|
查看: 833|回复: 4
|
[病毒 求救] Backdoor.Coreflood
[复制链接]
|
|
|
我室友今天一打开IE的时候,NAV 就跳出来说detect到 Backdoor.Coreflood这个virus
位置在D:WINDOWS\System32\msjem40q.dll
然后电脑的运行速度突然间就变得超级地慢
根本就开不到任何程式
他使用的是winXP
我上Symantec的网站就找到了关于它的资料,是一种木马:
http://securityresponse.symantec ... door.coreflood.html
我找它所给的方法去做,但是根本就移除不了
照symantec那便文章所说:
The Trojan consists of two parts:
A .exe file, which is the loader.
A .dll file, which contains the primary code.
我有试过用win98移除掉D:WINDOWS\System32\msjem40q.dll
但是当我再进回winXP的时候,那个dll还是存在
dll file已知道是msjem40q.dll,但是我找不出是哪一个exe和它有关
如果找得出那个exe并将之移除的话是不是就可以解决了呢?
希望高手指点一下 |
|
|
|
|
|
|
|
|
|
|
|
发表于 5-7-2004 10:54 PM
|
显示全部楼层
根据"Removal Instructions" 所给步骤做..
1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Restart the computer in Safe mode or VGA mode.
4.Run a full system scan and delete all the files detected as Backdoor.Coreflood.
5.Delete the value that was added to the registry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 6-7-2004 12:52 AM
|
显示全部楼层
不行,delete不了
说program正在运行
而且NAV只detect到dll,没detect到exe
而且registry里(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )根本没有msjem40q的value
怎办? |
|
|
|
|
|
|
|
|
|
|
|
发表于 6-7-2004 04:27 AM
|
显示全部楼层
|
按着 HKEY_LOCAL_MACHINE , right click , 用 Find 找 "msjem40q.dll" 看看.. |
|
|
|
|
|
|
|
|
|
|
|
发表于 6-7-2004 10:00 AM
|
显示全部楼层
u must do it in safe mode, and u can't use 98 to scan xp, cause some folder it won't scan...
CK. |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
2372 
33
