杭州电脑保姆
发消息 留言 加为好友
用户公告
各位网友好:
    特此申明:本站纯属个人爱好网站,无任何赢利目的,如有涉及侵权-请留言提醒,一定马上删除!
    本站最佳浏览分辨率= 1024 X 768 !
搜索BLOG文章
网友IP追踪



最新评论
·OK656 PSID:230790540 ..
·ok208 PSID:237929202 ..
·PSID:206158181, 开机密..
·PSID:206158181,开机密..
·ok668 qq634700963 6347..
博客基本信息
用户名: lankong
等级: 大学生
在线时间: 4153 分钟
日志总数: 410
评论数量: 448
访问次数: 331192
建立时间: 2007-06-22
友情链接
博客浙江帮助
手机游戏下载
天气预报查询
列车时刻查询
车辆违法查询
各地车牌查询
手机号码查询
手机价格型号
网站排名查询
身份证号验证
免费在线翻译
货币汇率兑换
各种单位转换
阴阳转换功能
简体繁体转换
机票价格时间
五笔编码查询
论坛转贴工具
EMS邮政查询


XML RSS 2.0 WAP
ladyspark.cn
100jz.com
lovegirl.org.cn
digistalstreet.net.cn
我的日志
作者: lankong 复制 收藏
AntiVirGear 国外流氓软件(清除指导)更新2007-11-13

怎样清除国外流氓软件AntiVirGear (清除指导)

from:bleepingcomputer.com 
 
怎样清除国外流氓软件AntiVirGear (清除指导) 
电脑侠客翻译http://hi.baidu.com/dnxk 
 
流氓简历: (症状看图就行了,不翻译了) 
 
AntiVirGear is a rogue anti-spyware program which is installed via Zlob Trojan infections. Zlob Trojans are malware which masquerade as video or audio codecs which state they are required to be installed if you want to watch a particular movie or listen to a particular audio file found on the Internet. In reality, these files will instead install the AntiVirGear program as well as other malware onto your computer. These installations are typically done behind the scenes without your permission or knowledge. 
 
When the Zlob infection is first launched on your computer it will display fake security alerts and automatically download the AntiVirGear program. When AntiVirGear has finished installing, it will automatically launch and scan your computer for spyware. When it has finished it will display a list of exaggerated or fake results and require you to purchase the full software in order to remove them. These results, though, are fake and are being used as a method to scare you into purchasing the software. Regardless of what this program displays, you should not purchase AntiVirGear. A screenshot of AntiVirGear can be found below. 
 
 
 

 
AntiVirGear Screenshot

 
 
 
As said previously when the Zlob infection is started it will display fake security alerts in your Windows taskbar. These alerts will say there is a problem with your computer or infected with malware. These alerts are all false and are just being used to scare you into purchasing the software. If you click on the alert, it will automatically launch AntiVirGear and do a scan. The current text of the fake security alert is: 
 
System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution. 
 
An example of the fake alert is shown below: 
 
 

 
AntiVirGear Fake Security alert

 
 
 
This guide will remove the Zlob Trojan which displays the fake security alerts, the AntiVirGear program, and other malware that are typically installed with these programs.  
 
需要用到的修复工具:
 
在HijackThis日志中可以看到以下项: 
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://ffinder.com/ 
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http ://ffinder.com/ 
 
O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\system32\ieffse32.dll 
 
O4 - HKLM\..\Run: [AntiVirGear 3.7] "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h 
 
O4 - HKLM\..\Run: [AntiVirGear 3.8] "C:\Program Files\AntiVirGear 3.8\AntiVirGear 3.8.exe" /h 
 
*O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll 
 
**O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - C:\WINDOWS\system32\jrpkmgh.dll 
 
*注意: 不要手工删除这个文件. 会有几个关联的类似文件 (例如 laf2.dll 或 laf3.dll) 
 
**注意: 此项为随机文件名,经常变动。 
控制面板中添加/删除程序里面可以看到:  
 
AntiVirGear 3.7 
AntiVirGear 3.8 
 
 
指导更新记录:  
 
09/14/07 - Initial guide creation. 
09/25/07 - Updated guide to remove symptoms and LSP infection. LSP infections are a new attack vector for Zlob installed Rogues. 
09/27/07 - Guide updated to include new LSP removal instructions. 
09/28/07 - Removed LSP instructions as SmitFraudFix now removes them. 
09/29/07 - Updated guide for the AntiVirGear 3.8 version. 
 
 
选择你喜欢的清除方法:  
 
 
利用工具自动清除AntiVirGear: 现在已经把AntiVirGear 彻底清除了! 
 
如果还有问题,扫个hjt日志吧 
 
 
手工清除 AntiVirGear:  
 
这些步骤看起来很繁琐,但做起来相当简单. 

 
现在 AntiVirGear 被清除了. 
电脑侠客翻译http://hi.baidu.com/dnxk 
 
 
注:最新版smifraudfix和中文操作说明请到电脑侠客E盘下载。 
 
地址:http://ljs3509.ys168.com      专杀工具2目录中。文件名:SmitFraudFix清除国外流氓软件.rar 

原创文章如转载,请注明:转载自滨江区电脑维修_杭州电脑保姆 [ http://yzw.blog.zj.com/ ]
本文链接地址:http://yzw.blog.zj.com/blog/d-167270.html

TAG: 电脑中毒修复
相关文章
文章评论1条回复
[guest] 评论于2008-02-02 22:29
评分:5
给文章评分
评分: -5 -3 -1 - +1 +3 +5
我来说两句
认证码* 看不清,就点我! 输入四位字母或数字
(您还没有登录,登录发表)
粗体 斜体 下划线 插入url链接 飞行字 移动字