-
Linabbs's blog- website redirect and anti-virus won?t run
- Can?t update AVG or go to Windows update page
- Cannot access anti-virus websites
- [Active] Sinowal.Trojan and a few Others
- [Resolved] newly file added to pendrive keep continue being deleted
- [InActive] Does Anyone know what foxcglm.exe is?
- IE and Firefox will not Start after Virus Removal
- [Active] IE and Firefox not running apparent virus / malware issue
- [ACTIVE]Slow Running Computer
- [Active] Microsoft download blocked Google links hijacked.
Jan
4
rundll32.exe
Filed Under Virus | Leave a Comment
为什么我的用户进程里有两个rundll32.exe?
你下个冰刃,看看这两个进程的映像文件有没有问题,如果在system32下就是正常的,但也有的是注入DLL的,你注意看一下命令行是什么,就可以分出那个是正常的了。
把不是正常的rundll32.exe结束掉,再去删除注入的DLL。在注册表中搜索DLL的名并删除掉。
Dec
26
Trojan-psw.win32.onlineganme
Filed Under Virus | Leave a Comment
Trojan-psw.win32.onlineganme是什么病毒?
(1) 关闭病毒进程
(2) 删除病毒文件
%WINDIR%\Intel\rundll32.exe
%system32%\ztdll.dll
(3) 删除病毒添加的注册表项:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
键值: 字串: “rzt”=”C:\WINDOWS\Intel\rundll32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77\
键值: 字串: “CurrentCacheFile “=”C:\WINDOWS\SoftwareDistribution\EventCache\ {A4224788-4510-4E55-88CA-F03B373DED69}.bin”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BITS\0000\Control\
键值: 字串: “ActiveService “=”BITS”
Dec
20
WanSo
Filed Under Virus | Leave a Comment
启动文件夹里有个WanSo,这是什么东西!
目标是C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\WANSO\Player.dll,Always
这是什么文件,有什么作用~!
删除后,下次重启又会出来~用360安全卫士查杀恶意软件没什么问题!用卡巴查也很正常!
一看就是病毒。我想你删除启动项是没用的,应该在服务里面,在运行中输入services.msc进入服务。然后找到它,弄成已禁止,再停止,之后删除文件就可以了。