English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận virus, trojan, spyware, worm... *-*Cho em hõi về con virus này*-*  XML
  [Question]   *-*Cho em hõi về con virus này*-* 07/12/2007 01:10:55 (+0700) | #1 | 102340
Duy-Taliban
Member
[Minus]    0    [Plus]
Joined: 24/11/2007 23:14:31
Messages: 5
Offline
[Profile] [PM]
mỗi lần muốn truy cập internet .kick vào internet explore là có sẵng 1 web http://thecoolpics.com/ hiện lên mà em ko có cách nào có thể đổi homepage của mình qua 1 website khác.......kick vào web đó đảm bảo sẽ tãi virus worm2007 về nhưng em ko biết có cách nào để diệt và thay đổi homepage qua 1 website khác......giúp em đi mấy bác ơi..... smilie
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 07/12/2007 01:20:04 (+0700) | #2 | 102343
[Avatar]
 turin
Member
[Minus]    0    [Plus]
Joined: 01/12/2007 13:11:17
Messages: 37
Offline
[Profile] [PM] [Yahoo!]
Hì hì, có lẽ là dính cái con virus homepage quái quỉ rồi. Có hai cách, một là chỉnh sửa trực tiếp trong registry và hai là đao mấy cái tool về xài. Chỉnh sửa trực tiếp trong reg thì mình quên mất tiêu rồi, ai đó còn nhớ thì chỉ dùm với.
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 07/12/2007 01:25:54 (+0700) | #3 | 102347
Duy-Taliban
Member
[Minus]    0    [Plus]
Joined: 24/11/2007 23:14:31
Messages: 5
Offline
[Profile] [PM]
anh gì đó nói rõ xí đi....chứ nói rứa dân cùi như em chưa chắc mò ra đâu....help me!!!!!! smilie
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 07/12/2007 01:29:48 (+0700) | #4 | 102349
[Avatar]
 try_and_try
Member
[Minus]    0    [Plus]
Joined: 22/03/2007 10:20:34
Messages: 51
Location: Ho Chi Minh City
Offline
[Profile] [PM]
Code:
Option Explicit
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")

Err.Clear
On Error Resume Next

WshShell.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Task Manager"
WshShell.RegDelete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr"
WshShell.RegDelete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools"
WshShell.RegDelete "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage"
WshShell.RegDelete "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions"
WshShell.RegDelete "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title"
WshShell.RegWrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page", "about:blank", "REG_SZ"
WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", "REG_DWORD"
WshShell.RegWrite "HKCU\Software\Microsoft\Policies\Microsoft\Internet Explorer\Restrictions", "NoBrowserOptions", "REG_DWORD"
WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSaveSettings", "REG_DWORD"
MsgBox "Dat lai HomePage thanh cong !", 4096, "FixReg"


Đó là tool để enable reg và TaskManager, set lại home page
Bạn copy và save as với đuôi là .vbs và chạy thử xem sao
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 07/12/2007 03:28:13 (+0700) | #5 | 102370
[Avatar]
 mystery_hacker
Member
[Minus]    0    [Plus]
Joined: 30/06/2006 16:16:03
Messages: 365
Location: Khánh Hòa
Offline
[Profile] [PM] [Yahoo!]
Bạn bị Hijacked rồi! Bạn nên làm theo chỉ dẫn của bạn try_to_try!
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 07/12/2007 06:20:46 (+0700) | #6 | 102392
Duy-Taliban
Member
[Minus]    0    [Plus]
Joined: 24/11/2007 23:14:31
Messages: 5
Offline
[Profile] [PM]
làm sao để làm đc như vậy hã anh try_try.....
em ko biết cách chĩ rõ xí nha....
em cùi lắm
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 07/12/2007 14:54:31 (+0700) | #7 | 102479
[Avatar]
 big-bird
Elite Member
[Minus]    0    [Plus]
Joined: 30/03/2005 13:31:15
Messages: 83
Offline
[Profile] [PM]
Copy nguyên đoạn mã trên rồi mở Notepad paste qua, save lại với đuôi mở rộng là .vbs, ví dụ cleanreg.vbs rồi nhấp đôi chuột vào file này để chạy nó.
Cách save thành file .vbs: khi save, ở mục Filename của của sổ save, gõ tên file cùng đuôi mở rộng .vbs của nó trong 2 dấu nháy "", ví dụ "cleanreg.vbs".
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 08/12/2007 03:26:07 (+0700) | #8 | 102598
[Avatar]
 Look2Me
Member
[Minus]    0    [Plus]
Joined: 26/07/2006 23:30:57
Messages: 235
Location: Tủ quần nào
Offline
[Profile] [PM]

mystery_hacker wrote:
Bạn bị Hijacked rồi! Bạn nên làm theo chỉ dẫn của bạn try_to_try!  

wht does hijack mean?
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 11/12/2007 08:18:04 (+0700) | #9 | 103272
Duy-Taliban
Member
[Minus]    0    [Plus]
Joined: 24/11/2007 23:14:31
Messages: 5
Offline
[Profile] [PM]
em có giãi pháp rùi...
cài lại win he eh..
nhưng lần đầu cài vẫn bị
lần sau mới ok
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 12/12/2007 02:27:20 (+0700) | #10 | 103386
[Avatar]
 mystery_hacker
Member
[Minus]    0    [Plus]
Joined: 30/06/2006 16:16:03
Messages: 365
Location: Khánh Hòa
Offline
[Profile] [PM] [Yahoo!]

Look2Me wrote:

mystery_hacker wrote:
Bạn bị Hijacked rồi! Bạn nên làm theo chỉ dẫn của bạn try_to_try!  

wht does hijack mean? 

Hijacked là một dạng spyware có tác hại là chiếm trang chủ, thay đổi tiêu đề trình duyệt, ko cho truy cập các website..v...v. smilie
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 13/12/2007 14:10:45 (+0700) | #11 | 103665
[Avatar]
 angel_of_devil
Member
[Minus]    0    [Plus]
Joined: 23/10/2004 14:57:09
Messages: 154
Offline
[Profile] [PM]
Author: Mike Healan

There is a despicable trend that is becoming more and more common wherein the browser settings of web surfers are being hijacked forcibly by malicious web sites and software which modifies your default start and search pages.

Sometimes internet shortcuts will be added to your favorites folder without asking you. The purpose of this is force you to visit a web site of the hijacker's choice so that they artificially can inflate their web site's traffic for higher advertising revenues.

In some cases, these changes are reversible simply by going into internet options and switching them back. Not always, however. Sometimes it's necessary to edit the windows registry (gasp!) to undo the changes made. Sometimes there is even a combination of registry setting and files clandestinely placed on your hard drive that redo your settings every time you reboot the computer.

No matter how often you change your settings back, they are changed again the next time you restart. There have even been cases where internet options have been removed from the tools menu by registry hacking to prevent you from controlling your own computer!

Even AOL has become a browser hijacker by placing their web site free.aol.com in Internet Explorer's trusted sites security zone, thereby bypassing the most frequently used security settings. This occurs after installing their AOL software, AOL Instant Messenger, Netscape 6.x and ICQ2001b has reportedly done this. AOL then exploits this by downloading ActiveX components to your computer without your consent. The CWS trojan also does this.



Preventing a hijack
This section has been superseded by a new article which focuses specifically on hijack prevention. That article is available at http://www.spywareinfo.com/articles/hijacked/prevent.php



Hijack Removal
Permalink | Top

Any of the products below will remove most hijackers completely, unless it is one which has just started spreading.

Spybot S&D [recommended]
Ad-aware
SpySweeper


If you have a hijack that is not fixed by any of these products, you may use these solutions below that I have gathered after helping to fix these same problems countless times through email and at the forums. Read on...

Please read the disclaimer below before doing anything described here. By following any of these instructions, you agree to be bound by the disclaimer. If you do not agree, do not follow these instructions. Also note that with Windows NT/2K/XP you likely will need to be logged in as an administrator for much of this. Go ahead and do that now.

The situation: Your browser now has a new start page and a new search page. Every time your browser loads a page that doesn't exist, you end up at some strange site, probably filled with popup ads.

You go to Tools > Internet Options to fix this, only to find that option grayed out. You open the control panel, only to find Internet Options missing from there too. You try to open regedit to start hacking away at the registry, but you are given the message that "your administrator has not given you that privilege".

Some scumbag webmaster has paid a scumbag script kiddie to truly mess up your browser settings and has made it next to impossible for you to change it back.

Notice that I said "next to impossible"...........

So, what do you do here?

Skip any step that deals with a problem that doesn't effect you

Assuming that none of the spyware removal programs listed above helps you, the very first thing you need to do is download and run HijackThis. Put a check mark next to every search and start page setting it lists which you haven't put there yourself and choose fix. Do the same for any hosts file entries. If it lists anything as O5, O6, or O7*, fix those as well. Please ask for advice at the forums before using HijackThis to change anything else.

*Note: Spybot S&D, Start Page Guard, Settings Sentry, and similar programs may provide options to lock settings against unauthorized changes. If you have these options enabled, HijackThis will detect that as a restrictions hijack. Disable those options before scanning with HijackThis.

Second, you have to put Internet Options back into the control panel. Do a file search and look for a file named "control.ini". Open it in Notepad. You may see something like this:

[don't load]
inetcpl.cpl=yes

Delete the "inetcpl.cpl=yes" line under "[don't load]". Save and close the file, then try the control panel again. If it's still not there, restart your machine and it should be there.


For Windows 2000 and XP, you will need to edit the registry to do this. Go to the start menu > RUN command > type REGEDIT and press enter. Navigate through the registry keys until you get to HKEY_CURRENT_USER\Control Panel\don't load\. Look and see if inetcpl.cpl is listed. If it is, delete the entry for it and log off.

See the list at the bottom of this page to identify other entries. Thanks to Corné de Leeuw for this information.

Run a search on your hard drive for any files ending with *.hta or *.js. If you find any, open them in notepad or some other text editor and look for the URLs that you have been hijacked to. Any file with those URLs, delete them. Also delete all *.tmp files on your drive; some of them contain malicious code (for e.g. browser hijacks or malware (re)installations). Besides, deleting *.tmp files doesn't hurt, unlike dll's which are also used sometimes for this purpose. (Thanks to cexx.org for the additional info in this step).

HijackThis will list any BHO installed on your computer. Check the BHOs listed against the list of all known BHOs. If you find one listed as some sort of spyware/malware/hijackware, run HijackThis again and find that BHO in the list. Check its box and have HT fix it.

If you find a BHO that is not included in the list, please make a post in the Browser Hijackings section of our support forums with the HijackThis log pasted in along with an explanation of your problem. Please wait for replies before deleting this BHO, as it may be a new one which I can have added to various spyware/malware cleaning programs. It may also be an innocent file that is not causing your problem, so please wait for advice before deleting it.

Now you need to see if there is a startup entry for your hijacker file. The next time you reboot, the hijack might come right back. The reason for this would be an entry in the run section of the registry.

Look in HijackThis for 04 startup items. Check the entries listed against Pacman's List. Items listed as virus, malware, spyware, or something else that is undesirable, put a checkmark next to it and "fix" it.

Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes will take effect. That includes this window. Some changes may even require a log off or even a reboot before they have any effect.

Still not fixed?
I hope this helps anyone who has become a victim of a browser hijack. If it does, great.

If the problem still remains after doing all of the above, you can visit our support forums and post the specifics of your problem there. I or someone else can troubleshoot the problem. Before posting, please make sure you have followed all of the instructions above.



Related Links:
http://www.cexx.org/hphijack.htm - Homepage Hijackers
http://www.pcworld.com/news/article/0,aid,63345,00.asp - Stealth ad explosion
http://www.pcworld.com/news/article/0,aid,101916,00.asp - Web Ad Explosion
http://www.pcworld.com/news/article/0,aid,84464,tk,dn021402X,00.asp - Invasion of the browser snatchers
http://www.spywareinfo.com/newsletter/archives/september-2002/09212002.html#xupiter - Xupiter

Ngoảnh nhìn lại cuộc đời như giấc mộng
Được mất bại thành bỗng chốc hoá hư không
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 16/12/2007 11:13:30 (+0700) | #12 | 104175
Duy-Taliban
Member
[Minus]    0    [Plus]
Joined: 24/11/2007 23:14:31
Messages: 5
Offline
[Profile] [PM]
có ai giúp em ko...em cài lại win rồi mà vẫn ko ăn thua giúp em với .... smilie
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 01/01/2008 08:41:09 (+0700) | #13 | 107424
DNK90
Member
[Minus]    0    [Plus]
Joined: 12/07/2007 07:40:21
Messages: 20
Offline
[Profile] [PM]
con này ko cho phép vào 1 số trang web như bkav kapersky ... bạn nào biết cách khắc phục ko chỉ mình với , bây h mặc dù diệt xong rồi nhưng mà ko truy cập được mấy trang đó bùn lắm smilie
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 01/01/2008 23:59:53 (+0700) | #14 | 107552
[Avatar]
 mystery_hacker
Member
[Minus]    0    [Plus]
Joined: 30/06/2006 16:16:03
Messages: 365
Location: Khánh Hòa
Offline
[Profile] [PM] [Yahoo!]
Bạn xóa file host trong thư mục: Windows\System32\drivers\etc đi. Windows sẽ tạo lại một file mới sạch sẽ hơn
[Up] [Print Copy]
  [Question]   Re: *-*Cho em hõi về con virus này*-* 03/01/2008 04:51:29 (+0700) | #15 | 107807
ketomo
Member
[Minus]    0    [Plus]
Joined: 01/04/2004 19:18:39
Messages: 15
Offline
[Profile] [PM]

bạn thử dùng phần mềm adware SE 2007 xem, mình dùng phần mềm đó diệt hết đó. Sẳn đây các bạn cho mình hỏi luôn: máy bị nhiễm con virus gi mà ben thanh taskbar xuấ hiện 1 biểu tượng cấm, và máy thường xuất hiện thông báo là nhiễm spyware , nếu nhấp chuột vào thông báo đó thì hiện ra 1 trang web kêu tải phần mềm virus protect về quét . Thằng virus này lúc trước dùng adwareSE quét thì hết , nhưng bây giờ hình như nó dùng con khác hay sao ấy mà mình quét nhưng không có hiệu quả nữa, các bạn biết phần mềm nào quét virus hiệu quả hơn không.
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|