TSPY_LINEAGE.RV 這是啥...

誰彼

它住在C:\WINDOWS\system32\PDLL.dll 檔裡..但我怎麼刪都刪不掉...安全模式也不行....
請請各位大大幫幫忙......~"~

s1ck

原文由 誰彼 於 06-7-12 12:28 PM 發表
它住在C:\WINDOWS\system32\PDLL.dll 檔裡..但我怎麼刪都刪不掉...安全模式也不行....
請請各位大大幫幫忙......~"~

基本上PDLL.DLL入侵您的電腦有個途徑SPY
1.svchost.exe ----> 位於c:\windows下
2.rundll32.exe----->位於c:\windows下
3.explorer.exe----->位於c:\windows\system32下
4.pdll.dll--------->位於c:\windows\system32下
解除步驟:
1.由安全模式進入(開機按F8)
2.啟用搜尋先找 explorer.exe 千萬別亂砍,可以比對日期,找最近日期的準沒錯!
3.在搜尋rundll32.exe 一樣千萬別亂砍,可以比對日期,找最近日期的準沒錯!
4. 這個步驟是最麻煩,因為SVChost.exe是主機服務的一部份是無法移除所以必須按Ctrl+Alt+DEL啟動工作管理員的處理程序,找尋 svchost.exe,但是表中的svchost.exe有4-5個,先停用最上面的svchost.exe,然後再去刪除
c:\windows\svchost.exe的該病毒檔案,如果可以刪除表示您成功的,如果不行依序停用其他的svchost.exe
再去刪除c:\windows\svchost.exe的該病毒檔案,您一定可以辦到的.相信自己.
5.此時Pdll.dll病毒檔案已經沒有svchost的TSR保護,所以就可以順利的刪除.

以上內容為轉載內容

s1ck

如果你用的是趨勢殺毒軟體，可以按照以下步驟清除︰
Restoring Modified Autostart Entry from the Registry

Removing an autostart entry from the registry prevents the spyware from executing at startup.

If the registry entry below is not found, the spyware may not have executed as of detection. If so, proceed to the succeeding solution set.

   1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
   2. In the left panel, double-click the following:
      HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
      Windows NT>CurrentVersion>Winlogon
   3. In the right panel, locate the following:
      Userinit = "%System%\userinit.exe,%Windows%\svchost.exe,"
      (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003. %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)
   4. Right-click on this registry entry and choose Modify. Change the value of this entry to:
      Userinit = "%System%\userinit.exe,"
   5. Close Registry Editor.

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.

Users running other Windows versions can proceed with the succeeding solution set(s).

Running Trend Micro Antivirus

If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Scan your computer with Trend Micro antivirus and delete files detected as TSPY_LINEAGE.RV. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.