endurer 原创
2006-09-08 第1版
有位网友的电脑,使用IE浏览网页时老是弹出hxxp://www.duduw.com 的广告窗口。
使用HijackThis(可以到 hxxp://endurer.ys168.com 下载)扫描log,发现可疑项:
/-----------
Logfile of HijackThis v1.99.1
Scan saved at 20:20:12, on 2006-9-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:/WINDOWS/system32/mssnmp16.dll
O9 - Extra button: 精彩游戏 - {D1EDDE84-E67E-4ccd-B28E-73AD3B71A7C9} - http://bars.duole8.com/ (file missing)
O9 - Extra 'Tools' menuitem: 精彩游戏 - {D1EDDE84-E67E-4ccd-B28E-73AD3B71A7C9} - http://bars.duole8.com/ (file missing)
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:/PROGRA~1/WinKld/WinKld.dll
-----------/
用 WinRAR找到文件:
/-----------
C:/WINDOWS/system32/mssnmp16.dll
-----------/
打包备份后删除。
卸载:Windows日历(Winkalendar)
关闭所有浏览器和文件夹窗口,用HijackThis扫描并修复上面所列项目。
清空IE临时文件夹
清空 c:/Documents and Settings/user/Local Settings/temp(其中 user 为用户名)
Antivirus | Version | Update | Result |
AntiVir | 7.1.1.16 | 09.08.2006 | TR/Spy.Agent.JP |
Authentium | 4.93.8 | 09.08.2006 | no virus found |
Avast | 4.7.844.0 | 09.08.2006 | no virus found |
AVG | 386 | 09.08.2006 | no virus found |
BitDefender | 7.2 | 09.08.2006 | no virus found |
CAT-QuickHeal | 8.00 | 09.07.2006 | no virus found |
ClamAV | devel-20060426 | 09.08.2006 | no virus found |
DrWeb | 4.33 | 09.08.2006 | no virus found |
eTrust-InoculateIT | 23.72.119 | 09.08.2006 | no virus found |
eTrust-Vet | 30.3.3068 | 09.08.2006 | no virus found |
Ewido | 4.0 | 09.05.2006 | no virus found |
Fortinet | 2.77.0.0 | 09.07.2006 | no virus found |
F-Prot | 3.16f | 09.08.2006 | no virus found |
F-Prot4 | 4.2.1.29 | 09.07.2006 | no virus found |
Ikarus | 0.2.65.0 | 09.08.2006 | no virus found |
Kaspersky | 4.0.2.24 | 09.08.2006 | no virus found |
McAfee | 4847 | 09.07.2006 | no virus found |
Microsoft | 1.1560 | 09.08.2006 | no virus found |
NOD32v2 | 1.1745 | 09.08.2006 | no virus found |
Norman | 5.90.23 | 09.08.2006 | no virus found |
Panda | 9.0.0.4 | 09.07.2006 | no virus found |
Sophos | 4.09.0 | 09.08.2006 | no virus found |
Symantec | 8.0 | 09.08.2006 | no virus found |
TheHacker | 5.9.8.208 | 09.08.2006 | no virus found |
UNA | 1.83 | 09.07.2006 | no virus found |
VBA32 | 3.11.1 | 09.07.2006 | no virus found |
VirusBuster | 4.3.7:9 | 09.08.2006 | no virus found |
Aditional Information |
File size: 233472 bytes |
MD5: 7efdae2d9d17d52d855cf6560a21b906 |
SHA1: 831369c5aa26360b9ace5ec8eea51d77c97968d4 |