间谍软件和病毒清除教程

Spyware and Virus Cleaning Tutorial. Any any Ideas what to add?

间谍软件和病毒清除教程，有什么要补充的吗？

Tags: windows, security, software
标签: 视窗, 安全, 软件

英文来源:http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=207375&start=0&tag=nl.e101

翻译：endurer
2007-01-19 第1版

If you think of some software/step that is needed for this Tutorial that Im working on, please post it. Thank You. The Tutorial in *very rough daft* Be ready for bad grammar. Please note the details on how to use the software and reason for it has been removed for a simple daft version.

如果你想到我正在做的这个教程所需要的软件/步骤，请发贴。谢谢！这个教程还*很粗笨*。对不好的语法要做好准备。请注意软件使用方法的细节，因为它已被删节为简单粗糙的版本。
《endurer注：1、think of: 想到(考虑,想象,设想,打算,出主意)
2、为...做好准备
3、reason for:…的原因(理由等)》

How to remove Spyware and Virus:
如何清除间谍软件和病毒

XP Only
仅适用于XP《endurer注：假设用户的Windows XP安装在C盘》

Because spyware and virus in bed themselves into windows system like network and so on by removing them could cause the internet or computer to stop working!!! By following these steps of removing spyware/virus it possible, if not likely spyware virus could break your computer. Happy Hunting!

因为间谍软件和病毒把自身嵌入到Windows系统，如网络，这样移除它们可能造成Internet或计算机停止工作！！！如果不喜欢间谍软件和病毒可能打扰电脑，通过下列可能移除间谍软件/病毒的步骤。祝清剿愉快！

《endurer注：1、happy hunting ground:天堂》

Before cleaning your computer you should backup your data. Also, Download (on a clean computer is very helpful) the following programs:

在清理计算机前，你需要备份。因此，下载（在一台干净的计算机更好）下列程序：

WinSock XP Fix, Belarc Advisor, Ad-Aware Personal, Spybot - Search & Destroy, Windows Defender (Beta 2).

*Note* Unless I say I say differently all the steps should be in safe mode by hitting F8 during the computer reboot.

*注意* 除非我另有说明，所有的步骤需要在安全模式下进行，进入安全模式的方法是在计算机启动时按住F8。

Up back all data you want to save!!

备份所有你想保存的数据！！


Install and Run Belarc Advisor

安装并运行Belarc Advisor
《endurer注：1、larc:
=Library Automatic Research Communications 图书馆自动化研究通讯》

The software creates a local dynamic webpages that has information about hardware, CD-Key for Microsoft software and so on. If you having problems displaying the website or if Internet Explorer (IE) broken for some reason, install Firefox at Firefox.com.

这个软件创建一个本地动态网页，其中的信息为硬件，微软的软件CD-Key等。如果你显示网站有问题或者IE因为某些原因坏了，安装Firefox.com上的Firefox。

Find the software keys Belarc Advisor doesn?t pickup!

找到Advisor没有检出的软件key！

Some programs you can get the CD-key by going to Help => about. It is very import to get the CD-Key incase during spyware/virus removal the OS/etc dies. After getting the software CD-Key check to see if you have all the software CD needed to reinstall the OS and other software.

一些程序，你可以通过 帮助 -> 关于 来得到CD-key。收集好CD-Key很重要，在间谍软件/病毒移除过程中，操作系统可能会死掉。在获取软件CD-Key后，检查看看是否拥有所有需要重装操作系统和其它软件的软件CD。

Del Temp, Temp Internet Files, and Cookies

删除Temp, Temp Internet Files, and Cookies


Why?

为什么？

Virus/spyware are download and installed from website using drive-by-install.

病毒/间谍软件使用安装插件（drive-by install）从网站下载和安装。

(Must remove all files)

（下面列出的必须移除所有文件）

C:/Documents and Settings/(All the user on the PC)/Local Settings/Temp

C:/Documents and Settings/（这台电脑上的所有用户）/Local Settings/Temp

C:/Documents and Settings/(All the user on the PC)/Local Settings/Temporary Internet Files

C:/Documents and Settings/（这台电脑上的所有用户）/Local Settings/Temporary Internet Files

C:/Documents and Settings/(All the user on the PC)/Cookies

C:/Documents and Settings/（这台电脑上的所有用户）/Cookies

(*Note* Removing cookies will cause your browser to lose all Saved Username/Password).

（*注意* 移除cookies会造成你的浏览器丢失所有保存过的用户名/密码）

C:/WINDOWS/Downloaded Program Files
(checking on)（检查）

《endurer注：1、check on:查对(检查,调查)》

C:/WINDOWS/Temp
(checking on) （检查）

C:/WINDOWS/Offline Web Pages
(May be pointless to have this one)（这一步可能没有意义）

Remove files/Program Icon from Startup Menu

从开始菜单移除文件/程序图标

C:/Documents and Settings/All Users/Start Menu/Programs/Startup

C:/Documents and Settings/<for each user>/Start Menu/Programs/Startup

C:/Documents and Settings/<每个用户>/Start Menu/Programs/Startup

Disable System Restore

禁用系统还原

Why?

为什么？

This will cause any possible system restore to be lost, however spyware/virus love handing around in the system restore.

这将导致一些可用系统还原点丢失，然而间谍软件/病毒爱传进系统还原。

《endurer注：1、hand around:传递；分发》

To open System Properties, click Start, click Control Panel, and then double-click System. In the System Properties dialog box, click the System Restore tab and select the Turn off System Restore check box. Click Yes when you receive the prompt to the turn off System Restore.

要打系统属性，点击开始，点击控制面板，双击系统。在系统属性对话框，点击系统还原选项卡，选择关闭系统还原复选框。如果收到关闭系统还原的提示，点击是。

Remove Program using Add/Remove Programs

用添加/删除程序来移除程序

Why?

为什么？

Some software that comes with ad-ware will remove it once you remove the software.

一些带广告软件的软件，一旦移除这些软件，广告程序也被移除。
《endurer注：1、come with:从...开始》

Write down the location where the Programs you removed are location at.

记下你移除的软件的位置。

To open Add or Remove Programs, click Start, click Control Panel, and then double-click Add or Remove Programs. Also, try going to the programs Uninstall in Startup, All Program, and then in the Program folder. If you don't know if the program good or bad try google the name of the program. Some spyware/virus programs only do half or fake removal.

要打开添加删除程序，点击开始，点击控制面板，双击添加删除程序。也可以尝试 开始->所有程序中的卸载程序，然后是程序文件夹里。如果你不知道程序是好是坏，尝试在google搜索程序名。一些间谍软件/病毒程序只做了一半或者假装删除。

After use the Add or Remove Programs go to the Program folder and remove any folder/file that remains.

在使用添加删除程序后进入程序文件夹，并删除遗留的文件夹/文件。

Run msconfig

运行msconfig

Why?

为什么？

Stop the software from starting up in reboot and possible reinfection

阻止软件在重启时运行和可能的再次感染

《endurer注：1、Stop from:阻止(阻拦)》

Start -> run -> type msconfig

开始 -> 运行 -> 输入 msconfig

Do not reboot unless I say!

不要重启，除非我告诉你！

Click the Startup tab; uncheck all startup Item you wish to stop. If you don't know if the startup item is good or bad, try google.com. Example is Vptray is for Norton, or could be virus sometimes.

点击启动选项卡：不选所有你希望停止的启动项。如果你不知道启动项是好是坏，尝试google.com。例如Vptray一般是诺顿的，有时也可能被病毒使用。

Click the Services Tab and check Hide all Microsoft Services. Click Disable All. This will disable all non-Microsoft service, as some virus/spyware could setup them as service.

点击服务选项卡，选定隐藏所有微软服务。点击禁用所有。这将禁用所有非微软服务，因为一些病毒/间谍软件可能把自己安装成服务。

Click OK. When small box comes up, click Exit Without Restart.

点击确定。当提示框出来，点击退出但不重新启动。

HijackThis

If you don?t know what this does/etc it best if you skip this step. Hijackthis is very powerful registry and has various other files editor. HijackThis could damage the OS, so best leave alone unless you know how to use it.

如果不你知道这个软件的功能，最好跳过这一步。Hijackthis是一款强力注册表和各种其它文件编辑器。HijackThis可能危及操作系统，所以最好不管它，除非你知道如何使用。

《endurer注：1、leave alone:不管(不理,不干涉,让单独呆着)》

Reboot back into safe mode with network connect
(In safe mode there are min windows software running, the reason for about steps is to less the BS later one)

重启电脑到带网络连接的安全模式（在安全模式有最少的Windows软件运行，原因是蓝屏少）

《endurer注：1、BS:退回；蓝屏》

Ad-Aware Personal

Install (www.lavasoftusa.com) Ad-Aware Personal, update it, and then Run.

安装(www.lavasoftusa.com) Ad-Aware Personal，更新，然后运行。

Ad-ware Personal can only remove spyware it knows about!! Update it!!

Ad-ware Personal 只能移除已知间谍软件！！更新！！

To update Ad-Aware Personal by using the software updater or the Ad-Aware SE Personal Definition File from www.download.com.

要更新Ad-Aware Personal，可使用软件更新程序或www.download.com上的Ad-Aware SE Personal定义文件。

Spybot - Search & Destroy

Install (www.safer-networking.org/en/download/) Spybot - Search & Destroy, update it, and then Run it (Best if run in safe mode)

安装(www.safer-networking.org/en/download/) Spybot - Search & Destroy, 更新，然后运行(最好在安全模式下运行)。

To update Spybot - Search & Destroy by using the software updater or get the Spybot - Search & Destroy Definition File from download.com

要更新Spybot - Search & Destroy，使用软件升级程序或者从download.com获取Spybot - Search & Destroy定义文件。

Windows Defender (Beta 2)

Download Windows Defender (Beta 2). Install in safe mode if you. If you can?t install windows Defender by reboot the computer in normal mode (unplug the network cable) and install Windows Defender. After installing, reboot back into safe mode with network connect. Update Windows Defender by using the ??? (Help icon) -> Check for updates. Read the Windows Defender (Beta 2) tutorial from microsoft.com if need be.

下载Windows Defender (Beta 2)。在安全模式下安装。如果不能安装，重启电脑到正常模式（取下网线）再安装。安装后重启到带网络连接的安全模式。通过帮助图标->检查更新来进行更新。如果需要可以阅读microsoft.com上的Windows Defender (Beta 2)教程。

Check the host table

检查主机表

Why?

为什么？

Some spyware/virus writes to the host table to force the browser/internet connect to go to incorrect website/IP. The computer check the host table first to find the IP address of the website, if its not there then goes to the DNS to get the IP address of the website. Example of problem is when you try to visit notorn.com, but the host table has IP address to hacker website. The Browser will go to the hacker website and could infect you computer again. Or they could stop you from updating you antivirus and antispyware.

一些间谍软件/病毒改写主机表来迫使浏览器/Internet连接到不正确的网站/IP。计算机先检查主机表来寻找网站的IP地址，如果没有再到DNS获取网站的IP地址。例如，当你试图访问notorn.com，但主机表有指向黑客网站的IP地址。浏览器将到黑客网站并能再次感染你的计算机。或者它们阻止反病毒软件和反间谍程序的更新。

(In case anti-spyware didn?t clean most of it out)

（在这种情况下，反间谍程序很可能清除不了它们）

C:/WINDOWS/system32/drivers/etc

Open the file name "hosts" with word pad.

用写字板打开名为 hosts 的文件

Enter the following at the bottom:

在下方输入下列内容：

Should look like this

要看起来像这样：

# Copyright ? 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost[/spoiler]

Scan for Virus/more spyware by using Online anti-virus scanner!!

使用在线反病毒扫描程序扫描病毒/更多的间谍软件。

Trendmicrio Housecall Online Anti-virus scanner will help remove what it find.

趋势科技Housecall Online Anti-virus scanner将有助于清除它发现的。

Norton Online Scanner Norton will not remove the files for you. You need find the location and delete the files by hand. Click the Symantec Security Check
http://security.symantec.com/sscv6/default...id=ie&venid=sym

If spyware/virus is founded rerun the scan until you find none.

Run Rootkit scanner

运行Rootkit扫描程序RootkitRevealer

http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx RootkitRevealer

Why?

为什么？

Rootkit is software that attempt to hide their presence from scanners and system management utilities. Rootkits can be executes in user mode or kernel mode.

Rootkit是一种试图从扫描程序和系统管理软件中隐藏它们的存在的软件。Rootkits能在用户模式或内核模式下执行。

Playing hook with the network connect

用钩子玩弄网络连接

《endurer注：1、play with:玩弄》


If you lose network connect during any of these step try running WinSock XP Fix. This should replace all the stocks for the network, hoping will fix it. The spyware/virus may have edit the software for the network connect and by removing the spyware/virus destroy the software.

如果你在进行这些步骤的过程中丢失了网络连接，尝试运行WinSock XP Fix。这将替换所有网络存储，跳跃修复。间谍程序/病毒可能有已经编辑网络连接的软件，通过移除间谍程序/病毒来毁灭软件。

You may need to reinstall Your OS or Drives

你可能需要重装操作系统或驱动程序

You may need to reinstall the OS on top of its self, or may need to wipe everything and reinstall a clean copy of the OS. You need the windows cd-key for both option. For the Driver you need to test them in order find out if they working or not, have fun in this step.

你可能需要重装操作系统，或者可能需要清除所有东东，再重装一个操作系统的干净拷贝。这两种情况你都需要windows cd-key。对于驱动程序，你需要测试以发现它们是否工作，祝这一步工作愉快。

Reinstall anti-virus and scan your computer

重装反病毒程序并扫描计算机


Please note that the spyware/virus may have disable or kill your anti-virus!! You may need to remove the anti-virus and reinstall, then update and rescan for virus/spyware. Go to antivirus website to find the tool to full remove the antivirus.

请注意间谍程序/病毒可能已禁用或者干掉你的反病毒程序！！你可能需要卸载反病毒软件再重装。然后升级并重新扫描病毒/间谍软件。到反病毒软件网站找到完全卸载反病毒程序的工具。

Scan the Hard Drive for Errors (scandisk)

扫描硬盘驱动程序查找错误（scandisk）

Scan Disk will take sometime; best go do something else for few hours after the scan started. It could taker longer if its larger hard drive.

扫描磁盘需要一些时间；在扫描启动后的几个小时里最好做其它事情。更大的硬盘可能花费更长的时间。


Update Windows

更新Windows


Updates, Updates, Updates, and more updates.

更新，更新，更新，再更新

Defrag the hard Drive

整理硬盘驱动程序碎片

(Run Scandisk first!! This step will take sometime)

（先扫描磁盘！！这步会花费一些时间）

Before starting Defrag you should be in Safe mode or if you?re in normal mode stop all unnecessary programs that are running. Disk Defragmenter needs a min of 15% of free space on the hard drive in order to defrag.

在开始碎片整理前你需要进入安全模式，或者如果你在正常模式，停止所有正在运行的所有不必要的程序。磁盘碎片整理程序需要至少硬盘15%的自由空间用于整理碎片。


Misc


Enable System Restore

启用系统还原

Enable Service in msconfig

用msconfig启用服务

Enable Startup in msconfig

用msconfig启用启动项

Clean Dust from the computer

清除灰尘

<<<<adding more later>>>>>

Please say if needs added steps and what/where need be.
如果需要增加步骤，需要什么/在哪，请说明。

Posted:01/03/2007 @ 09:36

cbcats

Job Role: Student

Location: Barnes, WI

Member since: 01/23/2006

Replacement for msconfig
msconfig的替代品

Hi cbcats;
I hope you get lots of help with streamlining this VERY good approach! I do this sort of thing semi-professionally every day of the week; you have it pat down straight!

我希望你努力使这个很棒的研讨合理化！我一周每天不完全专业地做类似的事情。你已经理顺了。

《endurer注：1、sort of:有几分地(稍稍,到某种程度)》

The only technical suggestion I have:

我仅有的技术方面的建议：

Do not suggest to possibly inexperienced people to use MsConfig. What a clumsy tool; IMHO needs way too much know-how on the users side. Why not (for this purpose only!) use Ccleaner? You find the latest version always here:

不建议不熟练的人使用MsConfig。这么笨拙的的工具。恕我直言，这对用户方要求知道的太多了。为什么不（只是为了这个目的）使用Ccleaner？你总可以在这儿找到最新版本：

《endurer注：1、IMHO:In My Humble Opinion 恕我直言；依愚人之见》

http://www.filehippo.com/download_ccleaner/

This little thing has helped me a lot! They even have their own web site with all the info about it (and then some):

这个小东东帮了我大忙！他们甚至有自己的网站，全是关于它的信息（这是一些：）

http://www.ccleaner.com

Keep up the good work.

继续这个好的作品。

Oh, BTW, if you want help in smoothing grammar and language, I am volunteering.

噢，顺便说一句，如果你需要流畅语法和语言方面的帮助，我是志愿者。


Regards
eikelein

Posted:01/06/2007 @ 10:27 (edited01/06/2007 @ 10:29)

ejheinze@...

Job Role: IT Consultant

Location: Hartford, WI

Member since: 01/05/2007