This website requires Javascript to function properly. Please go to the setting of your web browser and enable Javascript for this website.

Ad by

推荐 OXIO 加拿大高速网络，最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

Ad by

推荐 OXIO 加拿大高速网络，最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

这个网站太可恶了! "http://drxcount.biz" 哪位兄弟身手好去黑了丫挺的! 我把中招经过和排错方法写出来,大家有个防备.

er3four5(惟朝夕刍米仆赁之资是)

症状:
IE的start page 被设成 http://drxcount.biz/index.php?aid=33. 每次重启都会重新设回来; RegEdit启动后自动退出; Norton Antivirus Realtime protect启动后自动退出.

解决方法: 我是用task manager 挨个杀可疑进程试出来的. 启动task manager, 把进程sys32.exe杀掉. 此时regedit可以正常使用了,在software-->microsoft-->windows-->currentversion-->runonce中有一项是windows configuration, 其值为"sys32.exe", 删除即可. 最好在run里也找找. 在系统\system32路径下,找到sys32.exe删除, 这不是系统文件, 是个木马.

现在回想起来, 这个文件可能是利用那种问你要不要安装某软件的Popup侵入的. 我一般不去读, 直接选No, 它可能利用了这一点, worded成选no就是安装. 虽然没有恶意破坏, 但这种行为太可恶了. 尤其是把antivirus给关掉了, 很容易染上病毒.

(#1605506@0)
Last Updated: 2004-2-15
This post has been archived. It cannot be replied.

Report

Replies, comments and Discussions:

工作学习 / IT技术讨论 / 这个网站太可恶了! "http://drxcount.biz" 哪位兄弟身手好去黑了丫挺的! 我把中招经过和排错方法写出来,大家有个防备. -er3four5(惟朝夕刍米仆赁之资是); 2004-2-15 {716} (#1605506@0)
症状:
IE的start page 被设成 http://drxcount.biz/index.php?aid=33. 每次重启都会重新设回来; RegEdit启动后自动退出; Norton Antivirus Realtime protect启动后自动退出.

解决方法: 我是用task manager 挨个杀可疑进程试出来的. 启动task manager, 把进程sys32.exe杀掉. 此时regedit可以正常使用了,在software-->microsoft-->windows-->currentversion-->runonce中有一项是windows configuration, 其值为"sys32.exe", 删除即可. 最好在run里也找找. 在系统\system32路径下,找到sys32.exe删除, 这不是系统文件, 是个木马.

现在回想起来, 这个文件可能是利用那种问你要不要安装某软件的Popup侵入的. 我一般不去读, 直接选No, 它可能利用了这一点, worded成选no就是安装. 虽然没有恶意破坏, 但这种行为太可恶了. 尤其是把antivirus给关掉了, 很容易染上病毒.

防备之策: -lubx(黑白世界*风云再起); 2004-2-15 {1853} (#1605970@0)
本文发表在 rolia.net 枫下论坛The first thing to do is to go to www.lavasoft.de and download a program called "Ad-aware" (it's free). Install it and update it's reference file (you'll see what I mean once you run the program).

Ad-aware will identify most spyware, and if you tick the relevant box, will remove it from your system. Make sure you tell it to do a deep scan, and to scan your Favourites folder.

To prevent you from inadvertently downloading spyware in future, you might like to go to www.zonelabs.com and download and install a program called "ZoneAlarm" (again it's free, but ZoneAlarm Pro is MUCH more comprehensive and not too expensive).

You should also check some of your settings in Internet Explorer. Go to the Tools menu, select Options, and click the Security tab. Ensure the options below are set correctly:

"Download unsigned ActiveX controls" - Disable
"Initialize and script ActiveX controls not marked as safe" - Disable
"File download" - Disable (NB you won't be able to download files with this setting, but unless you frequently download things it's easy to enable it again)
"Font download" - Disable (surely you've got all the fonts you need!)
"Java Permissions" - High safety
"Access data sources across domains" - Disable
"Installation of desktop items" - Prompt
"Software channel permissions" - High
"Allow paste operations via script" - Disable

Then click the Advanced tab, and scroll down to the last section - Security and make sure the following are ticked:

"Check for publisher's certificate recocation"
"Check for server certificate revocation"
"Warn about invalid site certificates"
"Warn if forms submittal is being redirected"

Hopefully this should get you surfing the net and reduce the chances of you downloading something you'd rather not!

Good Luck,

黑白世界更多精彩文章及讨论，请光临枫下论坛 rolia.net

thanks buddy, that's helpful in shutting those flies out -er3four5(惟朝夕刍米仆赁之资是); 2004-2-15 (#1606403@0)

还是经验不够呀。我一般都是直接关闭“那种问你要不要安装某软件的Popup”的窗口，不点任何button的。 -guestagain(guest again); 2004-2-15 (#1606003@0)

now I do not even touch them at all, just Alt+F4 -er3four5(惟朝夕刍米仆赁之资是); 2004-2-15 (#1606407@0)

@Calgary

这个网站太可恶了! "http://drxcount.biz" 哪位兄弟身手好去黑了丫挺的! 我把中招经过和排错方法写出来,大家有个防备.

Replies, comments and Discussions:

More Topics