Kunyoresa Log Data Kuti Ubatsire Bvisa Spyware neVafambi Vanopfura
HijackThis is a free tool from Trend Micro. Yakave yakagadzirwa naMerijn Bellekom, mudzidzi muNetherlands. Spyware kusunungura software yakadai seAdaware kana Spybot S & D kuita basa rakanaka rekuona uye kubvisa mapurogiramu akawanda e spyware, asi dzimwe spyware uye vashandisi vashandisi vanyengeri zvekuda kwezvinhu izvi zvekare zvinopesana ne-spyware.
Hijack Izvi zvakanyorwa zvakananga kuti zvione uye kubvisa browser hijacks, kana software inotora web browser yako, inochinja peji rako rekugara uye injini yekutsvaga nezvimwe zvinhu zvinokuvadza. Kusiyana nechekare anti-spyware software, HijackThis haishandisi zvinyorwa kana kutora mapurogiramu chaiwo kana URL yekuona nekudzivisa. Pane kudaro, HijackThis inotarisa matanho uye nzira dzinoshandiswa nemarware kuitira kuti utapurire hurongwa hwako uye dzogadzirisazve browser yako.
Kwete zvinhu zvose zvinoratidzika muHijackTegi idzi zvinhu zvakaipa uye hazvifanirwe zvose kubviswa. Chaizvoizvo, zvakasiyana chaizvo. Zvinenge zvakavimbiswa kuti zvimwe zvezvinhu izvi muHijackTegi idzi zvichava software yepamutemo uye kubvisa izvo zvinhu zvingakanganisa shanduro yako kana kuti iite kuti irege kushandiswa zvachose. Kushandisa Hijack Izvi zvakafanana nekugadzira Windows Registry pachako. Haisi rocket yesayenzi, asi iwe haufaniri kuzviita usina humwe hutungamiri hutungamiri kunze kwekuti iwe unonyatsoziva zvauri kuita.
Kana ukangoshandisa HijackThis uye uchitungamira kuti uite gwaro regiyo, pane nzvimbo dzakasiyana-siyana dzeforamu uye nzvimbo dzaunogona kutumira kana kuisa dhegi rako rekugadzira. Nyanzvi dzinoziva chatinofanira kutarisa dzinogona kukubatsira iwe kuongorora iyo log data uye kukuraira kuti zvinhu zvipi zvingabvisa uye ndezvipi zvaunofanira kusiya woga.
Kuti udzivirire shanduro yezvino ye HijackThis, unogona kushanyira nzvimbo yepamutemo pa Trend Micro.
Heino mhedziso yeHijackThis log in log iwe waungashandisa kusvetera kune ruzivo rwauri kutsvaga:
- R0, R1, R2, R3 - Internet Explorer Kutanga / Tsvaga mapeji URL
- F0, F1 - Kuzvigadzirisa zvirongwa
- N1, N2, N3, N4 - Netscape / Mozilla Kutanga / Tsvaga maji URL
- O1 - Anoshandisa faira redirection
- O2 - Browser Helper Zvinhu
- O3 - Internet Explorer toolbars
- O4 - Kutakura zvigadziriro kubva kuRegistry
- O5 - IE Options icon haisi kuonekwa mu Control Panel
- O6 - IE Ongororo yekutsvaga inogadziriswa neMutongi
- O7 - Regedit access inogadziriswa neMutungamiriri
- O8 - Zvimwe zvinyorwa muIE-diki-diki menu
- O9 - Zvimwe mabhatani e-IE bhatani bharibhoti, kana zvimwe zvinhu pane IE 'Tools' menu
- O10 - Winsock mhombwe
- O11 - Boka rinowedzera muIE 'Advanced Options' window
- O12 - IE mapaji
- O13 - IE DefaultPrefix hijack
- O14 - 'Dzorerazve Majeri Maiti' hijack
- O15 - Nzvimbo isina kudiwa muTended Zone
- O16 - ActiveX Objects (Aka Yakadhindwa Programme Files)
- O17 - Lop.com madzimambo makuru
- O18 - Zvinyorwa zvekare uye vashanduki veprotocol
- O19 - User style sheet hijack
- O20 - AppInit_DLLs Registry value authoriun
- O21 - ShellServiceObjectDelayLoad Registry key autorun
- O22 - SharedTaskScheduler Registry key autorun
- O23 - Windows NT Services
R0, R1, R2, R3 - IE Kutanga nekutsvaga mapeji
Zvinoratidzika sei:
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Tanga Peji = http://www.google.com/
R1 - HKLM \ Software \ Microsoft \ InternetExplorer \ Main, Default_Page_URL = http://www.google.com/
R2 - (iyi faira haina kushandiswa neHijackThis zvakadaro)
R3 - Dhigiri URLSearchHook inoshaikwa
Zvaunofanira kuita:
Kana iwe uchiona URL pamagumo seji rako remusha kana injini yekutsvaga, zvakanaka. Kana iwe usingaiti, chengeta uye uine HijackTinogadzirisa. Pamusoro pezvinhu zveR3, nguva dzose uzvigadzire kunze kwekuti ichitaura chirongwa chaunoziva, seCopernic.
F0, F1, F2, F3 - Kuzvigadzirisa zvirongwa kubva kuII mafaira
Zvinoratidzika sei:
F0 - system.ini: Shell = Explorer.exe Openme.exe
F1 - win.ini: run = hpfsched
Zvaunofanira kuita:
Zvinhu zveF0 zvinogara zvakashata, saka zvigadzire. Zvinhu zveF1 zvinowanzove zvirongwa zvekare zvakachengeteka, saka unofanira kuwana mamwe mashoko pamusoro pezita re filen kuti uone kana rakanaka kana rakaipa. Pacman's Startup List inogona kubatsira nekuziva chimwe chinhu.
N1, N2, N3, N4 - Netscape / Mozilla Kutanga & amp; Tsvaga peji
Zvinoratidzika sei:
N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C: \ Program Files \ Netscape \ Users \ default \ prefs.js)
N2 - Netscape 6: user_pref ("browser.startup.homepage", "http://www.google.com"); (C: \ Documents and Settings \ User \ Application Data \ Mozilla \ Profiles \ defaulto9t1tfl.slt \ prefs.js)
N2 - Netscape 6: user_pref ("browser.search.defaultengine", "engine: //C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C: \ Documents and Settings \ User \ Application Data \ Mozilla \ Profiles \ defaulto9t1tfl.slt \ prefs.js)
Zvaunofanira kuita:
Kazhinji Netscape neMozilla homepage uye peji yekutsvaga zvakachengeteka. Vanowanzosvibiswa, Lop.com chete ndiyo yave ichizivikanwa kuita izvi. Unofanira kuona URL yausingazivi seji rako rekutsvaga kana peji rekutsvaga, ita HijackTinogadzirisa.
O1 - Inoshandisa maitiro ekudzokorora
Zvinoratidzika sei:
O1 - Vagari: 216.177.73.139 auto.search.msn.com
O1 - Vagari: 216.177.73.139 search.netscape.com
O1 - Vagari: 216.177.73.139 ieautosearch
O1 - Mahofisi faira ari paC: \ Windows \ Help \ hosts
Zvaunofanira kuita:
Iyi nhanho ichadzorera kero yekodzero kune kodzero ye IP kero kuruboshwe. Kana iyo IP isiri yekero, iwe uchadzoserwa kunzvimbo isina kururama nguva dzose paunopinda kero. Iwe unogona kugara uine HijackThis gadzirisa izvi, kunze kwekuti iwe uchiziva uchiisa mitsetse iyo muFiniti yako Host.
Chinhu chekupedzisira dzimwe nguva chinowanikwa paWindows 2000 / XP neApplewebsearch. Nguva dzose gadzirisa chinhu ichi, kana kuti CWShredder igadzirise iyo pakarepo.
O2 - Browser Helper Zvinhu
Zvinoratidzika sei:
O2 - BHO: Yahoo! Shamwari BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O2 - BHO: (hapana zita) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C: \ PROGRAM FILES \ POPUP DZIMWE \ AUTODISPLAY401.DLL
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C: \ PROGRAM FILES \ MEDIALOADS AKASVANA \ ME1.DLL
Zvaunofanira kuita:
Kana iwe usingazivi zvakananga zita re Browser Helper Object, shandisa TonyK's BHO & Toolbar List kuti uiwane nekirasi yeCID (CLSID, nhamba iri pakati pezvigaro zvepakati) uye ona kana zvakanaka kana zvakaipa. Mutsamba yeBHO, 'X' zvinoreva spyware uye 'L' zvinoreva kuchengeteka.
O3 - IE zvigadziri zvemhando
Zvinoratidzika sei:
O3 - Toolbar: & Yahoo! Shamwari - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O3 - Bhubarabhi: Bhuku Rokuputika - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C: \ PROGRAM FILES \ POPUP DZIMWE "PETOOLBAR401.DLL"
O3 - Bharaki: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C: \ WINDOWS \ APPLICATION DATA \ CKSTPRLLNQUL.DLL
Zvaunofanira kuita:
Kana iwe usingazivi zvakananga zita rebarimi, shandisa TonyK's BHO & Toolbar List kuti uiwane nekirasi yeCID (CLSID, nhamba iri pakati pezvakagadzika) uye ona kana zvakanaka kana zvakaipa. Muchidimbu chebarimi, 'X' zvinoreva spyware uye 'L' zvinoreva kuchengeteka. Kana isiri pane urongwa uye zita rinoratidzika sechinhu chisina kujeka chevanhu uye faira iri mu 'Application Data' folda (seyokupedzisira mune mienzaniso iri pamusoro), zvichida Lop.com, uye iwe zvakajeka unofanira kuva HijackThis fix it.
O4 - Kutakura zvigadziriro kubva kuRegistry kana Group Startup
Zvinoratidzika sei:
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - Kutanga: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O4 - Global Startup: winlogon.exe
Zvaunofanira kuita:
Shandisa PacMan's Startup List kuti uwane mukova uye ona kana zvakanaka kana zvakaipa.
Kana iyo inoratidzira purogiramu yakagara muGamba rekutanga (sechikamu chekupedzisira pamusoro), HijackHaizvo hazvigone kugadzirisa chinhu kana chirongwa ichi ichiri muchiyeuchidzo. Shandisa Windows Task Manager (TASKMGR.EXE) kuvhara mushandisirwo musati wagadzirisa.
O5 - IE Zvisarudzo zvisingaoneki muDirect Panel
Zvinoratidzika sei:
O5 - control.ini: inetcpl.cpl = kwete
Zvaunofanira kuita:
Kunze kwekuti iwe kana system yako murairidzi akaziva kuti akavanza chiratidzo kubva paDirect Panel, ita HijackTinogadzirisa.
O6 - IE Ongororo yekutsvaga inogadziriswa neMutongi
Zvinoratidzika sei:
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Zvibvumirano zviripo
Zvaunofanira kuita:
Kunze kwekunge iwe uine shanduro yeSy D & D 'Khiya homepage kubva kuchinja' kushanda, kana kuti system yako administrator inoisa izvi panzvimbo, ita HijackThis gadzirisa izvi.
O7 - Regedit access inogadziriswa neMutungamiriri
Zvinoratidzika sei:
O7 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Zvirongwa \ System, DisableRegedit = 1
Zvaunofanira kuita:
Chengetai HijackThis gadzirisa izvi, kunze kwekuti yako system administrator iisa chirevo ichi panzvimbo.
O8 - Zvimwe zvinyorwa muIE-diki-diki menu
Zvinoratidzika sei:
O8 - Zvimwe zvemuongorori wemenu yemenu: & Google Search - res: // C: \ WINDOWS \ DOWNLOADED PROGRAM FILES \ GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL / cmsearch.html
O8 - Zvimwe zvemuongorori wemenu yemamiriro ezvinhu: Yahoo! Tsvaga - faira: /// C: \ Program Files \ Yahoo! \ Common / ycsrch.htm
O8 - Zvimwe zvemuongorori wemenu yemenu: Zoom & In - C: \ WINDOWS \ WEB \ zoomin.htm
O8 - Zvimwe zvemuongorori wemenu yemenu: Shandisa O & ut - C: \ WINDOWS \ WEB \ zoomout.htm
Zvaunofanira kuita:
Kana iwe usingazivi zita rechimwe chinhu chiri mumutambo wezvakarurama pane IE, tora HijackTizvigadzirise.
O9 - Zvimwe mabhokiti pane bharaki reIE guru, kana zvimwe zvinhu muIE & # 39; Tools & # 39; menu
Zvinoratidzika sei:
O9 - Zvimwe mubhodhi: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Mamwe mabhodhi: AIM (HKLM)
Zvaunofanira kuita:
Kana iwe usingazivi zita rebhatani kana chimwe chinhu chemenu, ita HijackThis irigadzirise.
O10 - Vashandi veWock
Zvinoratidzika sei:
O10 - Kubatwa neInternet access neNew.Net
O10 - Kuputsika kweInternet kuwana nekuda kweLSP mvumo 'c: \ progra ~ 1 \ common ~ 2 \ toolbar \ cnmib.dll' kusina
O10 - Faira risingazivikanwi mu Winsock LSP: c: \ program files \ newton anoziva \ vmain.dll
Zvaunofanira kuita:
Zvakanakisisa kugadzirisa izvi kushandisa LSPFix kubva kuCexx.org, kana kuti Spybot S & D kubva kuKlala.de.
Cherechedza kuti 'mafaira asingazivikanwi' mubako reLSP haazogadziriswa neHjackThis, nekuda kwekuchengetedza.
O11 - Boka rinowedzera muIE & # 39; Ongororo Yakawedzerwa & # 39; window
Zvinoratidzika sei:
O11 - Ongororo boka: [CommonName] CommonName
Zvaunofanira kuita:
Iyo chete mhirizhonga seyezvino iyo inowedzera maitiro ayo eboka kuIE Advanced Options window ndiyo CommonName. Saka iwe unogona kugara uine HijackThis gadzirisa izvi.
O12 - IE mapaji
Zvinoratidzika sei:
O12 - Plugin for .spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O12 - Plugin for .PDF: C: \ Program Files \ Internet Explorer \ PLUGINS \ nppdf32.dll
Zvaunofanira kuita:
Nguva zhinji idzi dzakachengeteka. Chero OnFlow inowedzera purogiji pano yausingadi (.ofb).
O13 - IE DefaultPrefix hijack
Zvinoratidzika sei:
O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?
O13 - WWW. Prefix: http://ehttp.cc/?
Zvaunofanira kuita:
Izvi nguva dzose zvakaipa. Ivai neHijackTizvigadzire.
O14 - & # 39; Ratidzazve Web Settings & # 39; hijack
Zvinoratidzika sei:
O14 - IERESET.INF: START_PAGE_URL = http: //www.searchalot.com
Zvaunofanira kuita:
Kana URL isiri mupi wekombiyuta yako kana kuti ISP yako, ita HijackThis irigadzirise.
O15 - Nzvimbo dzisina kudiwa muTrusted Zone
Zvinoratidzika sei:
O15 - Nzvimbo Yakatendwa: http://free.aol.com
O15 - Trust Zone: * .coolwebsearch.com
O15 - Trust Zone: * .msn.com
Zvaunofanira kuita:
Nguva zhinji nguva chete AOL ne Coolwebsearch zvinyararire kuwedzera masayiti kune Trust Trust Zone. Kana iwe usina kuwedzera nzvimbo yakarongwa kuTrusted Zone iwe pachako, ita HijackThis tiigadzirise.
O16 - ActiveX Objects (Aka Yakadhindwa Programme Files)
Zvinoratidzika sei:
O16 - DPF: Yahoo! Kutaura - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Zvaunofanira kuita:
Kana iwe usingazivi zita rechinhu ichocho, kana URL yakadzingwa kubva, ita HijackThis irigadzirise. Kana zita kana URL iri nemashoko akadai se'dialer ',' casino ',' free_plugin 'nezvimwe, zvirokwazvo gadzirisa. Javacool's SpywareBlaster ine database yakakura yeAliciousX zvinhu zvinoshandiswa zvinogona kushandiswa kutarisa CLSID. (Kurudyi-kanda pakurongwa kuti uwane Tsvaka basa.)
O17 - Lop.com domain hijacks
Zvinoratidzika sei:
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: Domain = aoldsl.net
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = W21944.find-quick.com
O17 - HKLM \ Software \ .. \ Telephony: DomainName = W21944.find-quick.com
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: SearchList = gla.ac.uk
O17 - HKLM \ System \ CS1 \ Services \ VxD \ MSTCP: NameServer = 69.57.146.14,69.57.147.175
Zvaunofanira kuita:
Kana iyo dunhu risingabvi kuIPP yako kana kambani yekambani, ita HijackThis irigadzirise. Izvo zvinoenda kune zvinyorwa zve 'SearchList'. Nokuda kwe'ZitaServer '( DNS servers ) kupinda, Google ye IP kana IPs uye zvichava nyore kuona kana zvakanaka kana zvakaipa.
O18 - Zvinyorwa zvekare uye vashanduki veprotocol
Zvinoratidzika sei:
O18 - Protocol: Relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ MSIETS \ msielink.dll
O18 - Purogiramu: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
O18 - Chikwata chekuendesa mberi: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}
Zvaunofanira kuita:
Vashomanana chete ndivo vanoratidzira pano. Madzimai akaipa anozivikanwa ari 'cn' (CommonName), 'ayb' (Lop.com) uye 'relatedlinks' (Huntbar), unofanira kunge uine HijackTyo kugadzirisa izvo. Zvimwe zvinhu zvinoratidzika hazvibvumirwi zvakachengeteka asi zvakadaro, kana kutorwa (ie ie CLSID yakashandurwa) ne spyware. Munyaya yekupedzisira, ita HijackThis irigadzirise.
O19 - User style sheet hijack
Zvinoratidzika sei:
O19 - User style sheet: c: \ WINDOWS \ Java \ my.css
Zvaunofanira kuita:
Muchiitiko chekufambisa kwekufambisa uye kuvhara kazhinji, ita HijackThis gadzirisa chinhu ichi kana ichiratidzwa mugiyo. Zvisinei, sezvo chete Coolwebsearch ichi, izvi zviri nani kushandisa CWShredder kuti igadzirise.
O20 - AppInit_DLLs Registry value authoriun
Zvinoratidzika sei:
O20 - AppInit_DLLs: msconfd.dll
Zvaunofanira kuita:
Iyi kukosha kweRegistry iri paHKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows inotakura DLL mumurangariro kana musikana achipinda, mushure mokunge inoramba ichiyeuka kusvika logoff. Zvishoma zvishoma zvirongwa zvinoshandiswa zvinoshandisa iyo (Norton CleanSweep inoshandisa APITRAP.DLL), kazhinji inoshandiswa ne trojans kana kushungurudzika kwevashanduri vapambi.
Kana pakaitwa 'DHL' yakavanzwa kubva pakudhidzirwa kweRejistri (inoonekwa chete kana uchishandisa 'Edit Binary Data' sarudzo muRededit) zita dll rinogona kufanirwa mberi negomba '|' kuti zviite kuti zvioneke mugiyo.
O21 - ShellServiceObjectDelayLoad
Zvinoratidzika sei:
O21 - SSODL - AUHOOK - {11566B38-955B-4549-930F-7B7482668782} - C: \ WINDOWS \ System \ auhook.dll
Zvaunofanira kuita:
Iyi ndiyo nzira isina kuvhiringidzika inonzi autorun method, inowanzoshandiswa neashoma Windows system components. Zvinhu zvakanyorwa paHKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ ShellServiceObjectDelayLoad inotakurwa neAxplor kana Windows inotanga. HijackIyo inoshandisa whitelist yezvimwe zvinhu zvakajairika zveSODODL zvinhu, saka chero nguva chinhu chinoratidzwa mugiyo hachizivikanwe uye zvichida chakaipa. Bata nehanya zvakanyanya.
O22 - SharedTaskScheduler
Zvinoratidzika sei:
O22 - SharedTaskScheduler: (hapana zita) - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c: \ windows \ system32 \ mtwirl32.dll
Zvaunofanira kuita:
Ichi ndicho chibvumirano chisingabvumirwi neWindows NT / 2000 / XP chete, chinoshandiswa chaizvo zvishoma. Kusvika ikozvino CWS.Smartfinder chete inoshandisa iyo. Bata nehanya.
O23 - NT Services
Zvinoratidzika sei:
O23 - Basa: Kerio Personal Firewall (PersFw) - Kerio Technologies - C: \ Program Files \ Kerio \ Personal Firewall \ persfw.exe
Zvaunofanira kuita:
Iyi ndiyo inongororwa yemasevisi e-Microsoft. Nyaya yacho inofanira kunge yakafanana neyeyo yaunoona muMusconfig yeWindows XP. Vakawanda vanopamba nharaunda vanoshandisa basa rakagadzirwa nemagadzirirwo mukuda kune mamwe mavambo ekudzorera ivo pachavo. Zita rakazara rinowanzokosha-kurira, sezvinonzi 'Network Security Service', 'Workstation Logon Service' kana 'Remote Procedure Call Helper', asi zita remukati (pakati pevarakiti) isimbi yerara, se'Ort '. Chikamu chechipiri chemutsara ndiye muridzi wefaira pamagumo, sekuonekwa mumafaira epafaira.
Cherechedza kuti kugadzirisa chimwe chinhu cheO23 kunongomira basa nekurivhara. Basa racho rinofanira kubviswa kubva kuRe Registry manyore kana neimwe shanduro. Muchi HijackThis 1.99.1 kana kupfuura, bhatani 'Delete NT Service' muchikamu cheMisc Tools rinogona kushandiswa pane izvi.