找回密码
 注册

QQ登录

只需一步,快速开始

查看: 1711|回复: 33
收起左侧

紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

[复制链接]

该用户从未签到

发表于 2004-12-7 10:48 | 显示全部楼层 |阅读模式
前几天开始,主页被www.zhaowo8.com 篡改
用了超级兔子,虽然临时删除了,但是一启动机器,IE又被篡改
后用3721,启动了IE保护,重新启动机器后,IE没有再被篡改
可是发现我经常去的二个文学网站,再也打不开来,一打开,网页就变成该恶意网站页面
而且地址栏里显示的依旧是我想打开的网站地址,在启动3721IE保护之前,这个问题就存在了。
真是晕死了
刚才打开其中一个中文网站时,电脑发出安全警报,说是mshta.exe试图将WWW.zhaowo8.com改成主页
我在资源管理器中搜索了包含这个执行程序的文件夹,发现一个执行程序,几个DLL程序和若干个文本程序,这些东东我是不是都该把它删除?
对了,前面试过搜索包含WWW.zhaowo8.com的文件,但是找寻不到。
晕啊晕,怎么才能恢复那二个文学网站啊,SOS~~~~

该用户从未签到

 楼主| 发表于 2004-12-7 10:50 | 显示全部楼层

紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

不知道我的表达清楚不清楚,主要是想恢复那二个文学网站啊,倒S了~~~~~~
回复 支持 反对

使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-7 10:54 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    干脆换一个浏览器得了,微软的ie真的是垃圾。
    http://bbs.shiandci.net/cgi-bin/lb5000/topic.cgi?forum=8&topic=2648&show=0
    去这里下载myie吧,随便人家怎么修改主页,我还是看我的,因为根本就是没有什么主页这一说法^_^
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-7 11:16 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    先倒一下~~~~~~
    首先啊,斑斑你那个链接失效了
    其次啊,偶在网上下了MYIE,那个恶意网站是不出现了,但是那二个文学网站还是无法找到网页,晕啊晕啊,怎么回事啊~~~~~~~~~
    哭S啊,斑斑你可要帮偶啊~~~~~~~~~~~~~~~
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-7 11:26 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    你先把你的眼泪擦干,我最怕人家哭了。
    你把你需要打开的网站网址给我,我来找个计算机中毒一下试试看才知道怎么去清除。
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-7 11:32 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    晕倒,我打不开那个网站啊。这样吧,你进入注册表,搜索zhaowo8这个,找到后都删除了
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-7 11:40 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    下面引用由吟风听月2004/12/07 11:32am 发表的内容:
    晕倒,我打不开那个网站啊。这样吧,你进入注册表,搜索zhaowo8这个,找到后都删除了
    谢谢吟风啊~~~~~~~~~~~~~~~偶再去搜搜
    偶要去的网站是:www.hjsm.com
    还有一个是:http://www.cmfu.com/

    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-7 11:43 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    你现在告诉我也没用阿,我中不了毒,那些地方我都能去啊。
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-7 11:47 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    下面引用由吟风听月2004/12/07 11:43am 发表的内容:
    你现在告诉我也没用阿,我中不了毒,那些地方我都能去啊。
    倒S~~~~~~~~~~~~~
    一个星期了啊~~~~~~~~
    注册表里查到了,偶全删了,5555555555555,还是没用~~~~~
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-7 11:50 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    重启一下试试看,如果还是有,你再去搜索,找到以后不要删除,你给他把网址改了,改成你需要的。
    回复 支持 反对

    使用道具 举报

    该用户从未签到

    发表于 2004-12-7 11:56 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    建议用火攻。
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-7 12:03 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    重启了,没用,决定用HijackThis扫描试试了~~~~
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-7 12:35 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    扫描以后,按了INFO
    是以下信息,哪个是需要修复的呢,听月帮帮偶啊~~~~
    * HijackThis v1.98 *
    作者: Merijn    汉化:小蚊子  网站:WWW.COOLFAX.NET  
    http://www.merijn.org/files/hijackthis.zip
    http://www.merijn.org/index.html
    查看版本历史.                        
    The different sections of hijacking possibilities have been separated into these groups:
    R - Registry, StartPage/SearchPage changes
        R0 - Changed registry value
        R1 - Created registry value
        R2 - Created registry key
        R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
        F0 - Changed inifile value
        F1 - Created inifile value
        F2 - Changed inifile value, mapped to Registry
        F3 - Created inifile value, mapped to Registry
    N - Netscape/Mozilla StartPage/SearchPage changes
        N1 - Change in prefs.js of Netscape 4.x
        N2 - Change in prefs.js of Netscape 6
        N3 - Change in prefs.js of Netscape 7
        N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
        O1 - Hijack of auto.search.msn.com with Hosts file
        O2 - Enumeration of existing MSIE BHO's
        O3 - Enumeration of existing MSIE toolbars
        O4 - Enumeration of suspicious autoloading Registry entries
        O5 - Blocking of loading Internet Options in Control Panel
        O6 - Disabling of 'Internet Options' Main tab with Policies
        O7 - Disabling of Regedit with Policies
        O8 - Extra MSIE context menu items
        O9 - Extra 'Tools' menuitems and buttons
        O10 - Breaking of Internet access by New.Net or WebHancer
        O11 - Extra options in MSIE 'Advanced' settings tab
        O12 - MSIE plugins for file extensions or MIME types
        O13 - Hijack of default URL prefixes
        O14 - Changing of IERESET.INF
        O15 - Trusted Zone Autoadd
        O16 - Download Program Files item
        O17 - Domain hijack
        O18 - Enumeration of existing protocols and filters
        O19 - User stylesheet hijack
        O20 - AppInit_DLLs autorun Registry value
        O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
        O22 - SharedTaskScheduler autorun Registry key
    You can get more detailed information about an item by selecting it from the list of found items or highlighting the relevant line above, and clicking 'Info on selected item'.
    * Version history *
    [v1.98]
    * Definitive support for Japanese/Chinese/Korean systems
    * Added O20 (AppInit_DLLs) in light of newer trojans
    * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
    * Added O22 (SharedTaskScheduler) in light of newer trojans
    * Backups of fixed items are now saved in separate folder
    * HijackThis now checks if it was started from a temp folder
    * Added a small process manager (Misc Tools section)
    [v1.96]
    * Lots of bugfixes and small enhancements! Among others:
    * Fix for Japanese IE toolbars
    * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
    * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
    * Added several files to the LSP whitelist
    * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
    * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
    [v1.95]
    * Added a new regval to check for from Whazit hijack (Start Page_bak).
    * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
    * New in logfile: Running processes at time of scan.
    * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
    * New O19 method to check for Datanotary hijack of user stylesheet.
    * Google.com IP added to whitelist for Hosts file check.
    [v1.94]
    * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
    * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
    * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
    * Fixed a bug where DPF could not be deleted.
    * Fixed a stupid bug in enumeration of autostarting shortcuts.
    * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
    * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
    * Added support for backing up F0 and F1 items (d'oh!).
    [v1.93]
    * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
    * Fixed a bug in LSP routine for Win95.
    * Made taborder nicer.
    * Fixed a bug in backup/restore of IE plugins.
    * Added UltimateSearch hijack in O17 method (I think).
    * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
    * Also fixed a bug in StartupList (now version 1.52.1).
    [v1.92]
    * Fixed two stupid bugs in backup restore function.
    * Added DiamondCS file to LSP files safelist.
    * Added a few more items to the protocol safelist.
    * Log is now opened immediately after saving.
    * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
    * Updated integrated StartupList to v1.52.
    * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
    * Rudimentary proxy support for the Check for Updates function.
    [v1.91]
    * Added rd.yahoo.com to the Nonstandard But Safe Domains list.
    * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
    * Added listing of programs/links in Startup folders (O4).
    * Fixed 'Check for Update' not detecting new versions.
    [v1.9]
    * Added check for Lop.com 'Domain' hijack (O17).
    * Bugfix in URLSearchHook (R3) fix.
    * Improved O1 (Hosts file) check.
    * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
    * Added AutoConfigURL and proxyserver checks (R1).
    * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
    * Added check for extra protocols (O18).
    [v1.81]
    * Added 'ignore non-standard but safe domains' option.
    * Improved Winsock LSP hijackers detection.
    * Integrated StartupList updated to v1.4.
    [v1.8]
    * Fixed a few bugs.
    * Adds detecting of free.aol.com in Trusted Zone.
    * Adds checking of URLSearchHooks key, which should have only one value.
    * Adds listing/deleting of Download Program Files.
    * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
    [v1.71]
    * Improves detecting of O6.
    * Some internal changes/improvements.
    [v1.7]
    * Adds backup function! Yay!
    * Added check for default URL prefix
    * Added check for changing of IERESET.INF
    * Added check for changing of Netscape/Mozilla homepage and default search engine.
    [v1.61]
    * Fixes Runtime Error when Hosts file is empty.
    [v1.6]
    * Added enumerating of MSIE plugins
    * Added check for extra options in 'Advanced' tab of 'Internet Options'.
    [v1.5]
    * Adds 'Uninstall & Exit' and 'Check for update online' functions.
    * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
    [v1.4]
    * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
    * A few bugfixes/enhancements
    [v1.3]
    * Adds detecting of extra MSIE context menu items
    * Added detecting of extra 'Tools' menu items and extra buttons
    * Added 'Confirm deleting/ignoring items' checkbox
    [v1.2]
    * Adds 'Ignorelist' and 'Info' functions
    [v1.1]
    * Supports BHO's, some default URL changes
    [v1.0]
    * Original release
    A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

    这个汉化版不好,出来的都是英文~~
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-7 12:55 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    倒,别让我看这个阿,上次好像看了谁的,我晕了一个月不能恢复^_^
    回复 支持 反对

    使用道具 举报

    该用户从未签到

    发表于 2004-12-7 14:31 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    懂不懂?
    IE是垃圾

    那MYIE哪来的?
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-7 15:59 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    明天重装系统,切呀,不弄了~~~~~~~~~~~~~
    回楼上那位,MYIE是垃圾堆里挑出来的~
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-9 12:13 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    不得不报告一下,这二天没时间重装,连MYIE也被侵入了
    又有网站上不了,完,MYIE也不算是最好用的了吧?
    怎么回事啊,倒S
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-9 12:30 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    倒,你都上的什么网啊。我怎么就是遇不到啊。

    难道是毒网怕我?呵呵
    回复 支持 反对

    使用道具 举报

    该用户从未签到

     楼主| 发表于 2004-12-9 12:41 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    下面引用由吟风听月2004/12/09 12:30pm 发表的内容:
    倒,你都上的什么网啊。我怎么就是遇不到啊。
    难道是毒网怕我?呵呵
    倒S,第一次遇到这样的恶毒网站
    搜索个音乐网站跟出来的网址大全,然后第二天就这样了
    昨天根本没时间上网,今天刚刚一开机打开IE又这样了。
    回复 支持 反对

    使用道具 举报

  • TA的每日心情
    开心
    2023-4-15 08:35
  • 签到天数: 462 天

    连续签到: 1 天

    [LV.9]以坛为家II

    发表于 2004-12-9 12:47 | 显示全部楼层

    紧急求助~~~~~~~~~SOS~~~~~~~~斑斑~~~~~~

    又是这样,是怎样啊?
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 注册

    本版积分规则

    QQ|小黑屋|《唐诗宋词》网站 ( 苏ICP备2021032776号 )

    GMT+8, 2024-11-16 16:22 , Processed in 0.088475 second(s), 18 queries .

    Powered by Discuz! X3.4

    Copyright © 2001-2021, Tencent Cloud.

    快速回复 返回顶部 返回列表