Te whakamaori i nga Raraunga Tuhituhi Hei Āwhina Tangohia te Tutei me te Hijackers Pūtirotiro
HijackTenei he taputapu koreutu mai i te Trend Micro. I whakawhanakehia e Merijn Bellekom, he akonga i te Netherlands. Ko te whakamahi i nga mahi torotoro Spyware rite ki a Adaware me Spybot S & D he mahi pai mo te kimi me te tango i te nuinga o nga kaupapa torotoro, engari ko etahi o nga torotoro me nga hijackers hihiko he tino kino rawa mo enei taputapu anti-torotoro nui.
HijackTenei kua tuhia ki te kimi me te tango i nga hijacks pūtirotiro, te pūmanawa e tango ana i tō pūtirotiro tukutuku, ka huri i to whārangi kāinga taunoa me te motuka rapu me etahi atu mea kino. Kaore i te rite ki te rorohiko anti-spyware, HijackKaore e whakamahia ana waitohu, he arotahi ranei i tetahi papatono motuhake ranei URL ki te kite me te poraka. Engari, HijackTenei e rapu ana i nga tinihanga me nga tikanga e whakamahia ana e te malware ki te whakapoke i to punaha me te whakatika i to punaha.
Ehara i nga mea katoa e whakaatuhia ana i te HijackTenei pukapuka he mea kino, a me kaua e nekehia atu. Ko hono mooní, tino te ritenga. Kua tata te mea ko etahi o nga mea i roto i to HijackTenei pukapuka he mea tika te rorohiko me te tango i aua mea ka pangia pea e to paanga, kaore ano hoki e taea te mahi. Te whakamahi i te HijackHe rite tenei ki te whakatika i te Rēhita Windows . Ehara i te mea he pūtaiao whakaharahara, engari me tino kore koe e mahi ma te kore he aratohu tohunga kaore koe e mohio ana ki ta koe mahi.
Kia whakauruhia e koe te HijackThis me te whakahaere i te reira hei whakaputa i tetahi kōnae rangitaki, he maha nga huinga o nga huinga me nga pae e taea ai e koe te tuku pe tukuake i to raraunga takiuru. Ko nga tohunga e mohio ana ki te mea e rapu ana ka taea e koe te tirotiro i nga raraunga o te takiuru me te tohutohu ki a koe mo nga mea hei tango, me nga mea ka waiho noa iho.
Hei tikiake i te putanga o te HijackThis, ka taea e koe te toro ki te pae mana i Trend Micro.
Anei he tirohanga whānui o te HijackThis log log e taea e koe te whakamahi ki te peke ki te mōhiohio e rapu ana koe mo:
- R0, R1, R2, R3 - Mahere Internet Explorer / Rapu Rapu URL
- F0, F1 - Te Whakahaere Aunoa
- N1, N2, N3, N4 - Netscape / Mozilla Tīmata / Rapu Rapu URL
- O1 - Whakahaerehia nga kōnae a te ope
- O2 - Ngā Ahanoa Āwhina Pūtirotiro
- O3 - Paeutauta Internet Explorer
- O4 - Nga papatono whakaheke i te Rēhitatanga
- O5 - IE Options icon e kore e kitea i te Paewhiri Mana
- O6 - IE Options access restricted by Administrator
- O7 - Te whakaurunga Regedit i aukatia e te Kaiwhakahaere
- O8 - He mea ano i roto i te tahua-matau IE
- O9 - Paerewa atu i runga i te papautauta IE taunoa, i etahi atu mea i roto i te tahua IE 'Utauta'
- O10 - Winjack hijacker
- O11 - He roopu atu i roto i te matapihi 'Whakawhiringa Rawa' o te IE
- O12 - IE mono
- O13 - IE DefaultPrefix hijack
- O14 - 'Tautuhi Tautuhinga Tukutuku' hijack
- O15 - Paerewa kore i te Rohe Whakaaetanga
- O16 - Ahanoa ActiveX (he Rauemi Papatono Whakaekea)
- O17 - Nga kaiwhakarato rohe o Lop.com
- O18 - Nga kawa kawa me nga hijackers kawa
- O19 - Whakairo i te momo kāhua o te kaiwhakamahi
- O20 - AppInit_DLLs Waitohu Raraunga
- O21 - ShellServiceObjectDelayLoad Ingoa rēhita mana
- O22 - SharedTaskScheduler Ingoa rēhita autorun
- O23 - Ratonga NT Windows
R0, R1, R2, R3 - IE Tīmata me Rapu Rapu
He ahua penei:
R0 - HKCU Software Software Microsoft Internet Explorer Main, Whārangi Tīmata = http://www.google.com/
R1 - HKLM Software Microsoft InternetExplorer \ Main, Default_Page_URL = http://www.google.com/
R2 - (kaore e whakamahia tenei momo e HijackThis ano)
R3 - Kua ngaro te URLSearchHook taunoa
He aha te mahi:
Mena ka mohio koe ki te URL i te mutunga ko to mahinga papaapu ranei, kei te pai. Ki te kore koe, tirohia me te hijackThis whakatika i te reira. Mo nga mea R3, ka whakatika tonu ia ki te kore e whakahuahia he papatono e mohio ana koe, ano ko Copernic.
F0, F1, F2, F3 - Ngā papatono whakatere mai i ngā kōnae INI
He ahua penei:
F0 - system.ini: Shell = Explorer.exe Openme.exe
F1 - win.ini: run = hpfsched
He aha te mahi:
He kino tonu nga mea F0, na reira ka whakatika. Ko nga mea F1 he nuinga noa nga papatono tawhito kei te haumaru, na me kimi etahi atu korero mo te ingoa ki te kite mehemea he pai, he kino ranei. Ka taea e te Rārangi Whakatakoto Pacman te awhina i te tautuhi i te mea.
N1, N2, N3, N4 - Netscape / Mozilla Tīmata & amp; Rapu rapu
He ahua penei:
N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C: \ Papatono Papatono \ Netscape \ Users \ default \ prefs.js)
N2 - Netscape 6: user_pref ("browser.startup.homepage", "http://www.google.com"); (C: \ Tuhinga me te Tautuhinga Kaiwhakamahi Raraunga Raraunga Mozilla \ Profiles \ defaulto9t1tfl.slt prefs.js)
N2 - Netscape 6: user_pref ("browser.search.defaultengine", "engine: //C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C: \ Tuhinga me te Tautuhinga Kaiwhakamahi Raraunga Raraunga Mozilla \ Profiles \ defaulto9t1tfl.slt prefs.js)
He aha te mahi:
I te nuinga o nga wa e haumaru ana te whārangi Netscape me Mozilla. Kaore e rawekehia ana e ratou, ko Lop.com anake i mohio ki te mahi i tenei. Ki te kite koe i te URL kaore koe e mohio ko to whaarangi whārangi ranei, kei te HijackThis te whakatika.
O1 - Mahinga Whakahaere Hostsfile
He ahua penei:
O1 - Kaihautū: 216.177.73.139 auto.search.msn.com
O1 - Nga ope: 216.177.73.139 search.netscape.com
O1 - Kaihautū: 216.177.73.139 ieautosearch
O1 - Kei te C: \ Windows \ Help \ hosts te kōnae ope
He aha te mahi:
Ka hurihia e tenei hijack te wāhitau ki te taha matau ki te IP IP ki te maui. Ki te kore te IP e whakauru ki te wahitau, ka tukuna koe ki tetahi pae whaitake i nga wa katoa ka whakauru koe ki te wāhitau. Ka taea e koe te HijackTenei te whakatika i enei, ki te kore e tuutuhia e koe nga raina i roto i to kōnae Kaihautū.
Ko te mea whakamutunga ka puta i runga i te Windows 2000 / XP me te mate Coolwebsearch. Whakaritea i tenei mea i tenei wa, ka whakahoutia ranei e CWShredder.
O2 - Ngā Ahanoa Āwhina Pūtirotiro
He ahua penei:
O2 - BHO: Yahoo! Hoahoa BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O2 - BHO: (kaua he ingoa) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C: \ PŪPAPA WHAKAMAHI \ ELIMINATOR POPUP \ AUTODISPLAY401.DLL (ngaro te kōnae)
O2 - BHO: Kua Whakanuia nga Paerewa Whakawhitiwhitinga - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C: \ PŪPIRI MĀTAURI \ MEDIALOADS WHAKAMAHI ME1.DLL
He aha te mahi:
Mena kaore koe e mohio tika ana ki te ingoa o te Miihini Taitara Pūtirotiro, whakamahia te BHO me te Paeutauta a TonyK kia kitea e te ID class (CLSID, te tau i waenganui i nga tohu awhi) me te kite mehemea he pai, he kino ranei. I roto i te BHO List, 'X' ko te tikanga torotoro me te 'L' te tikanga haumaru.
O3 - Ipuutauta IE
He ahua penei:
O3 - Paeutauta: & Yahoo! Hoa - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O3 - Paeutauta: Whakarewa Whakarewa - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C: \ PŪPAPA WHAKAMAHI \ POPUP ELIMINATOR \ PETOOLBAR401.DLL (ngaro te kōnae)
O3 - Paeutauta: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C: \ WINDOWS APPLICATION DATA \ CKSTPRLLNQUL.DLL
He aha te mahi:
Mena kaore koe e mohio tika ana ki te ingoa o te taputapu, whakamahia te BHO & Paeutauta a TonyK kia kitea e te KTK (CLSID, te tau i waenga i nga awhi awhi) me te kite he pai, he kino ranei. I roto i te Rarangi Paeutauta, 'X' te tikanga o te torotoro me te 'L' te tikanga haumaru. Mena kaore i te rarangi me te ingoa te ahua o te waahanga matapōkerekere me te kōnae kei roto i te kōpaki 'Whakamaunga Raraunga' (pērā i te whakamutunga o nga tauira i runga ake nei), pea pea Lop.com, a me tino tohu koe kia HijackThis whakatika te reira.
O4 - Ngā papatono whakawhiti i te Rarahita, te Rōpū Whakaoho
He ahua penei:
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Papatono Papatono \ Kōnae Katoa \ Symantec Shared \ ccApp.exe"
O4 - Whakamata: Microsoft Office.lnk = C: \ Papatono Papatono Microsoft Office Office Office OSA9.EXE
O4 - Whakaoho Ao: winlogon.exe
He aha te mahi:
Whakamahia te Rārangi Whakaoho PacMan kia kitea ai te tomokanga me te kite mehemea he pai, he kino ranei.
Mena kei te whakaatu te mea i te papatono e noho ana i roto i te rōpū Whakaoho (pēnei i te mea whakamutunga i runga ake nei), HijackKaore e taea e tenei waahanga te whakatika i te mea mehemea kei te mahara tonu tenei papatono. Whakamahia te Kaiwhakahaere Tūmahi Windows (TASKMGR.EXE) hei kati i te tukanga i mua i te whakatika.
O5 - IE Options kāore i te kitea i Paewhiri Mana
He ahua penei:
O5 - control.ini: inetcpl.cpl = kore
He aha te mahi:
Mena kua kore e huna e koe, e to kaiwhakahaere pūnaha ranei te ata mai i te Paewhiri Mana, ma HijackThis tenei e whakatika.
O6 - IE Options access restricted by Administrator
He ahua penei:
O6 - HKCU Software Pūmanawa Microsoft Rapu Tautuhinga Internet Explorer
He aha te mahi:
Mena kei a koe te waitohu Spybot S & D 'Ko te Pouaka i te whārangi kāinga mai i nga huringa', he kaiwhakahaere ranei i to kaiwhakahaere pūnaha, kei te HijackThis tenei e whakatika.
O7 - Te whakaurunga Regedit i aukatia e te Kaiwhakahaere
He ahua penei:
O7 - HKCU Software Microsoft Windows CurrentVersion Policies \ Pūnaha, DisableRegedit = 1
He aha te mahi:
Kei te Whakanoho i nga wa katoaInei ka whakatika tenei, mehemea kaore i tohua e te kaiwhakahaere o te rorohiko tenei here.
O8 - He mea ano i roto i te tahua-matau IE
He ahua penei:
O8 - He kaupapa tahua horopaki atu: & Google Search - Res: // C: \ WINDOWS \ TAKATOKANGA KAUPAPA KAUPAPA \ GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL / cmsearch.html
O8 - He kaupapa tahua horopaki atu: Yahoo! Rapua - kōnae: /// C: \ Papatono Papatono \ Yahoo! \ Common / ycsrch.htm
O8 - He kaupapa tahua horopaki atu: Tohu & In - C: \ WINDOWS \ WEB \ zoomin.htm
O8 - He kaupapa tahua horopaki atu: Too o & ut - C: \ WINDOWS \ WEB \ zoomout.htm
He aha te mahi:
Mena kaore koe e mohio ana ki te ingoa o te mea i te tahua matau-matau i roto i te IE, kia HijackThis te whakatika.
O9 - Paerewa atu i te papautauta IE matua, nga taputapu ano i roto i te IE & # 39; Utu & # 39; tahua
He ahua penei:
O9 - Putanga atu: Messenger (HKLM)
O9 - He taputapu 'Tools' atu tahua: Messenger (HKLM)
O9 - Putanga atu: AIM (HKLM)
He aha te mahi:
Mena kaore koe e mohio ana ki te ingoa o te paatene, te tahua tahua ranei, tohua e HijackThis.
O10 - Nga hijackers
He ahua penei:
O10 - Te Uru Uru Ipurangi i te New.Net
O10 - Te Uru Uru Ipurangi na te mea he kaiwhakarato LSP 'c: \ progra ~ 1 \ common ~ 2 \ toolbar \ cnmib.dll' ngaro
O10 - Rauemi unknown i Winsock LSP: c: \ kōnae papatono \ newton mohio \ vmain.dll
He aha te mahi:
He pai ki te whakatika i enei ma te whakamahi i te LSPFix mai Cexx.org, ranei Spybot S & D mai Kolla.de.
Kia mahara ko nga kōnae 'unknown' i te papaa LSP kaore e whakaturia e HijackThis, mo nga take haumaru.
O11 - He roopu atu i roto i te IE & # 39; Kōwhiringa Arā Atu & # 39; matapihi
He ahua penei:
O11 - Rōpū Kōwhiringa: [CommonName] CommonName
He aha te mahi:
Ko te hijacker anake e rite ana inaianei ko te kapi i tana ake waahanga ki te matapihi IE Advanced Options he CommonName. Na ka taea e koe te HijackTe whakatika i tenei.
O12 - IE mono
He ahua penei:
O12 - Motu mo te .spop: C: \ Papatono Papatono Namahiko Ipurangi NPDocBox.dll
O12 - Motu mo .PDF: C: \ Papatono Papatono \ Internet Explorer PLUGINS \ nppdf32.dll
He aha te mahi:
Ko te nuinga o te wa kei te haumaru. Na anake OnFlow he mono i konei e kore e hiahia ana koe (.ofb).
O13 - IE DefaultPrefix hijack
He ahua penei:
O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
O13 - Whiriwhiringa WWW: http://prolivation.com/cgi-bin/r.cgi?
O13 - WWW. Taapiri: http://ehttp.cc/?
He aha te mahi:
He kino tonu enei. Kia HijackTenei te whakatika ia ratou.
O14 - & # 39; Tautuhi Tautuhinga Tukutuku me te # 39; hikack
He ahua penei:
O14 - IERESET.INF: START_PAGE_URL = http: //www.searchalot.com
He aha te mahi:
Mena ehara i te URL te kaiwhakarato o to rorohiko, o to ISP ranei, to HijackThis te whakatika.
O15 - Nga pae kore i te Rohe Whakaaetanga
He ahua penei:
O15 - Rohe Whakaaro: http://free.aol.com
O15 - Rohe Whakaaro: * .coolwebsearch.com
O15 - Rohe Whakaaro: * .msn.com
He aha te mahi:
Ko te nuinga o te wa anake a AOL me Coolwebsearch ka tautuhi noa i nga pae ki te Rohe Whakaaetanga. Mena kaore i whakauruhia e koe te rohe kua whakaruarangitia ki te Rohe Whakaorangia, ka whakamanahia e HijackThis.
O16 - Ahanoa ActiveX (he Rauemi Papatono Whakaekea)
He ahua penei:
O16 - DPF: Yahoo! Kōrero - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
He aha te mahi:
Mena kaore koe e mohio ana ki te ingoa o te ahanoa, ki te URL ranei i tangohia mai i a koe, na HijackThis tenei e whakatika. Mena kei te ingoa, kei te URL ranei nga kupu hei 'dialer', 'casino', 'free_plugin' me etahi atu, tino whakatika. Ko te SpywareBlaster Javacool he paataka nui o nga taonga ActiveX kino e taea ana te whakamahi hei titiro ake i nga CLSIDs. (Pāwhiri-matau i te rarangi hei whakamahi i te mahi Kimi.)
O17 - hijacks rohe Lop.com
He ahua penei:
O17 - HKLM \ System \ CCS \ Ratonga \ VxD MSTCP: Domain = aoldsl.net
O17 - HKLM Pūnaha \ CCS \ Ratonga \ Tipp \ Tautuhinga: Domain = W21944.find-quick.com
O17 - HKLM Software \ .. Telephony: DomainName = W21944.find-quick.com
O17 - HKLM \ System \ CCS \ Ratonga \ Tcpip \ .. \ {D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
O17 - HKLM \ System \ CS1 \ Ratonga \ Tcpip \ Tautuhinga: SearchList = gla.ac.uk
O17 - HKLM \ System \ CS1 \ Ratonga \ VxD MSTCP: NameServer = 69.57.146.14,69.57.147.175
He aha te mahi:
Mena kaore te rohe i to mai i to ISP , i to whatunga ratonga kamupene ranei, na HijackThis tenei e whakatika. Ka pera ano mo nga tuhinga a 'SearchList'. Mo te 'NameServer' (Ngā kaiwhakarato DNS ) nga whakaurunga, Google mo te IP, IP ranei, a he mea ngawari ki te kite mehemea he pai, he kino ranei.
O18 - Nga kawa kawa me nga hijackers kawa
He ahua penei:
O18 - Kawa: Relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C: \ PROGRA ~ 1 COMMON ~ 1 \ MSIETS \ msielink.dll
O18 - Kawa: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
O18 - Nga hikareti: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}
He aha te mahi:
He torutoru nga hijackers e whakaatu ana i konei. Ko nga hoahoa mohiotia ko 'cn' (CommonName), 'ayb' (Lop.com) me 'honohonohono' (Huntbar), me whai HijackThis ki te whakarite i aua. Ko etahi atu mea e whakaatu ake ana kaore i te haumaru, kei te ngaro ranei (penei kua huri te CLSID) na te torotoro. I roto i te take whakamutunga, kia HijackThis whakatika i te reira.
O19 - Whakairo i te momo kāhua o te kaiwhakamahi
He ahua penei:
O19 - Puka momo ritenga: c: \ WINDOWS \ Java \ my.css
He aha te mahi:
I roto i te take o te puhoi o te pūtirotiro, me te pakanga ake, ka HijackThis whakatika tenei tūemi mēnā kei te whakaatu i roto i te takiuru. Heoi, no te mea ko Coolwebsearch anake tenei, he pai ake te whakamahi CWShredder ki te whakatika.
O20 - AppInit_DLLs Waitohu Raraunga
He ahua penei:
O20 - AppInit_DLLs: msconfd.dll
He aha te mahi:
Ko tenei uara Raraunga kei HKEY_LOCAL_MACHINE Software Microsoft Windows NT \ CurrentVersion Windows e utaina ana i te DLL ki roto i te mahara i te wa e takiuru ana te kaiwhakamahi, ka mutu kei roto i te mahara tae noa ki te tohu. He torutoru noa nga papatono tika e whakamahi ana i a (Norton CleanSweep e whakamahi ana i te APITRAP.DLL), ko te nuinga o te wa e whakamahia ana e nga trojans, nga kaiwhakararu hikocker ranei.
I te mea ko te "DLL" huna i tenei uara (ka kitea anake ina whakamahia te 'Whakatika i te Raraunga Raraunga' i roto i Regedit) ka whakaurua te ingoa dll ki te paipa '|' kia kitea ai i roto i te takiuru.
O21 - ShellServiceObjectDelayLoad
He ahua penei:
O21 - SSODL - AUHOOK - {11566B38-955B-4549-930F-7B7482668782} - C: \ WINDOWS \ System \ auhook.dll
He aha te mahi:
He tikanga mana tenei kaore i te panui, he mea whakamahi noa i etahi waahanga Windows. Ko nga taonga i tuhia ki HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion ShellServiceObjectDelayLoad e utaina ana e Explorer ka timata a Windows. HijackE whakamahia ana e ia he whitelist o etahi mea SSODL noa rawa, no reira i te wa e whakaatuhia ana te mea i roto i te waitohu e kore e mohiotia, me te kino pea. Whakaaetia me te atawhai nui.
O22 - SharedTaskScheduler
He ahua penei:
O22 - SharedTaskScheduler: (no ingoa) - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c: \ windows \ system32 \ mtwirl32.dll
He aha te mahi:
He mana tenei mo te Windows NT / 2000 / XP anake, he iti rawa te mahi. Heoi ano ka whakamahia e CWS.Smartfinder. Me atawhai.
O23 - NT Ratonga
He ahua penei:
O23 - Ratonga: Kerio Whaiaro Whaiaro (PersFw) - Kerio Technologies - C: \ Papatono Papatono \ Kerio Paetukutuku Whaiaro \ persfw.exe
He aha te mahi:
Koinei te rarangi o nga ratonga kore-Microsoft. Ko te rarangi kia rite ki te mea e kitea ana e koe i roto i te whakamahi Msconfig o Windows XP. He maha nga hijackers trojan e whakamahi ana i te ratonga whare ki te whakauru atu ki etahi atu whakaoho ki te whakatikatika ia ratou ano. Ko te ingoa katoa he mea tino nui-tangi, pera i te 'Ratonga Haumarutanga Whatunga', 'Ratonga Tautuhinga Mahi' ranei 'Te Whakaaetanga Kaituku Aratau Mamao', engari ko te ingoa o roto (i waenga i nga karaka) he aho o te paru, penei ko 'Ort'. Ko te waahanga tuarua o te raina ko te kaipupuri o te kōnae i te mutunga, e kitea ana i roto i nga taonga o te kōnae.
Kia mahara ko te whakatika i tetahi mea O23 ka mutu te ratonga me te mono i te reira. Me whakakorehia te ratonga i te Rēhita me te taha atu ki tetahi taputapu. I te HijackThis 1.99.1 neke atu ranei, ka taea te whakamahi i te pātene 'Mukua te NT Ratonga' i roto i te wāhanga Utauta Misc mo tenei.