MozTW 討論區 :: 檢視主題

Look2me infection is going to need a special tool to remove it.

Please download Look2Me-Destroyer.exe by Atribune to your desktop.

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

發表人:	kt1031 [ 2006-08-01, 20:49 ]
文章主題 :	安左用唔到?!
本人由於近日不知為何經常彈廣告出來, (如圖) 上yahoo都狂彈, 搞到部機勁慢, 已用過Ad-aware 6 , Spybot - Search & Destroy ,超級兔子 , ＧＯＯＧＬＥ/yahoo　工具列等都不行呢~ 所以想轉用Firefox... 但安了後不知為何用不到 =.= 請問要移取IE嗎? 如何將「我的最愛」及其他各種設定資料從 Internet Explorer 匯入 Firefox?

發表人:	parisian [ 2006-08-01, 21:14 ]
文章主題 :
kt1031 寫: 本人由於近日不知為何經常彈廣告出來, 上yahoo都狂彈, 搞到部機勁慢, 已用過Ad-aware 6 , Spybot - Search & Destroy ,超級兔子 , ＧＯＯＧＬＥ/yahoo　工具列等都不行呢~ 所以想轉用Firefox... 但安了後不知為何用不到 =.= 請問要移取IE嗎? 如何將「我的最愛」及其他各種設定資料從 Internet Explorer 匯入 Firefox? 總覺得你電腦裡面還是有動態連結的Malware，這種要用補殺器是很難辨識出來，最好再用HijackThis以人工的方式追查一下，否則安裝什麼瀏覽器都沒有用，它還是可以彈出來。先查殺確定沒有了，安裝Firefox，在一開啟它就會提示你要不要匯入「我的最愛」，安裝好再補個adblock套件應該大部分都擋的掉，不好擋的好像只有M$寫的MSN廣告、match.com...還能彈出來幾乎都是M$寫的。

發表人:	kt1031 [ 2006-08-01, 22:04 ]
文章主題 :
請問那些要del? 還有如何del? =.= 十萬分感謝~ 請到 : http://hk.geocities.com/jason10312008/hijackthis.log

發表人:	parisian [ 2006-08-01, 22:30 ]
文章主題 :
C:\WINDOWS\system32\mv2sl9f71.dll--->這個就是木馬在「執行」下面先把它釋放： regsvr32.exe /u %windir%/system32/mv2sl9f71.dll 然後去直接把它砍掉。萬一砍不掉（應該是不會），就用Windows安全模式進去砍。

發表人:	kt1031 [ 2006-08-01, 23:06 ]
文章主題 :
應該砍了呢, 但還是這樣 =.= 還有其他嗎...? http://hk.geocities.com/jason10312008/hijackthis.log

MozTW 討論區 https://forum.moztw.org/

安左用唔到?! https://forum.moztw.org/viewtopic.php?f=2&t=15054	第 1 頁 (共 1 頁)

發表人:	parisian [ 2006-08-02, 04:50 ]
文章主題 :
C:\WINDOWS\system32\q6860glse6q60.dll<----這個也是木馬。不過第一次你貼出來時，好像沒有看到這項。 ------------------------------------------------- 補充：如果砍掉後重新開機Windows會向你說找不到q6860glse6q60.dll，就到HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify下面看看是不是有q6860glse6q60.dll，把它一起也刪掉就不會了。

發表人:	kt1031 [ 2006-08-02, 21:01 ]
文章主題 :
嗯, 不過都係有網彈出來, (不過已少了很多 ^^) 如圖: http://hk.geocities.com/jason10312008/111111.JPG 如圖 :http://hk.geocities.com/jason10312008/222222.JPG http://www.yourtruths.com/t9181093.html MATCH.COM <--甚麼交友唔知點解全部都係t9181093尾 =.= 還有上面的hijackthis連結已更新, en6sl1j71.dll是木馬嗎?

發表人:	parisian [ 2006-08-03, 00:21 ]
文章主題 :
kt1031 寫: 唔知點解全部都係t9181093尾 =.= 還有上面的hijackthis連結已更新, en6sl1j71.dll是木馬嗎? mv2sl9f71.dll也是木馬。看它命名特徵和en6sl1j71.dll相同，應是利用某個程式啟動後自動generate出來的。你先把所有BHO拿掉看看，我看你的run裡面應該沒什麼問題。你先觀察看，如果砍掉它之後，重開機，什麼事都不要進行，HijackThis一下，會不會有這個亂數型態的dll。如果有的話，連目前run裡面的程式都可疑了。如果在啟動後沒看見，是啟動IE之後才再生，就要先追查你安裝的那幾個BHO，我認為最好是先都拿掉比較好。 match.com是微軟投資的交友網站。

發表人:	parisian [ 2006-08-03, 01:12 ]
文章主題 :
kt1031 寫: 如圖: http://hk.geocities.com/jason10312008/111111.JPG 如圖 :http://hk.geocities.com/jason10312008/222222.JPG 我從你被帶領去的這個http://www.broadcastsnews.com網站倒過頭來查，Ad-Aware網站上說這個malware叫做Look2Me，你拉到頁面最下邊可以看到他們提供一個Look2Me-Destroyer.exe專殺工具可用。你試看。 Lavasoft 寫: Look2me infection is going to need a special tool to remove it. Please download Look2Me-Destroyer.exe by Atribune to your desktop. * Close all windows before continuing. * Double-click Look2Me-Destroyer.exe to run it. * Put a check next to Run this program as a task. * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. * Once it's done scanning, click the Remove L2M button. * You will receive a Done Scanning message, click OK. * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. * Your computer will then shutdown. * Turn your computer back on. * Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log. If Look2Me-Destroyer does not reopen automatically, reboot and try again.

發表人:	kt1031 [ 2006-08-03, 21:02 ]
文章主題 :
感謝 ^^ 現在沒彈出來了 ~

第 1 頁 (共 1 頁)	所有顯示的時間為 UTC + 8 小時
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/