上步驟作完後OfficeScan Server會自動部署TSC至用戶端. 用戶端重新開機或執行手動掃描時會自動執行TSC. 手動清除步驟 確認惡意程式程序名稱 為了移除惡意程式,首先確認惡意程式的程序名稱. 使用趨勢科技防毒軟體掃描系統. 紀錄所有偵測為WORM_MUMU.A的檔案名稱. 趨勢科技用戶必須下載 最新病毒碼 以便掃描偵測此病毒. 關閉惡意程式 此程可關閉惡性程式於記憶體中的處理程序.若不知處理程序的名稱,您需要之前所偵測到的病毒檔案名稱. 開啟Windows 工作管理員. 按CTRL+SHIFT+ESC,然後點選處理程序標籤. 於處理程序執行的程式清單中找到之前偵測到的惡意程式. 選擇該檔案,然後點選結束處理程序按鈕. 重複上述動作直到關閉所有偵測到的惡意程式. 為了確認是否已經結束所有惡意程式的處理程序, 關閉工作管理員,然後再次開啟. (當一個惡性程式結束時也會再呼叫一個IEXPLORE.EXE.在結束IEXPLOWER.EXE之前請先結束其他所有的惡意程式) 關閉工作管理員. 移除登錄編輯程式中自動啟動的機碼 移除登錄編輯程式中自動啟動的機碼可防止惡意程式在開機的時候自動執行. 開啟登錄編輯程式.點選開始>執行,輸入REGEDIT,然後按Enter. 登錄編輯程式內, 於左邊視窗中,滑鼠雙擊下面路徑: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run 於右邊視窗中, 尋找並刪除下列機碼: Kernel ="%WINDOWS%\bboy.exe" 於左邊視窗中,滑鼠雙擊下面路徑: HKEY_LOCAL_MACHINE>Software>mumu 點選mumu此機碼按下右鍵,選擇"刪除"之. 關閉登錄編輯程式. Additional Windows ME/XP Cleaning Instructions Windows Millennium Edition (ME) and Windows XP have a feature known as System Restore, which creates backups of certain files in the _Restore folder. The System Restore feature usually backs up files with EXE or COM extensions, which may include infected files and malware programs. Files in the _Restore folder are protected and can only be accessed using System Restore. This feature must be disabled first before Trend Micro antivirus can access and clean these files. The following procedure disables the System Restore feature: For Windows ME Right-click the My Computer icon on the Desktop and click Properties. Click the Performance tab. Click the File System button. Click the Troubleshooting tab. Select Disable System Restore. Click Apply > Close > Close. When prompted to restart, click Yes. Press F8 while the system restarts. Choose Safe Mode then hit the Enter key. After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted. Re-enable System Restore by clearing Disable System Restore and restarting your system normally. For Windows XP Log on as Administrator. Right-click the My Computer icon on the desktop and click Properties. Click the System Restore tab. Select Turn off System Restore. Click Apply > Yes > OK. Continue with the scan/clean process. Files under the _Restore folder can now be deleted. Re-enable System Restore by clearing Turn off System Restore. |
送花文章: 0,
|
2003-07-21, 09:35 PM | #9 (permalink) |
|
非常感謝小弟去試試看...可否刪除此病毒...
小弟我試過將病毒隔理後再刪除......可是這病毒還是會發作 ..... 照樣出來煩人.......... 我想病毒沒有刪除乾淨.......而且這病毒還正厲害.....不曉得它藏在哪裡?? 殺完此病毒它又出來.. Norton 2002視窗出現,上面寫著 : 物件名稱 : C:\payload.dat 病毒名稱 :Backdoor.Trojan 好煩人~好煩人~好煩人 小弟我先用以上兩位的方法試試......謝謝!!! |
送花文章: 0,
|