Ta yaya za a tantance abin da aka yi amfani da shi?

Tsarin fassara bayanai don taimakawa Cire kayan leken asiri da masu bincike

HijackThis kyauta ne daga Trend Micro. Mista Merijn Bellekom, wani dalibi a Netherlands, ya samo asali. Software cire kayan leken asiri irin su Adaware ko Spybot S & D na yin aiki mai kyau na ganowa da kuma cire yawancin kayan leken asiri, amma wasu kayan leken asiri da masu bincike masu bincike suna da ban tsoro ga ko da wadannan manyan kayan aiki na kayan leken asiri.

HijackThis an rubuta musamman don ganowa da kuma cire kayan bincike na intanet, ko software da ke ɗaukar burauzar yanar gizonku, yana canza shafin gidanka na baya da kuma injiniya da sauran abubuwa masu banƙyama. Sabanin software na kayan leken asiri, HijackThis ba ya amfani da sa hannu ko ƙaddamar da wani shirye-shirye na musamman ko URL don ganowa da toshewa. Maimakon haka, HijackThis yana kallon hanyoyin da hanyoyin da malware ke amfani da shi don yaduwa da tsarin ku kuma sake tura burauzar ku.

Ba duk abin da ya nuna a cikin HijackThis rajistan ayyukan ba daidai ba ce kuma bai kamata a cire duka ba. A gaskiya, quite akasin haka. An kusan tabbacin cewa wasu daga cikin abubuwan a cikin HijackThis rajistan ayyukan za su zama halattacciyar software kuma cire waxanda waɗannan abubuwa zasu iya tasiri ga tsarinka ko sa shi gaba ɗaya. Yin amfani da HijackThis yana da yawa kamar gyaran Registry Windows da kanka. Ba kimiyyar roka ba ne, amma ba shakka ba za ka yi ba tare da jagorantar kwarewa ba sai dai idan ka san abin da kake yi.

Da zarar ka shigar da HijackThis kuma gudanar da shi don samar da fayil ɗin log, akwai matakai masu yawa da shafukan yanar gizo inda za ka iya aikawa ko shigar da bayanan log naka. Masana sun san abin da za su nema za su taimake ka ka bincika bayanan bayanai da kuma bada shawara game da abin da za a cire da wanda za a bar shi kadai.

Don sauke halin yanzu na HijackThis, zaku iya ziyarci shafin yanar gizon a Trend Micro.

Ga wani fasali na HijackThis log shigarwar da zaka iya amfani da su don tsalle zuwa bayanin da kake nema:

R0, R1, R2, R3 - IE Fara da Shafin bincike

Abin da yake kama:
R0 - HKCU Software Microsoft \ Internet Explorer \ Gida, Fara Page = http://www.google.com/
R1 - HKLM Software na Microsoft \ InternetExplorer \ Main, Default_Page_URL = http://www.google.com/
R2 - (wannan nau'in ba'a amfani da shi ba saboda HijackThis duk da haka)
R3 - Dabaran URLSearchHook ya ɓace

Abin da za a yi:
Idan ka gane URL ɗin a ƙarshe a matsayin gidanka na gidanka ko injin binciken, yana da kyau. Idan ba ka yi ba, duba shi kuma ka sami HijackThis gyara shi. Don abubuwa R3, koyaushe su gyara su sai dai idan sun ambaci shirin da ka gane, kamar Copernic.

F0, F1, F2, F3 - Sauke shirye-shirye daga fayilolin INI

Abin da yake kama:
F0 - system.ini: Shell = Explorer.exe Openme.exe
F1 - win.ini: gudu = hpfsched

Abin da za a yi:
Abubuwan F0 suna da kyau, don haka gyara su. F1 abubuwa yawanci tsofaffin shirye-shiryen da suke da aminci, saboda haka ya kamata ka sami karin bayani game da sunan suna don ganin idan yana da kyau ko mara kyau. Pacman's Startup List zai iya taimakawa tare da gano abu.

N1, N2, N3, N4 - Netscape / Mozilla Fara & amp; Shafin bincike

Abin da yake kama:
N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C: \ Shirye-shiryen Fayiloli \ Netscape \ Masu amfani tsoho \ prefs.js)
N2 - Netscape 6: user_pref ("browser.startup.homepage", "http://www.google.com"); (C: \ Takardu da Saitunan Mai amfani da Aikace-aikacen Bayanan Bayanai da Mozilla Bayanan martaba \ defaulto9t1tfl.sl prefs.js)
N2 - Netscape 6: user_pref ("browser.search.defaultengine", "engine: //C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C: \ Takardu da Saitunan Mai amfani da Aikace-aikacen Bayanan Bayanai da Mozilla Bayanan martaba \ defaulto9t1tfl.sl prefs.js)

Abin da za a yi:
Yawancin lokaci shafin yanar gizon Netscape da Mozilla da shafin bincike suna da lafiya. Suna da wuya a sace su, kawai Lop.com an san shi don yin wannan. Idan ka ga URL ɗin da baku gane ba a matsayin shafin yanar gizonku ko shafin bincike, sai HijackThis ya gyara shi.

O1 - Mai sarrafa sauti

Abin da yake kama:
O1 - Mai watsa shiri: 216.177.73.139 auto.search.msn.com
O1 - Mai watsa shiri: 216.177.73.139 search.netscape.com
O1 - Mai watsa shiri: 216.177.73.139 ieautosearch
O1 - Fayil din rundunar yana samuwa a C: \ Windows \ Taimako \ runduna

Abin da za a yi:
Wannan hijack za ta tura adireshin zuwa dama ga adireshin IP zuwa hagu. Idan IP ba ta cikin adireshin ba, za a juya ka zuwa wani wuri ba daidai ba a duk lokacin da ka shiga adireshin. Kuna iya samun HijackThis gyara waɗannan, sai dai idan kun san waɗannan saituna a cikin fayilolin Mai watsa shiri.

Abinda na ƙarshe yana faruwa a kan Windows 2000 / XP tare da kamuwa da Coolwebsearch. Yi gyara wannan abu koyaushe, ko CWShredder gyara shi ta atomatik.

O2 - Abubuwan Taimako na Browser

Abin da yake kama:
O2 - BHO: Yahoo! Sahabin BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C: \ Shirye-shiryen FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O2 - BHO: (babu suna) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C: \ SADAFA FILES \ RUHAN DA KUMA HAUSA ELIMINATOR \ AUTODISPLAY401.DLL (fayil bata)
O2 - BHO: Wayar MediaLoads An Haɓaka - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C: \ Shirye-shiryen FILES \ MEDIALOADS Cikakken \ Me1.DLL

Abin da za a yi:
Idan ba kai tsaye ka san sunan Binciken Mai Taimakon Browser ba, to amfani da TonyK's BHO & Toolbar List don gano shi ta ID ID (CLSID, lambar tsakanin aljihun ƙirar) da kuma ganin idan yana da kyau ko mara kyau. A cikin BHO List, 'X' na nufin kayan leken asiri da 'L' na nufin aminci.

O3 - IE kayan aiki

Abin da yake kama:
O3 - Toolbar: & Yahoo! Sahabbai - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: \ Shirye-shiryen FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O3 - Toolbar: Eliminator Popup - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C: \ Shirye-shiryen FILES \ PASUP ELIMINATOR \ PETOOLBAR401.DLL (fayil bata)
O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C: \ WINDOWS \ APPLICATION DATA \ CKSTPRLLNQUL.DLL

Abin da za a yi:
Idan ba ku san sunan sunan toolbar ba, to amfani da TonyK's BHO & Toolbar List don samo shi ta ID ID (CLSID, lambar tsakanin almara) kuma duba idan yana da kyau ko mara kyau. A cikin Lissafi na Toolbar, 'X' na nufin ma'anar kayan leken asiri da 'L' na nufin aminci. Idan ba a cikin lissafin ba kuma sunan yana da alama na haruffan haruffa kuma fayil ɗin yana cikin babban fayil ɗin 'Aikace-aikacen Bayanan' (kamar na ƙarshe a cikin misalan sama), watakila Lop.com, kuma lallai ya kamata ka sami HijackThis gyara shi.

O4 - Saukewa daga shirye-shirye daga Registry or Startup group

Abin da yake kama:
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Files Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - Farawa: Microsoft Office.lnk = C: \ Fayilolin Shirin Fayiloli na Microsoft Office Office \ OSA9.EXE
O4 - Farawa na Duniya: winlogon.exe

Abin da za a yi:
Yi amfani da Lissafin Farawa na PacMan don neman shigarwa kuma duba idan yana da kyau ko mara kyau.

Idan abu ya nuna wani shirin yana zaune a ƙungiyar Farawa (kamar abu na karshe a sama), HijackThis ba zai iya gyara abu ba idan wannan shirin yana cikin ƙwaƙwalwar. Yi amfani da Manajan Tashoshin Windows (TASKMGR.EXE) don rufe tsari kafin gyarawa.

O5 - IE Zabuka ba bayyane a cikin Control Panel

Abin da yake kama:
O5 - control.ini: inetcpl.cpl = a'a

Abin da za a yi:
Sai dai idan kai ko mai kula da tsarinka sun ɓoye icon din daga Control Panel, toshe HijackThis gyara shi.

O6 - IE Zaɓuɓɓuka don samun damar ƙuntatawa daga Mai gudanarwa

Abin da yake kama:
O6 - HKCU Software Policies Microsoft \ Internet Explorer Masu Ƙuntatawa ba

Abin da za a yi:
Sai dai idan kana da zaɓi na Spybot S & D 'Gyara ɗakin yanar gizon daga canje-canje' aiki, ko mai gudanar da tsarin ku sanya wannan a cikin wuri, da HijackThis gyara wannan.

O7 - Ƙungiyar Regedit da aka ƙuntata ta Mai gudanarwa

Abin da yake kama:
O7 - HKCU Software \ Microsoft \ Windows \ CurrentVersion Policies \ System, DisableRegedit = 1

Abin da za a yi:
Koyaushe da HijackThis gyara wannan, sai dai idan mai gudanarwa na tsarin ya sanya wannan ƙuntatawa zuwa wuri.

O8 - Karin abubuwa a menu na IE dama-click

Abin da yake kama:
O8 - Wani abu na mahallin mahallin: & Google Search - Res: // C: \ WINDOWS \ SHE KASALIN FILES \ GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL / cmsearch.html
O8 - Wani abun menu na mahallin abun ciki: Yahoo! Binciken - fayil: /// C: \ Fayilolin Fayiloli \ Yahoo! \ Common / ycsrch.htm
O8 - Wani abu na mahallin abun ciki: Zoom & A - C: \ WINDOWS \ WEB \ zoomin.htm
O8 - Wani abu na mahallin abun haɓakawa: Ƙarar & & C: \ WINDOWS \ WEB \ zoomout.htm

Abin da za a yi:
Idan ba ku gane sunan abu ba a menu na dama-a IE, sai HijackThis ya gyara shi.

O9 - Buttons mai mahimmanci akan babban kayan aiki IE, ko karin abubuwa a IE & # 39; Kayan aiki & # 39; menu

Abin da yake kama:
O9 - Karin button: Manzo (HKLM)
O9 - Karin 'Kayayyakin' menu: Manzo (HKLM)
O9 - Ƙarin maɓalli: AIM (HKLM)

Abin da za a yi:
Idan baku gane sunan maballin ko menu ba, toshe HijackThis gyara shi.

O10 - Masu fashin wuta

Abin da yake kama:
O10 - Samun damar Intanit ta New.Net
O10 - Hanyar Intanet ta Intanet saboda LSP mai bada 'c: \ progra ~ 1 \ common ~ 2 \ toolbar \ cnmib.dll' bace
O10 - Fayil din ba a sani ba a Winsock LSP: c: \ shirin fayiloli \ newton ya san \ vmain.dll

Abin da za a yi:
Zai fi dacewa don gyara waɗannan ta amfani da LSPFix daga Cexx.org, ko Spybot S & D daga Kolla.de.

Lura cewa 'fayilolin' ba a sani ba a cikin akwati na LSP ba za a gyara su ta hanyar HijackThis ba, don magance matsalolin.

O11 - Ƙari a cikin IE & # 39; Advanced Zabuka & # 39; taga

Abin da yake kama:
O11 - Rukunin zabin: [CommonName] CommonName

Abin da za a yi:
Abinda aka sace shi kawai kamar yadda yanzu ya ƙara ɗayan ƙungiyar ta zuwa IE Advanced Options window shine CommonName. Don haka zaka iya samun HijackThis gyara wannan.

O12 - IE plugins

Abin da yake kama:
O12 - Jirgin don .spop: C: \ Fayilolin Shirin Fayilolin Intanit na Intanet NPDocBox.dll
O12 - Jirgin don .PDF: C: \ Fayilolin Shirin Fayilolin Intanit \ Intanit \ NVdf32.dll

Abin da za a yi:
Yawancin lokuta waɗannan suna lafiya. Only OnFlow ƙara da plugin a nan da ba ka so (.ofb).

O13 - IE DefaultPrefix hijack

Abin da yake kama:
O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
O13 - WWW Shafi: http://prolivation.com/cgi-bin/r.cgi?
O13 - WWW. Prefix: http://ehttp.cc/?

Abin da za a yi:
Waɗannan su ne ko da yaushe mummunan. Shin HijackThis gyara su.

O14 - Reset Saitunan Yanar Gizo & # 39; hijack

Abin da yake kama:
O14 - IERESET.INF: START_PAGE_URL = http: //www.searchalot.com

Abin da za a yi:
Idan adireshin ba shine mai bada kwamfutarka ko ISP ba, sai HijackThis ya gyara shi.

O15 - Shafukan da ba a taɓa bawa a cikin Asusun Amincewa

Abin da yake kama:
O15 - Amintattun Zone: http://free.aol.com
O15 - Amintattun Zone: * .coolwebsearch.com
O15 - Amintattun Zone: * .msn.com

Abin da za a yi:
Yawancin lokutan kawai AOL da Coolwebsearch sunyi ɗakun hanyoyi zuwa shafukan Gida. Idan ba ku ƙara yankin da aka lissafa zuwa Shiyyar Amintaccen ku ba, toshe HijackThis gyara shi.

O16 - Ayyukan ActiveX (An Ɗauki Shirin Shirin Files)

Abin da yake kama:
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Tasirin Flash Shockwave) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Abin da za a yi:
Idan ba ku san sunan abu ba, ko adireshin da aka sauke daga, sai HijackThis ya gyara shi. Idan sunan ko URL ya ƙunshi kalmomi kamar 'dialer', 'casino', 'free_plugin' da dai sauransu, gyara shi sosai. Javacool ta SpywareBlaster yana da babbar database na malicious ActiveX abubuwa da za a iya amfani da don neman sama CLSIDs. (Dama-danna jerin don amfani da aikin Neman.)

O17 - Lop.com domain hijacks

Abin da yake kama:
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: Domain = aoldsl.net
O17 - HKLM \ System \ CCS \ Ayyuka \ Tippip> Yankuna: Domain = W21944.find-quick.com
O17 - HKLM Software \ .. \ Telephony: DomainName = W21944.find-quick.com
O17 - HKLM \ System \ CCS \ Services \ Tppip \ .. \ {D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
O17 - HKLM \ System \ CS1 \ Ayyukan \ Tcpip \ Siffofin: SearchList = gla.ac.uk
O17 - HKLM \ System \ CS1 \ Ayyukan \ VxD \ MSTCP: NameServer = 69.57.146.14,69.57.147.175

Abin da za a yi:
Idan yankin ba daga ISP ko cibiyar sadarwa ba, sai HijackThis gyara shi. Haka yake don shigarwar 'SearchList'. Don 'NameServer' ( Saitunan DNS ) shigarwar, Google don IP ko IPs kuma zai zama sauƙi don ganin idan sun kasance masu kyau ko mara kyau.

O18 - Ƙarin ladabi da ƙirar masu amfani

Abin da yake kama:
O18 - Yarjejeniya: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ MSIETS \ msielink.dll
O18 - Jagora: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
O18 - Harkokin yanar gizo: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}

Abin da za a yi:
Kawai 'yan' yan fashi suna nunawa a nan. Kalmomin da aka sani sune 'cn' (CommonName), 'ayb' (Lop.com) da '' relatedlinks '(Huntbar), ya kamata ka sami HijackThis gyara wadanda. Sauran abubuwan da suke nunawa ba'a tabbatar da lafiya duk da haka, ko kuma an cire su (watau CLSID ya canza) ta kayan leken asiri. A cikin akwati na ƙarshe, sami HijackThis gyara shi.

O19 - Cincin takalmin mai amfani

Abin da yake kama:
O19 - Rubin mai amfani: c: \ WINDOWS \ Java \ my.css

Abin da za a yi:
A cikin yanayin sauƙin bincike mai sauƙi da kuma popups na yau da kullum, HijackThis gyara wannan abu idan ya nuna sama a cikin log. Duk da haka, tun da Coolwebsearch yayi wannan, ya fi kyau amfani da CWShredder don gyara shi.

O20 - AppInit_DLLs Registry darajar izini

Abin da yake kama:
O20 - AppInit_DLLs: msconfd.dll

Abin da za a yi:
Wannan ƙididdigar rijistar dake HKEY_LOCAL_MACHINE Software Microsoft \ Windows NT \ CurrentVersion \ Windows tana ɗaukar DLL cikin ƙwaƙwalwar ajiya lokacin da mai amfani ya shiga, bayan haka ya tsaya a cikin ƙwaƙwalwar ajiya har zuwa logoff. Ƙananan shirye-shiryen halatta suna amfani dashi (Norton CleanSweep yana amfani da APITRAP.DLL), mafi yawancin lokuta ana amfani da shi ko trojans ko masu bincike masu tayar da hankali.

Idan akwai wani "DLL" ɓoyewa daga wannan darajar Registry (kawai a bayyane lokacin amfani da 'Edit Binary Data' a Regedit) za a iya rubuta sunan dll tare da bututu '|' don yin shi a bayyane.

O21 - ShellServiceObjectDelayLoad

Abin da yake kama:
O21 - SSODL - AUHOOK - {11566B38-955B-4549-930F-7B7482668782} - C: \ WINDOWS \ System \ auhook.dll

Abin da za a yi:
Wannan hanya ce mara izini, wanda aka saba amfani da shi ta wasu matakan Windows. Abubuwan da aka jera a HKEY_LOCAL_MACHINE Software \ Microsoft \ Windows \ CurrentVersion \ ShellServiceObjectDelayLoad suna ɗorawa da Explorer lokacin da Windows ya fara. HijackThis yana amfani da wani sabon abu na musamman na SSODL, don haka a duk lokacin da aka nuna wani abu a cikin log ɗin shi ba a sani ba kuma mai yiwuwa bane. Bi da tare da kulawa mai yawa.

O22 - SharedTaskScheduler

Abin da yake kama:
O22 - SharedTaskScheduler: (babu suna) - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c: \ windows \ system32 \ mtwirl32.dll

Abin da za a yi:
Wannan kyauta ne marar rubutu don Windows NT / 2000 / XP kawai, wanda aka yi amfani da shi sosai. Har yanzu dai CWS.Smartfinder yana amfani da shi. Bi da tare da kulawa.

O23 - NT Services

Abin da yake kama:
O23 - Sabis: Kerio Personal Firewall (PersFw) - Kerio Technologies - C: \ Shirin Fayiloli \ Kerio \ Personal Firewall \ persfw.exe

Abin da za a yi:
Wannan shi ne jerin abubuwan da ba na Microsoft ba. Jerin ya kamata ya zama daidai da wanda kake gani a mai amfani na Msconfig na Windows XP. Yawancin 'yan fashi suna amfani da sabis na gida a aditation zuwa wasu farawa don sakewa kansu. Cikakken sunan yana da mahimmanci-sauti, kamar 'Tsaro na Kan hanyar Tsaro', 'Sabis na Ɗawainiyar Ɗawainiya' ko 'Mai Taimakon Shirin Mai Gyara', amma sunan na ciki (a tsakanin shafuka) yana da tarin datti, kamar 'Ort'. Sashi na biyu na layin shi ne mai mallakar fayil ɗin a karshen, kamar yadda aka gani a cikin dukiyar mallaka.

Lura cewa gyara wani abu na O23 zai dakatar da sabis ɗin kawai kawai kuma musaki shi. Dole ne a shafe sabis din daga wurin Registry da hannu ko tare da wani kayan aiki. A cikin HijackThis 1.99.1 ko mafi girma, za a iya amfani da button 'Delete NT Service' a cikin Sashen Misc Tools don wannan.