Off topic: 提醒大家防堵間諜程式以保護個人隱私
Thread poster: stone118

stone118  Identity Verified
Taiwan
Local time: 10:54
English to Chinese
+ ...
Feb 1, 2006

各位朋友:

剛剛我掃了一下毒,發現我電腦被植入了近五十個間諜程式。我是聽說過許多網站為了營利,會跟 spyware 專家或公司簽約合作、或付出 spyware 的使用權利金,向每一個訪問其網站的 user 電腦植入 spyware, 以搜集使用者個人資料,目的在於向使用者發送「更精確的廣告訊息」。這是非常要不得的侵害個人隱私的行為,我今天若不掃毒,恐怕還不會發現我在莫知其情的情況下、早就被植上了這麼多的間諜程式!

拜趨勢科技 PCcillin 2006 最新版核心程式及最新病毒碼之賜,我終於揪出了這些間諜程式、還鎖定了它們是來自於哪些網站。注意了,您一定也拜訪過以下這些網站(或其中部份):real.com, realmedia.com, sohu.com, 3721.com, 163.com。我抓出來的完整清單列在此文最後一部份。

前兩部份則是對此間諜程式(Data Miner, 或稱 Tracking Cookie)的描述。


請各位若也有防毒軟體,勿忘更新至最新版後進行掃毒,將所有抓到的間諜程式手動<永遠刪除>;並將清單中的那些網站,盡量都列為拒絕往來戶,或去信向其表達嚴重抗議。清單中那些網站我從來都沒有主動拜訪過,都是那些跳出式瀏覽器視窗、那些不請自來的廣告信中夾帶的html或其他主動式程式,所帶來給我的;所以,也不妨在你的瀏覽器(至少 IE 有此功能,若無,你也可下載外掛程式以特別防堵跳出式視窗)設定「攔截」跳出式視窗。

(→可以下載 Google 工具列,即可自動攔截你一定也很討厭的那些跳出式視窗了)


祝各位電腦健康!人圓意滿! ^_^


stone
Feb 1 2006 Wed 2:15pm @Taipei

----------------------

Data Miners(Tracking Cookies)間諜程式資料及網站清單:



COOKIE_3130


廣泛傳播 : No

偵測報告 : Low


Description:

Data Miners (Tracking Cookies) are cookies that are used by two or more Web sites to track a user's Web habits for the purpose of providing the user with ads or other material that the user might be interested in.

Similar to adware, data miners can collect a user's information for a third party recipient.

This cookie is installed when you visit the following URL: "yimg.com"



Solution:

Minimum scan engine version needed: 6.810


Trend customers:

Keep your pattern file and scan engine updated. Trend Micro antivirus software can clean or remove most types of viruses. Certain viruses, such as Trojans, scripts, overwriting viruses and joke programs which are identified as "uncleanable", should simply be deleted.


All Internet users:

For a quick check-up of your PC, use HouseCall - Trend Micro's online virus scanner. This will check for viruses which may already be on your PC.
To keep your computer healthy by catching viruses before they have a chance to infect your PC or network, get the best antivirus solution available today. Trend Micro offers antivirus and content security solutions for home users, corporate users, and ISPs. To look through our entire product line, click here.


建立的描述: Aug 17, 2004

Copyright 1989-2005 Trend Micro, Inc. All rights reserved. Legal Notice and Privacy Policy



COOKIE_3182:


至少需要的掃描引擎版本 : 7.100


解決方案:

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest grayware pattern file and scan your system. Then, delete all files detected as COOKIE_3182.

--------

細節:

Data Miners (Tracking Cookies) are cookies that are used by two or more Web sites to track a user's Web habits by providing ads or other material users might be interested in.

Similar to adware, data miners collect a user's information for a third party recipients.

This cookie is installed when you visit the following URL:
statcounter.com

分析來自: Pastor Benjamin Cruz



COOKIE_3235 This cookie is installed when a target user visits the following URL:
casalamedia.com

COOKIE_6853 This data miner is installed on a system when an affected user accesses the following URL:
z1.adserver.com

COOKIE_3201 This cookie is installed when a target user visits the following URL:
belnk.com

COOKIE_3195(& 3196) This particular cookie is installed on a system when an unsuspecting user visits the Web site http://revenue.net.

COOKIE_3190(& 3191) This cookie is installed when you visit the following URL:
bs.serving-sys.com

COOKIE_3188(& 3189) This cookie is installed when you visit the following URL:
Server.iad.liveperson.net

COOKIE_3182 This cookie is installed when you visit the following URL:
statcounter.com

COOKIE_3163 This cookie is installed when you visit the following URL: "zedo.com"

COOKIE_3130 This cookie is installed when you visit the following URL: "yimg.com"

COOKIE_3117 This cookie is installed when you visit the following URL: "yadro.ru"

COOKIE_3081 This cookie is installed when you visit the following URL: "xiti.com"

COOKIE_3014 This cookie is installed when you visit the following URL: "webtrendslive.com"

COOKIE_2994 This cookie is installed when you visit the following URL: "weborama.fr"

COOKIE_2900 This cookie is installed when you visit the following URL: "valueclick.net"

COOKIE_2842 This cookie is installed when you visit the following URL: "tribalfusion.com"

COOKIE_2817 This cookie is installed when you visit the following URL: "trafficmp.com"

COOKIE_2574 This cookie is installed when you visit the following URL: "spylog.com"

COOKIE_2548 This cookie is installed when you visit the following URL: "sohu.com"

COOKIE_2346 This cookie is installed when you visit the following URL: "ru4.com"

COOKIE_2281 This cookie is installed when you visit the following URL: "realmedia.com"

COOKIE_2275 This cookie is installed when you visit the following URL: "real.com"

COOKIE_2250 This cookie is installed when you visit the following URL: "questionmarket.com"

COOKIE_2136 This cookie is installed when you visit the following URL: "pointroll.com"

COOKIE_2060 This cookie is installed when you visit the following URL: "overture.com"

COOKIE_1843 This cookie is installed when you visit the following URL: "moreover.com"

COOKIE_1802 This cookie is installed when you visit the following URL: "mediaplex.com"

COOKIE_1738 This cookie is installed when you visit the following URL: "hb.lycos.com"

COOKIE_1698 This cookie is installed when you visit the following URL: "list.ru"

COOKIE_1543 This cookie is installed when you visit the following URL: "imrworldwide.com"

COOKIE_1474 This cookie is installed when you visit the following URL: "hotrank.com.tw"

COOKIE_1469 This cookie is installed when you visit the following URL: "hotlog.ru"

COOKIE_1433 This cookie is installed when you visit the following URL: "hitbox.com"

COOKIE_1236 This cookie is installed when you visit the following URL: "focalex.com"

COOKIE_1198 This cookie is installed when you visit the following URL: "fastclick.net"

COOKIE_1020 This cookie is installed when you visit the following URL: "doubleclick.net"

COOKIE_878 This cookie is installed when you visit the following URL: "coremetrics.com"

COOKIE_722 This cookie is installed when you visit the following URL: "centrport.net"

COOKIE_650 This cookie is installed when you visit the following URL: "burstnet.com"

COOKIE_611 This cookie is installed when you visit the following URL: "bluestreak.com"

COOKIE_442 This cookie is installed when you visit the following URL: "atwola.com"

COOKIE_281 This cookie is installed when you visit the following URL: "advertising.com"

COOKIE_255 This cookie is installed when you visit the following URL: "adultfriendfinder.com"

COOKIE_238 This cookie is installed when you visit the following URL: "adtech.de"

COOKIE_222 This cookie is installed when you visit the following URL: "adserver.com"

COOKIE_48 This cookie is installed when you visit the following URL: "3721.com"

COOKIE_25 This cookie is installed when you visit the following URL: "163.com"

----------------------

[Edited at 2006-02-01 07:40]


Direct link Reply with quote
 

Jianjun Zhang  Identity Verified
United Kingdom
Local time: 03:54
English to Chinese
+ ...
推荐一个程序 Feb 1, 2006

Stone大姐,

您是否试过安装防火墙呢?除了WinXP的防火墙外,我还使用 Sygate Personal Firewall,也可以下载其他防火程序,这样可以挡住不少间谍程序的偷袭。另外,我的Avast!杀毒程序也很好。后者有免费版可下载。Avast!



stone118 wrote:

各位朋友:

剛剛我掃了一下毒,發現我電腦被植入了近五十個間諜程式。我是聽說過許多網站為了營利,會跟 spyware 專家或公司簽約合作、或付出 spyware 的使用權利金,向每一個訪問其網站的 user 電腦植入 spyware, 以搜集使用者個人資料,目的在於向使用者發送「更精確的廣告訊息」。這是非常要不得的侵害個人隱私的行為,我今天若不掃毒,恐怕還不會發現我在莫知其情的情況下、早就被植上了這麼多的間諜程式!

拜趨勢科技 PCcillin 2006 最新版核心程式及最新病毒碼之賜,我終於揪出了這些間諜程式、還鎖定了它們是來自於哪些網站。注意了,您一定也拜訪過以下這些網站(或其中部份):real.com, realmedia.com, sohu.com, 3721.com, 163.com。我抓出來的完整清單列在此文最後一部份。

前兩部份則是對此間諜程式(Data Miner, 或稱 Tracking Cookie)的描述。


請各位若也有防毒軟體,勿忘更新至最新版後進行掃毒,將所有抓到的間諜程式手動<永遠刪除>;並將清單中的那些網站,盡量都列為拒絕往來戶,或去信向其表達嚴重抗議。清單中那些網站我從來都沒有主動拜訪過,都是那些跳出式瀏覽器視窗、那些不請自來的廣告信中夾帶的html或其他主動式程式,所帶來給我的;所以,也不妨在你的瀏覽器(至少 IE 有此功能,若無,你也可下載外掛程式以特別防堵跳出式視窗)設定「攔截」跳出式視窗。

(→可以下載 Google 工具列,即可自動攔截你一定也很討厭的那些跳出式視窗了)


祝各位電腦健康!人圓意滿! ^_^


stone
Feb 1 2006 Wed 2:15pm @Taipei

----------------------

Data Miners(Tracking Cookies)間諜程式資料及網站清單:



COOKIE_3130


廣泛傳播 : No

偵測報告 : Low


Description:

Data Miners (Tracking Cookies) are cookies that are used by two or more Web sites to track a user's Web habits for the purpose of providing the user with ads or other material that the user might be interested in.

Similar to adware, data miners can collect a user's information for a third party recipient.

This cookie is installed when you visit the following URL: "yimg.com"



Solution:

Minimum scan engine version needed: 6.810


Trend customers:

Keep your pattern file and scan engine updated. Trend Micro antivirus software can clean or remove most types of viruses. Certain viruses, such as Trojans, scripts, overwriting viruses and joke programs which are identified as "uncleanable", should simply be deleted.


All Internet users:

For a quick check-up of your PC, use HouseCall - Trend Micro's online virus scanner. This will check for viruses which may already be on your PC.
To keep your computer healthy by catching viruses before they have a chance to infect your PC or network, get the best antivirus solution available today. Trend Micro offers antivirus and content security solutions for home users, corporate users, and ISPs. To look through our entire product line, click here.


建立的描述: Aug 17, 2004

Copyright 1989-2005 Trend Micro, Inc. All rights reserved. Legal Notice and Privacy Policy



COOKIE_3182:


至少需要的掃描引擎版本 : 7.100


解決方案:

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest grayware pattern file and scan your system. Then, delete all files detected as COOKIE_3182.

--------

細節:

Data Miners (Tracking Cookies) are cookies that are used by two or more Web sites to track a user's Web habits by providing ads or other material users might be interested in.

Similar to adware, data miners collect a user's information for a third party recipients.

This cookie is installed when you visit the following URL:
statcounter.com

分析來自: Pastor Benjamin Cruz



COOKIE_3235 This cookie is installed when a target user visits the following URL:
casalamedia.com

COOKIE_6853 This data miner is installed on a system when an affected user accesses the following URL:
z1.adserver.com

COOKIE_3201 This cookie is installed when a target user visits the following URL:
belnk.com

COOKIE_3195(& 3196) This particular cookie is installed on a system when an unsuspecting user visits the Web site http://revenue.net.

COOKIE_3190(& 3191) This cookie is installed when you visit the following URL:
bs.serving-sys.com

COOKIE_3188(& 3189) This cookie is installed when you visit the following URL:
Server.iad.liveperson.net

COOKIE_3182 This cookie is installed when you visit the following URL:
statcounter.com

COOKIE_3163 This cookie is installed when you visit the following URL: "zedo.com"

COOKIE_3130 This cookie is installed when you visit the following URL: "yimg.com"

COOKIE_3117 This cookie is installed when you visit the following URL: "yadro.ru"

COOKIE_3081 This cookie is installed when you visit the following URL: "xiti.com"

COOKIE_3014 This cookie is installed when you visit the following URL: "webtrendslive.com"

COOKIE_2994 This cookie is installed when you visit the following URL: "weborama.fr"

COOKIE_2900 This cookie is installed when you visit the following URL: "valueclick.net"

COOKIE_2842 This cookie is installed when you visit the following URL: "tribalfusion.com"

COOKIE_2817 This cookie is installed when you visit the following URL: "trafficmp.com"

COOKIE_2574 This cookie is installed when you visit the following URL: "spylog.com"

COOKIE_2548 This cookie is installed when you visit the following URL: "sohu.com"

COOKIE_2346 This cookie is installed when you visit the following URL: "ru4.com"

COOKIE_2281 This cookie is installed when you visit the following URL: "realmedia.com"

COOKIE_2275 This cookie is installed when you visit the following URL: "real.com"

COOKIE_2250 This cookie is installed when you visit the following URL: "questionmarket.com"

COOKIE_2136 This cookie is installed when you visit the following URL: "pointroll.com"

COOKIE_2060 This cookie is installed when you visit the following URL: "overture.com"

COOKIE_1843 This cookie is installed when you visit the following URL: "moreover.com"

COOKIE_1802 This cookie is installed when you visit the following URL: "mediaplex.com"

COOKIE_1738 This cookie is installed when you visit the following URL: "hb.lycos.com"

COOKIE_1698 This cookie is installed when you visit the following URL: "list.ru"

COOKIE_1543 This cookie is installed when you visit the following URL: "imrworldwide.com"

COOKIE_1474 This cookie is installed when you visit the following URL: "hotrank.com.tw"

COOKIE_1469 This cookie is installed when you visit the following URL: "hotlog.ru"

COOKIE_1433 This cookie is installed when you visit the following URL: "hitbox.com"

COOKIE_1236 This cookie is installed when you visit the following URL: "focalex.com"

COOKIE_1198 This cookie is installed when you visit the following URL: "fastclick.net"

COOKIE_1020 This cookie is installed when you visit the following URL: "doubleclick.net"

COOKIE_878 This cookie is installed when you visit the following URL: "coremetrics.com"

COOKIE_722 This cookie is installed when you visit the following URL: "centrport.net"

COOKIE_650 This cookie is installed when you visit the following URL: "burstnet.com"

COOKIE_611 This cookie is installed when you visit the following URL: "bluestreak.com"

COOKIE_442 This cookie is installed when you visit the following URL: "atwola.com"

COOKIE_281 This cookie is installed when you visit the following URL: "advertising.com"

COOKIE_255 This cookie is installed when you visit the following URL: "adultfriendfinder.com"

COOKIE_238 This cookie is installed when you visit the following URL: "adtech.de"

COOKIE_222 This cookie is installed when you visit the following URL: "adserver.com"

COOKIE_48 This cookie is installed when you visit the following URL: "3721.com"

COOKIE_25 This cookie is installed when you visit the following URL: "163.com"

----------------------

[Edited at 2006-02-01 07:40]


Direct link Reply with quote
 

stone118  Identity Verified
Taiwan
Local time: 10:54
English to Chinese
+ ...
TOPIC STARTER
to 建軍 Feb 1, 2006

Jianjun Zhang wrote:

Stone大姐,

您是否试过安装防火墙呢?除了WinXP的防火墙外,我还使用 Sygate Personal Firewall,也可以下载其他防火程序,这样可以挡住不少间谍程序的偷袭。另外,我的Avast!杀毒程序也很好。后者有免费版可下载。Avast!



建軍,謝謝你,我是趨勢科技產品的忠實用戶,買它的正版 PCcillin、每年付費 upgrade 會員資格,到今年已經四年了。以前跑資訊線做記者時,趨勢就是我很喜歡的一家公司,有氣魄有遠見有雄心有自信,重點是男/女老闆三位(他們是夫妻,還有一巨頭是其小姨子,妻妹)都是非常誠懇的人。記得我懷孕時仍跑線,他們夫妻是我採訪的台灣公司中唯一會溫暖詢問我何時生產的。我做資訊線記者四年,好處就是可以近身觀察那麼多的台灣的、以及世界各地來台灣做生意的資訊/電信業軟硬體廠商,從人的品質我就可以判斷他們產品的品質,實在是非常非常 rewarding 的一份工作。

我除了使用 PCcillin 防毒軟體,電腦中原本也啟用其 Firewall,但因與 XP 內建 Firewall 有衝突,最後我是只 enable XP 的 firewall。直到兩個月前我家中改用 wireless AP 做為 Gateway 後(家中有三台永久連網的電腦、還留一個無線 port 給 NB 用),才把原本接在 ADSL gateway 前端的趨勢出品的硬體防火牆給拆掉。這個硬體防火牆並不太好用,因為所有進來的資訊流它都會先掃描解析,所以會拖慢速度(已是可感的拖慢,所以算是很糟的了);又三不五時與某些常用網站的設定(例如某站某日新添了一則使用特殊語言的廣告)衝突,使我造訪某些網站產生困難。幸好換新 PC 時順便買了 DLink 的 Wireless AP,這台整合功能的 AP 亦可兼 gateway,從此就只靠 XP 內建 firewall、沒有別的可幫我擋惡意入侵程式了。

雖然如此,PCcillin 已經夠強了。我今天早上是先手動(平常都會自動,今天比較雞婆想自己掃毒) update 完 PCcillin 程式碼和病毒碼後手動掃毒,才掃出這些 spyware 來,不然前兩天才在排程中自動掃過毒的,那時還是很 clean 呢!但像 3721.com, sohu.com, 163.com 這幾個站明顯是前兩週我從大陸一些網站 download 某些軟體時自動跳出來的網站,就在我電腦中植下了 spy;所以我才很警覺啊!而且很慶幸今天是先 update 了才掃毒,不然還不白掃?跟前兩天一樣揪不出這些來??

總之,反正掃出來了就好,也更加提高了我的警覺性。本以為我這樣龜毛謹慎、天天照顧自己電腦的人不會遇到這類麻煩的,但從今天的經驗看來,凡事還是不要太過自以為高明才行哩!(否則最笨的人就會變成是那個自以為高明的人,呵呵~~


PS. 自從 Kevin 明確指出本人是位 elder female 後,我好像突然<獲得正名>了?哈哈哈~~~你們真的好可愛!!!


Direct link Reply with quote
 

stone118  Identity Verified
Taiwan
Local time: 10:54
English to Chinese
+ ...
TOPIC STARTER
我又中了個麻煩病毒,從 2/23 到今天 2/27 才解除 Feb 27, 2006

這支病毒 ADW_OURXIN.A 被我的最新版 PCcillin 攔下來,並予以隔離阻絕不使作惡;但因為它在我 registry 裏新加了許多機碼,並且以 .dll 的形式存在於 System32 檔案夾內,我自己實在拿它沒辦法;它的影響是:只要我開啟<我的電腦>或<檔案總管>、並在每一次新開一個 IE 視窗時,都會引發 PCcillin 將之攔截,導至系統運作速度嚴重被拖慢。

但 2/23 中毒當天,我就看到趨勢網站病毒資料庫裏,還沒有這支病毒的任何資料。 2/24 早上我連環 call 趨勢客服中心,又連續透過其客服網頁及我的 Outlook Express 寫了四封信強烈要求他們幫我找出解毒方法。最後在台北的客服工程師回信曰:已將你的問題送交國外工程師。於是我靜待覆音。

今午剛打算頂著超慢的電腦速度開始上工幹活兒,收到了趨勢的回信(如下所附),一看,哇!竟然要刪掉這麼多被這支毒強行硬加的機碼!少不得照指令操作完畢,再整理系統、再掃毒、再整理一次系統、重整硬碟、開機檢查,這下子下午就耗掉了三個小時,啥活兒也沒幹成。

不過,清理完畢後,現在我的系統運作速度,比過去四天<中毒甚深期>的速度至少快了三五倍,真是令人感到身輕如燕啊!


各位,若是你也覺得系統變慢了,不妨打開 editreg 程式檢查看看,你有沒有下面信中所提到的那些機碼?有的話,快刪吧!


-----------------

您好:

您之前所提出的問題是:

如何清除病毒ADW_OURXIN.A

您的問題答覆如下:

病毒名稱:ADW_OURXIN.A

詳細的病毒資訊請參考網址:

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_OURXIN.A&VSect=Sn


一、刪除病毒機碼值

1.點選 開始|執行,輸入"REGEDIT"按Enter.開啟登錄編輯器.

2.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>cfsbho.BHelper



3.左邊的視窗,刪除下列的資料夾
cfsbho.BHelper

4.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>cfsbho.BHelper.1


5.左邊的視窗,刪除下列的資料夾
cfsbho.BHelper.1

6.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>CLSID>{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}


7.左邊的視窗,刪除下列的資料夾
{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}

8.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>Interface>{CE82AFC1-5E4B-4F19-A3E3-4FFF55F3D279}



9.左邊的視窗,刪除下列的資料夾
{CE82AFC1-5E4B-4F19-A3E3-4FFF55F3D279}

10.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>TypeLib>{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}



11.左邊的視窗,刪除下列的資料夾
{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}

12.左邊的視窗,點選下列路徑:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Browser Helper Objects>{8A4280AD-9B37-4922-A51D-

73F3C3A32AF7}

13.左邊的視窗,刪除下列的資料夾
{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}


14.關閉登錄編輯器


15.重新開機,重新用PC-cillin再手動掃瞄一次電腦


----------------------------------------------------------

歡迎隨時利用常見問題集查詢您的問題
如有任何問題,請再與我們聯絡
趨勢科技
客戶服務部 敬上

國際網址:http://www.trend.com.tw
常見問題集:http://www.trend.com.tw/solutionbank/
地 址:台北市敦化南路二段 198號 8F


Direct link Reply with quote
 

Jianjun Zhang  Identity Verified
United Kingdom
Local time: 03:54
English to Chinese
+ ...
我的电脑也中毒了 :( Mar 11, 2006

我一向以安全为第一位,自以为防毒也做得相当出色,在十年之内还是第一次中毒。这次竟然被耍。

我的 XP Pro 是正版,补丁打到最新。防火墙经 Norton 网上测试完全无漏洞,防毒软件自动更新每日自动进行。但是...

因为使用 eMule,不幸被蠕虫乘虚而入,因为我有随时检查 eMule 共享目录的习惯,所以当天就发现已中毒,但将共享关闭后,过分信任自己的杀毒软件,以为既然没有报警,恐怕是小事一桩。不承想凡与上网有关的程序,IE、FireFox、MSN、Yahoo Messenger 乃至 FoxMail 崩溃频繁。现在只是用不理会弹出的错误信息对话框来勉强使用。幸好,此次中毒并未造成应用程序的破坏,不然正在做的一个项目受到影响就惨了。

总结:当心 eMule 等 P2P 免费软件的漏洞。病毒出现速度之快,总是超过防毒程序的更新。尽管我的防毒程序可以扫描 eMule 等多种 P2P 软件的信息流动,仍未发现这个较新的病毒。防毒应从自身做起,不可轻信任何防毒软件。

stone118 wrote:
這支病毒 ADW_OURXIN.A 被我的最新版 PCcillin 攔下來,並予以隔離阻絕不使作惡;但因為它在我 registry 裏新加了許多機碼,並且以 .dll 的形式存在於 System32 檔案夾內,我自己實在拿它沒辦法;它的影響是:只要我開啟<我的電腦>或<檔案總管>、並在每一次新開一個 IE 視窗時,都會引發 PCcillin 將之攔截,導至系統運作速度嚴重被拖慢。

但 2/23 中毒當天,我就看到趨勢網站病毒資料庫裏,還沒有這支病毒的任何資料。 2/24 早上我連環 call 趨勢客服中心,又連續透過其客服網頁及我的 Outlook Express 寫了四封信強烈要求他們幫我找出解毒方法。最後在台北的客服工程師回信曰:已將你的問題送交國外工程師。於是我靜待覆音。

今午剛打算頂著超慢的電腦速度開始上工幹活兒,收到了趨勢的回信(如下所附),一看,哇!竟然要刪掉這麼多被這支毒強行硬加的機碼!少不得照指令操作完畢,再整理系統、再掃毒、再整理一次系統、重整硬碟、開機檢查,這下子下午就耗掉了三個小時,啥活兒也沒幹成。

不過,清理完畢後,現在我的系統運作速度,比過去四天<中毒甚深期>的速度至少快了三五倍,真是令人感到身輕如燕啊!


各位,若是你也覺得系統變慢了,不妨打開 editreg 程式檢查看看,你有沒有下面信中所提到的那些機碼?有的話,快刪吧!


-----------------

您好:

您之前所提出的問題是:

如何清除病毒ADW_OURXIN.A

您的問題答覆如下:

病毒名稱:ADW_OURXIN.A

詳細的病毒資訊請參考網址:

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_OURXIN.A&VSect=Sn


一、刪除病毒機碼值

1.點選 開始|執行,輸入"REGEDIT"按Enter.開啟登錄編輯器.

2.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>cfsbho.BHelper



3.左邊的視窗,刪除下列的資料夾
cfsbho.BHelper

4.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>cfsbho.BHelper.1


5.左邊的視窗,刪除下列的資料夾
cfsbho.BHelper.1

6.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>CLSID>{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}


7.左邊的視窗,刪除下列的資料夾
{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}

8.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>Interface>{CE82AFC1-5E4B-4F19-A3E3-4FFF55F3D279}



9.左邊的視窗,刪除下列的資料夾
{CE82AFC1-5E4B-4F19-A3E3-4FFF55F3D279}

10.左邊的視窗,點選下列路徑:
HKEY_CLASSES_ROOT>TypeLib>{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}



11.左邊的視窗,刪除下列的資料夾
{B46D3E4A-3F54-497D-AFFD-464AAE8098EF}

12.左邊的視窗,點選下列路徑:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Browser Helper Objects>{8A4280AD-9B37-4922-A51D-

73F3C3A32AF7}

13.左邊的視窗,刪除下列的資料夾
{8A4280AD-9B37-4922-A51D-73F3C3A32AF7}


14.關閉登錄編輯器


15.重新開機,重新用PC-cillin再手動掃瞄一次電腦


----------------------------------------------------------

歡迎隨時利用常見問題集查詢您的問題
如有任何問題,請再與我們聯絡
趨勢科技
客戶服務部 敬上

國際網址:http://www.trend.com.tw
常見問題集:http://www.trend.com.tw/solutionbank/
地 址:台北市敦化南路二段 198號 8F


Direct link Reply with quote
 
Han Li  Identity Verified
China
Local time: 10:54
English to Chinese
+ ...
手动关闭一些端口 Mar 11, 2006

转载一篇关闭端口的文章,我的个人实践证明(当然也是无数网友的经验),关闭一些不必要的端口对系统安全很有作用,关闭端口的方法除了下面的xp系统自身程序关闭外,还可以在一些防火墙中关闭,我用的是金山网镖,可以在其中关闭一些端口。
也吹牛一下,我的系统还从来没染过毒。:)
不过这话可不敢在一些电脑论坛说,你的系统防护再好,在某些高手面前几分钟就完了。曾经在一个论坛看到一个网友发帖,说自己系统防护特好,请高手看能否攻破他的防护,结果不到一分钟就不行了。

不管怎么说,我们能做的只是以防为主。

[color=Red]文章整理:Kinki's Blog[/color]

为防止漏洞攻击,把系统不用的端口都关闭掉,然后从新启动。
注:关闭的端口有,135,137,138,139,445,1025,2475,3127,6129,3389,593,还有tcp.
具体操作如下:
默认情况下,Windows有很多端口是开放的,在你上网的时候,网络病毒和黑客可以通过这些端口连上你的电脑。为了让你的系统变为铜墙铁壁,应该封闭这些端口,主要有:TCP 135、139、445、593、1025 端口和 UDP 135、137、138、445 端口,一些流行病毒的后门端口(如 TCP 2745、3127、6129 端口),以及远程服务访问端口3389。下面介绍如何在WinXP/2000/2003下关闭这些网络端口:
第一步,点击“开始”菜单/设置/控制面板/管理工具,双击打开“本地安全策略”,选中“IP 安全策略,在本地计算机”,在右边窗格的空白位置右击鼠标,弹出快捷菜单,选择“创建 IP 安全策略”(如右图),于是弹出一个向导。在向导中点击“下一步”按钮,为新的安全策略命名;再按“下一步”,则显示“安全通信请求”画面,在画面上把“激活默认相应规则”左边的钩去掉,点击“完成”按钮就创建了一个新的IP 安全策略。
第二步,右击该IP安全策略,在“属性”对话框中,把“使用添加向导”左边的钩去掉,然后单击“添加”按钮添加新的规则,随后弹出“新规则属性”对话框,在画面上点击“添加”按钮,弹出IP筛选器列表窗口;在列表中,首先把“使用添加向导”左边的钩去掉,然后再点击右边的“添加”按钮添加新的筛选器。
第三步,进入“筛选器属性”对话框,首先看到的是寻址,源地址选“任何 IP 地址”,目标地址选“我的 IP 地址”;点击“协议”选项卡,在“选择协议类型”的下拉列表中选择“TCP”,然后在“到此端口”下的文本框中输入“135”,点击“确定”按钮(如左图),这样就添加了一个屏蔽 TCP 135(RPC)端口的筛选器,它可以防止外界通过135端口连上你的电脑。
点击“确定”后回到筛选器列表的对话框,可以看到已经添加了一条策略,重复以上步骤继续添加 TCP 137、139、445、593 端口和 UDP 135、139、445 端口,为它们建立相应的筛选器。
重复以上步骤添加TCP 1025、2745、3127、6129、3389 端口的屏蔽策略,建立好上述端口的筛选器,最后点击“确定”按钮。
第四步,在“新规则属性”对话框中,选择“新 IP 筛选器列表”,然后点击其左边的圆圈上加一个点,表示已经激活,最后点击“筛选器操作”选项卡。在“筛选器操作”选项卡中,把“使用添加向导”左边的钩去掉,点击“添加”按钮,添加“阻止”操作(右图):在“新筛选器操作属性”的“安全措施”选项卡中,选择“阻止”,然后点击“确定”按钮。
第五步、进入“新规则属性”对话框,点击“新筛选器操作”,其左边的圆圈会加了一个点,表示已经激活,点击“关闭”按钮,关闭对话框;最后回到“新IP安全策略属性”对话框,在“新的IP筛选器列表”左边打钩,按“确定”按钮关闭对话框。在“本地安全策略”窗口,用鼠标右击新添加的 IP 安全策略,然后选择“指派”。
于是重新启动后,电脑中上述网络端口就被关闭了,病毒和黑客再也不能连上这些端口,从而保护了你的电脑。


Direct link Reply with quote
 
Han Li  Identity Verified
China
Local time: 10:54
English to Chinese
+ ...
一个有用的小程序xp-AntiSpy Mar 11, 2006

http://xp-antispy.org/index.php?option=com_remository&func=sellang&iso=zh_cn
大家下载下面的免安装版就可以了,看看有用没有?其中有一项“网络中隐藏计算机”就挺好。


Direct link Reply with quote
 
Han Li  Identity Verified
China
Local time: 10:54
English to Chinese
+ ...
emule上的间谍服务器 Mar 12, 2006

使用emule的朋友注意了,网友认为一些电驴服务器可能是间谍服务器,
stone大姐发帖时没有引起我的注意,待到Jian Jun发帖说是从emule上染了蠕虫后,我从一些emule上论坛上一搜,才发现一些电驴服务器以服务器之名,行间谍之实。我以前都是连的这些服务器,从没发现问题,我以前也连过Razorback 2.0,也没有发现问题,现在这个服务器已经消失,下面所指的可能是Razorback 2.X的服务器。我没有感染的原因可能是因为我没有连那些不熟悉的服务器的原因。

特别提醒:
Sonny Boy系列,Razorback系列,Byte Devils系列等IP为64.35.*.*的服务器均为假服务器,切勿连接!。

推荐服务器:
DonkeyServer No1-6:62.241.53.*:4242
BiG BanG 1-11:80.239.200.*:3000

[Edited at 2006-03-12 01:34]


Direct link Reply with quote
 

stone118  Identity Verified
Taiwan
Local time: 10:54
English to Chinese
+ ...
TOPIC STARTER
真奇怪,這個題目的回覆不會自動送至我信箱? Mar 12, 2006

謝謝建軍及小韓的後續補充與關注!!我想最初我連中五十幾支 spyware,絕對是與使用 eMule 有關;幸而從那次十天使用 eMule 後我也不再需要藉助此一軟體。

有個小問題不知為何,我勾的是整個中文討論區只要有新發言新回應都會通知我,最近也照收到其他帖子的更新通知,獨獨這一題兩位的發言卻完全沒接到通知;不知這是怎麼回事?

是 Off-topic 的題目的差別待遇嗎?!

也不對呀!小然開的那帖關於買車的話題,我也有收到通知啊!為何就獨漏本題呢?實在搞不懂!

[Edited at 2006-03-12 04:14]


Direct link Reply with quote
 
Han Li  Identity Verified
China
Local time: 10:54
English to Chinese
+ ...
真不好意思 Mar 12, 2006

stone大姐,真对不起,没有早点告诉你,因为我用emule时,整天开机都没有碰到这些情况,所以根本就想不到这些问题,我也是昨晚睡觉时才想起来,早上一起床,就马上到那个论坛一查,才知道这些,就赶快发上来。现在我还是天天开着,也没有发现什么不对劲。
防火墙和杀软一个都不能少,大家还要根据自己的情况关闭一些端口和系统服务。


Direct link Reply with quote
 

Jianjun Zhang  Identity Verified
United Kingdom
Local time: 03:54
English to Chinese
+ ...
repeated Mar 15, 2006



[Edited at 2006-03-15 13:09]


Direct link Reply with quote
 

Jianjun Zhang  Identity Verified
United Kingdom
Local time: 03:54
English to Chinese
+ ...
I'm back! Mar 15, 2006

At last I finished my project and reinstalled Win XP Pro. I am now secured by Sygate Personal Firewall Pro, which I have been using and a newly recruited Norton Internet Security Software.

Actually, when you have a firewall correctly set up and your anti-virus software updated every time there's a new signature or definition file, the unnecessary ports on your system should have already been shut down and safeguarded.

What I have been suggesting is to take care NOT to trigger any malicious or suspicious ware yourself like what I possibly did. No software can save you from infection if you happen to activate something very new (newer than antivirus updates) and harmful to your system.

I promised to myself that I won't use anything unrelated to my work on the two systems I have from now on.


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

提醒大家防堵間諜程式以保護個人隱私

Advanced search






WordFinder
The words you want Anywhere, Anytime

WordFinder is the market's fastest and easiest way of finding the right word, term, translation or synonym in one or more dictionaries. In our assortment you can choose among more than 120 dictionaries in 15 languages from leading publishers.

More info »
Anycount & Translation Office 3000
Translation Office 3000

Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs