【求助】中了 PWSteal Trojan，該如何解 ?

[ding]

我的電腦中了PWSteal Trojan，該如何解 ? 我有使用Trojan remover，但掃描完電腦發現幾個地方有問題,
且其將某些檔案做了處理.

1. Key=Igg
ImagePath=C:\WINNT\system32\MDS.exe
改成 MDS.ex$

2. Error trying to process C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" for Trojans
Key=MDM
ImagePath="C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" - this reference has benn left in place

3. Error trying to process C:\WINNT\Fonts\PLUGINS\update.exe" for Trojans
Key=r server
ImagePath="C:\WINNT\Fonts\PLUGINS\update.exe" /service - this reference has been left in place

掃完重開機後,
使用terminal service 依然無法簽入,且畫面會出現無法登入使用者介面DLL kernelcode.dll, 請置換DLL 或更換為原來的DLL
且主機開機時會 Show 至少有一件週邊設備或驅動程式產生錯誤.

另外，再用norton antivirus來掃時，發現更多

Backdoor.Fluxay , Backdoor.Trojan 於

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\PipeCmd.exe

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\ControlService.exe

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\FluxaySensor.exe

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqIRcmd\SqIRcmd_Express\sqIrcmd.exe

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqIRcmd\SqIRCmd_Normal\SqIrcmd.exe

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\sqIrcmd.exe

C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Tools\IIS5Hack.exe

PWSteal.Trojan 於

C:\WINNT\Help\InstGina.exe

C:\WINNT\Help\Kernelcode.dll

C:\WINNT\system32\Kernelcode.dll

我要如何處理才能清掉這些呢?

此外，我用 the cleaner3 來掃時，出來的訊息為 :

FILE: C:\pagefile.sys

PROBLEM: I could not scan this file. Error Code 32: "程序無法存取檔案，因為檔案正由另一個程序使用。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\Fluxay47.exe

PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay4.7\PipeCmd.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Fluxay47.exe

PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\ControlService.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\FluxaySensor\FluxaySensor.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\PipeCmd.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqlRcmd\SqlRCmd_Express\sqlrcmd.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\SqlRcmd\SqlRCmd_Normal\sqlrcmd.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\sqlrcmd.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\Program Files\Internet Explorer\PLUGINS\NetXeyes\Tools\IIS5Hack.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\WINNT\Help\InstGina.exe

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\WINNT\Help\Kernelcode.dll

PROBLEM: I could not scan this file. Error Code 2: "系統找不到指定的檔案。"

SOLUTION: A common reason for this error is that the file was deleted before it could
SOLUTION: be scanned. This is not a serious problem and can safely be ignored. If the
SOLUTION: condition persists you should add the filename to the ignore list.

FILE: C:\WINNT\regedit.exe

PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\WINNT\system32\CMD.EXE

PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\WINNT\system32\inetsrv\MetaBase.bin

PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\WINNT\system32\Kernelcode.dll

PROBLEM: I could not scan this file. Error Code 5: "存取被拒。"

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

有沒有人可以幫忙呢? 快瘋了

[shauronglu]

http://securityresponse.symantec.com...ml#threat_list

輸入 PWSteal 看看如何解決

Fluxay47.exe 是流光

[聰明的豬]

我也中了

那全部都是英文的說~看不懂~~@@