- 浏览: 950324 次
文章分类
最新评论
间谍软件和病毒清除教程
Tags: windows, security, software
标签: 视窗, 安全, 软件
英文来源:http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=207375&start=0&tag=nl.e101
翻译:endurer
2007-01-19 第1版
If you think of some software/step that is needed for this Tutorial that Im working on, please post it. Thank You. The Tutorial in *very rough daft* Be ready for bad grammar. Please note the details on how to use the software and reason for it has been removed for a simple daft version.
如果你想到我正在做的这个教程所需要的软件/步骤,请发贴。谢谢!这个教程还*很粗笨*。对不好的语法要做好准备。请注意软件使用方法的细节,因为它已被删节为简单粗糙的版本。
《endurer注:1、think of: 想到(考虑,想象,设想,打算,出主意)
2、为...做好准备
3、reason for:…的原因(理由等)》
How to remove Spyware and Virus:
如何清除间谍软件和病毒
XP Only
仅适用于XP《endurer注:假设用户的Windows XP安装在C盘》
Because spyware and virus in bed themselves into windows system like network and so on by removing them could cause the internet or computer to stop working!!! By following these steps of removing spyware/virus it possible, if not likely spyware virus could break your computer. Happy Hunting!
因为间谍软件和病毒把自身嵌入到Windows系统,如网络,这样移除它们可能造成Internet或计算机停止工作!!!如果不喜欢间谍软件和病毒可能打扰电脑,通过下列可能移除间谍软件/病毒的步骤。祝清剿愉快!
《endurer注:1、happy hunting ground:天堂》
Before cleaning your computer you should backup your data. Also, Download (on a clean computer is very helpful) the following programs:
在清理计算机前,你需要备份。因此,下载(在一台干净的计算机更好)下列程序:
WinSock XP Fix, Belarc Advisor, Ad-Aware Personal, Spybot - Search & Destroy, Windows Defender (Beta 2).
*Note* Unless I say I say differently all the steps should be in safe mode by hitting F8 during the computer reboot.
*注意* 除非我另有说明,所有的步骤需要在安全模式下进行,进入安全模式的方法是在计算机启动时按住F8。
Up back all data you want to save!!
备份所有你想保存的数据!!
Install and Run Belarc Advisor
安装并运行Belarc Advisor
《endurer注:1、larc:
=Library Automatic Research Communications 图书馆自动化研究通讯》
The software creates a local dynamic webpages that has information about hardware, CD-Key for Microsoft software and so on. If you having problems displaying the website or if Internet Explorer (IE) broken for some reason, install Firefox at Firefox.com.
这个软件创建一个本地动态网页,其中的信息为硬件,微软的软件CD-Key等。如果你显示网站有问题或者IE因为某些原因坏了,安装Firefox.com上的Firefox。
Find the software keys Belarc Advisor doesn?t pickup!
找到Advisor没有检出的软件key!
Some programs you can get the CD-key by going to Help => about. It is very import to get the CD-Key incase during spyware/virus removal the OS/etc dies. After getting the software CD-Key check to see if you have all the software CD needed to reinstall the OS and other software.
一些程序,你可以通过 帮助 -> 关于 来得到CD-key。收集好CD-Key很重要,在间谍软件/病毒移除过程中,操作系统可能会死掉。在获取软件CD-Key后,检查看看是否拥有所有需要重装操作系统和其它软件的软件CD。
Del Temp, Temp Internet Files, and Cookies
删除Temp, Temp Internet Files, and Cookies
Why?
为什么?
Virus/spyware are download and installed from website using drive-by-install.
病毒/间谍软件使用安装插件(drive-by install)从网站下载和安装。
(Must remove all files)
(下面列出的必须移除所有文件)
C:/Documents and Settings/(All the user on the PC)/Local Settings/Temp
C:/Documents and Settings/(这台电脑上的所有用户)/Local Settings/Temp
C:/Documents and Settings/(All the user on the PC)/Local Settings/Temporary Internet Files
C:/Documents and Settings/(这台电脑上的所有用户)/Local Settings/Temporary Internet Files
C:/Documents and Settings/(All the user on the PC)/Cookies
C:/Documents and Settings/(这台电脑上的所有用户)/Cookies
(*Note* Removing cookies will cause your browser to lose all Saved Username/Password).
(*注意* 移除cookies会造成你的浏览器丢失所有保存过的用户名/密码)
C:/WINDOWS/Downloaded Program Files
(checking on)(检查)
《endurer注:1、check on:查对(检查,调查)》
C:/WINDOWS/Temp
(checking on) (检查)
C:/WINDOWS/Offline Web Pages
(May be pointless to have this one)(这一步可能没有意义)
Remove files/Program Icon from Startup Menu
从开始菜单移除文件/程序图标
C:/Documents and Settings/All Users/Start Menu/Programs/Startup
C:/Documents and Settings/<for each user>/Start Menu/Programs/Startup
C:/Documents and Settings/<每个用户>/Start Menu/Programs/Startup
Disable System Restore
禁用系统还原
Why?
为什么?
This will cause any possible system restore to be lost, however spyware/virus love handing around in the system restore.
这将导致一些可用系统还原点丢失,然而间谍软件/病毒爱传进系统还原。
《endurer注:1、hand around:传递;分发》
To open System Properties, click Start, click Control Panel, and then double-click System. In the System Properties dialog box, click the System Restore tab and select the Turn off System Restore check box. Click Yes when you receive the prompt to the turn off System Restore.
要打系统属性,点击开始,点击控制面板,双击系统。在系统属性对话框,点击系统还原选项卡,选择关闭系统还原复选框。如果收到关闭系统还原的提示,点击是。
Remove Program using Add/Remove Programs
用添加/删除程序来移除程序
Why?
为什么?
Some software that comes with ad-ware will remove it once you remove the software.
一些带广告软件的软件,一旦移除这些软件,广告程序也被移除。
《endurer注:1、come with:从...开始》
Write down the location where the Programs you removed are location at.
记下你移除的软件的位置。
To open Add or Remove Programs, click Start, click Control Panel, and then double-click Add or Remove Programs. Also, try going to the programs Uninstall in Startup, All Program, and then in the Program folder. If you don't know if the program good or bad try google the name of the program. Some spyware/virus programs only do half or fake removal.
要打开添加删除程序,点击开始,点击控制面板,双击添加删除程序。也可以尝试 开始->所有程序中的卸载程序,然后是程序文件夹里。如果你不知道程序是好是坏,尝试在google搜索程序名。一些间谍软件/病毒程序只做了一半或者假装删除。
After use the Add or Remove Programs go to the Program folder and remove any folder/file that remains.
在使用添加删除程序后进入程序文件夹,并删除遗留的文件夹/文件。
Run msconfig
运行msconfig
Why?
为什么?
Stop the software from starting up in reboot and possible reinfection
阻止软件在重启时运行和可能的再次感染
《endurer注:1、Stop from:阻止(阻拦)》
Start -> run -> type msconfig
开始 -> 运行 -> 输入 msconfig
Do not reboot unless I say!
不要重启,除非我告诉你!
Click the Startup tab; uncheck all startup Item you wish to stop. If you don't know if the startup item is good or bad, try google.com. Example is Vptray is for Norton, or could be virus sometimes.
点击启动选项卡:不选所有你希望停止的启动项。如果你不知道启动项是好是坏,尝试google.com。例如Vptray一般是诺顿的,有时也可能被病毒使用。
Click the Services Tab and check Hide all Microsoft Services. Click Disable All. This will disable all non-Microsoft service, as some virus/spyware could setup them as service.
点击服务选项卡,选定隐藏所有微软服务。点击禁用所有。这将禁用所有非微软服务,因为一些病毒/间谍软件可能把自己安装成服务。
Click OK. When small box comes up, click Exit Without Restart.
点击确定。当提示框出来,点击退出但不重新启动。
HijackThis
If you don?t know what this does/etc it best if you skip this step. Hijackthis is very powerful registry and has various other files editor. HijackThis could damage the OS, so best leave alone unless you know how to use it.
如果不你知道这个软件的功能,最好跳过这一步。Hijackthis是一款强力注册表和各种其它文件编辑器。HijackThis可能危及操作系统,所以最好不管它,除非你知道如何使用。
《endurer注:1、leave alone:不管(不理,不干涉,让单独呆着)》
Reboot back into safe mode with network connect
(In safe mode there are min windows software running, the reason for about steps is to less the BS later one)
重启电脑到带网络连接的安全模式(在安全模式有最少的Windows软件运行,原因是蓝屏少)
《endurer注:1、BS:退回;蓝屏》
Ad-Aware Personal
Install (www.lavasoftusa.com) Ad-Aware Personal, update it, and then Run.
安装(www.lavasoftusa.com) Ad-Aware Personal,更新,然后运行。
Ad-ware Personal can only remove spyware it knows about!! Update it!!
Ad-ware Personal 只能移除已知间谍软件!!更新!!
To update Ad-Aware Personal by using the software updater or the Ad-Aware SE Personal Definition File from www.download.com.
要更新Ad-Aware Personal,可使用软件更新程序或www.download.com上的Ad-Aware SE Personal定义文件。
Spybot - Search & Destroy
Install (www.safer-networking.org/en/download/) Spybot - Search & Destroy, update it, and then Run it (Best if run in safe mode)
安装(www.safer-networking.org/en/download/) Spybot - Search & Destroy, 更新,然后运行(最好在安全模式下运行)。
To update Spybot - Search & Destroy by using the software updater or get the Spybot - Search & Destroy Definition File from download.com
要更新Spybot - Search & Destroy,使用软件升级程序或者从download.com获取Spybot - Search & Destroy定义文件。
Windows Defender (Beta 2)
Download Windows Defender (Beta 2). Install in safe mode if you. If you can?t install windows Defender by reboot the computer in normal mode (unplug the network cable) and install Windows Defender. After installing, reboot back into safe mode with network connect. Update Windows Defender by using the ??? (Help icon) -> Check for updates. Read the Windows Defender (Beta 2) tutorial from microsoft.com if need be.
下载Windows Defender (Beta 2)。在安全模式下安装。如果不能安装,重启电脑到正常模式(取下网线)再安装。安装后重启到带网络连接的安全模式。通过帮助图标->检查更新来进行更新。如果需要可以阅读microsoft.com上的Windows Defender (Beta 2)教程。
Check the host table
检查主机表
Why?
为什么?
Some spyware/virus writes to the host table to force the browser/internet connect to go to incorrect website/IP. The computer check the host table first to find the IP address of the website, if its not there then goes to the DNS to get the IP address of the website. Example of problem is when you try to visit notorn.com, but the host table has IP address to hacker website. The Browser will go to the hacker website and could infect you computer again. Or they could stop you from updating you antivirus and antispyware.
一些间谍软件/病毒改写主机表来迫使浏览器/Internet连接到不正确的网站/IP。计算机先检查主机表来寻找网站的IP地址,如果没有再到DNS获取网站的IP地址。例如,当你试图访问notorn.com,但主机表有指向黑客网站的IP地址。浏览器将到黑客网站并能再次感染你的计算机。或者它们阻止反病毒软件和反间谍程序的更新。
(In case anti-spyware didn?t clean most of it out)
(在这种情况下,反间谍程序很可能清除不了它们)
C:/WINDOWS/system32/drivers/etc
Open the file name "hosts" with word pad.
用写字板打开名为 hosts 的文件
Enter the following at the bottom:
在下方输入下列内容:
Should look like this
要看起来像这样:
# Copyright ? 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost[/spoiler]
Scan for Virus/more spyware by using Online anti-virus scanner!!
使用在线反病毒扫描程序扫描病毒/更多的间谍软件。
Trendmicrio Housecall Online Anti-virus scanner will help remove what it find.
趋势科技Housecall Online Anti-virus scanner将有助于清除它发现的。
Norton Online Scanner Norton will not remove the files for you. You need find the location and delete the files by hand. Click the Symantec Security Check
http://security.symantec.com/sscv6/default...id=ie&venid=sym
If spyware/virus is founded rerun the scan until you find none.
Run Rootkit scanner
运行Rootkit扫描程序RootkitRevealer
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx RootkitRevealer
Why?
为什么?
Rootkit is software that attempt to hide their presence from scanners and system management utilities. Rootkits can be executes in user mode or kernel mode.
Rootkit是一种试图从扫描程序和系统管理软件中隐藏它们的存在的软件。Rootkits能在用户模式或内核模式下执行。
Playing hook with the network connect
用钩子玩弄网络连接
《endurer注:1、play with:玩弄》
If you lose network connect during any of these step try running WinSock XP Fix. This should replace all the stocks for the network, hoping will fix it. The spyware/virus may have edit the software for the network connect and by removing the spyware/virus destroy the software.
如果你在进行这些步骤的过程中丢失了网络连接,尝试运行WinSock XP Fix。这将替换所有网络存储,跳跃修复。间谍程序/病毒可能有已经编辑网络连接的软件,通过移除间谍程序/病毒来毁灭软件。
You may need to reinstall Your OS or Drives
你可能需要重装操作系统或驱动程序
You may need to reinstall the OS on top of its self, or may need to wipe everything and reinstall a clean copy of the OS. You need the windows cd-key for both option. For the Driver you need to test them in order find out if they working or not, have fun in this step.
你可能需要重装操作系统,或者可能需要清除所有东东,再重装一个操作系统的干净拷贝。这两种情况你都需要windows cd-key。对于驱动程序,你需要测试以发现它们是否工作,祝这一步工作愉快。
Reinstall anti-virus and scan your computer
重装反病毒程序并扫描计算机
Please note that the spyware/virus may have disable or kill your anti-virus!! You may need to remove the anti-virus and reinstall, then update and rescan for virus/spyware. Go to antivirus website to find the tool to full remove the antivirus.
请注意间谍程序/病毒可能已禁用或者干掉你的反病毒程序!!你可能需要卸载反病毒软件再重装。然后升级并重新扫描病毒/间谍软件。到反病毒软件网站找到完全卸载反病毒程序的工具。
Scan the Hard Drive for Errors (scandisk)
扫描硬盘驱动程序查找错误(scandisk)
Scan Disk will take sometime; best go do something else for few hours after the scan started. It could taker longer if its larger hard drive.
扫描磁盘需要一些时间;在扫描启动后的几个小时里最好做其它事情。更大的硬盘可能花费更长的时间。
Update Windows
更新Windows
Updates, Updates, Updates, and more updates.
更新,更新,更新,再更新
Defrag the hard Drive
整理硬盘驱动程序碎片
(Run Scandisk first!! This step will take sometime)
(先扫描磁盘!!这步会花费一些时间)
Before starting Defrag you should be in Safe mode or if you?re in normal mode stop all unnecessary programs that are running. Disk Defragmenter needs a min of 15% of free space on the hard drive in order to defrag.
在开始碎片整理前你需要进入安全模式,或者如果你在正常模式,停止所有正在运行的所有不必要的程序。磁盘碎片整理程序需要至少硬盘15%的自由空间用于整理碎片。
Misc
Enable System Restore
启用系统还原
Enable Service in msconfig
用msconfig启用服务
Enable Startup in msconfig
用msconfig启用启动项
Clean Dust from the computer
清除灰尘
<<<<adding more later>>>>>
Please say if needs added steps and what/where need be.
如果需要增加步骤,需要什么/在哪,请说明。
msconfig的替代品
I hope you get lots of help with streamlining this VERY good approach! I do this sort of thing semi-professionally every day of the week; you have it pat down straight!
我希望你努力使这个很棒的研讨合理化!我一周每天不完全专业地做类似的事情。你已经理顺了。
《endurer注:1、sort of:有几分地(稍稍,到某种程度)》
The only technical suggestion I have:
我仅有的技术方面的建议:
Do not suggest to possibly inexperienced people to use MsConfig. What a clumsy tool; IMHO needs way too much know-how on the users side. Why not (for this purpose only!) use Ccleaner? You find the latest version always here:
不建议不熟练的人使用MsConfig。这么笨拙的的工具。恕我直言,这对用户方要求知道的太多了。为什么不(只是为了这个目的)使用Ccleaner?你总可以在这儿找到最新版本:
《endurer注:1、IMHO:In My Humble Opinion 恕我直言;依愚人之见》
http://www.filehippo.com/download_ccleaner/
This little thing has helped me a lot! They even have their own web site with all the info about it (and then some):
这个小东东帮了我大忙!他们甚至有自己的网站,全是关于它的信息(这是一些:)
Keep up the good work.
继续这个好的作品。
Oh, BTW, if you want help in smoothing grammar and language, I am volunteering.
噢,顺便说一句,如果你需要流畅语法和语言方面的帮助,我是志愿者。
Regards
eikelein
相关推荐
硬盘空间: 30 MB以上 可用空间 处理器: 奔腾Ⅲ 133M Hz或更高 显示分辨率: 800×600或以上 光华反病毒软件,国内唯一获得微软金牌认证,彻底清除病毒、木马、恶意脚本、间谍软件等32万余...
间谍克星全面检测可能被间谍木马利用的技术和间谍木马藏身的地方,找出可疑的间谍木马程序,并提供非常简单方便的清除隔离方法,从而实现从源头上清除木马间谍。检测扫描的位置在同类软件中是最多的. 动态监控: ...
同时具备IE修复、杀QQ病毒、杀各种以驱动服务方式运行的病毒、杀各类木马(无进程木马、插入线程木马)、清除各种间谍广告程序、各种流行病毒及系统救援与日志上报于一身,一套等于多套。修复易死灰复燃顽固性、古怪性...
IObit Malware Fighter ...大眼仔旭在这里提醒一下,IObit Malware Fighter Pro 不是杀毒软件,不要当作杀毒软件来用,其查杀率和病毒清除能力还是比较有限的,当做一款杀毒软件的补充,一款安全辅助软件来用比较合适。
作为一款杀毒软件,avast Free Antivirus可以检测和清除计算机上的恶意软件、病毒、间谍软件和广告软件等。它还可以定期进行病毒库更新,以确保您的计算机始终受到最新的病毒保护。 除了杀毒功能之外,avast Free ...
因为它能自动阻断并清除各类病毒和间谍软件,所以你能自由地网上冲浪、收发Email、玩游戏、下载文件,在线聊天~~~。此外,它的小巧和超高性能保障您的计算机运行更快! 现在,每位购买熊猫卫士防病毒2007的用户,...
二、防病毒方案设计 要设计一个完善的防病毒解决方案,需要充分考虑下面四个问题: (一)威胁:恶意代码、间谍软件和广告软件会带来哪些威胁? 威胁指某种事件一旦发生,就可能对系统造成破坏,导致数据泄露或损坏...
而且除了强大的文件与电子邮件防护能力之外,它还拥有排程扫描、在线更新病毒码、及时侦测等功能,和市面上知名防毒软件比起来一点也不逊色! 软件特点 1.对病毒及间谍软件的检测率高 2.拥有"计划任务扫描"功能 3...
木马清除专家2016是专业防杀木马软件,针对目前流行的木马病毒特别有效,彻底查杀各种流行QQ盗号木马,网游盗号木马,冲击波,灰鸽子,黑客后门等十万种木马间谍程序,是您电脑不可缺少的的坚固堡垒。 软件除采用传统...
软件名称:7code反间谍综合管理软件 软件版本:V2.0 建议分类:PC安全/网络安全/系统安全 软件标签:反间谍/系统优化/恶意代码 授权方式:国产软件 联系EMAIL:[email]7code@easycode.com.cn...
) 最新版熊猫卫士防病毒2007使保护您的计算机尽量变得简单易用,因为它能自动阻断并清除各类病毒和间谍软件,所以你能自由地网上冲浪、收发Email、玩游戏、下载文件,在线聊天~~~。此外,它的小巧和超高性能保障...
确保您的磁盘始终处于极佳状态,并让您的 Mac 达到最佳性能,随着病毒和恶意软件数据库的大量扩展, MacBooster 是最好的反恶意软件,让您的 Mac 远离病毒,网络钓鱼攻击,间谍软件,恶意软件和各种在线威胁,同时对...
HitmanPro是一款功能强大的专业级恶意软件清除程序。它不仅仅是简单地删除病毒,特洛伊木马,蠕虫,机器人和PUA。它彻底根除了感染的所有痕迹和残余。凭借其先进的行为检测技术,您的计算机就好像从未被感染过一样。...
而且除了强大的文件与电子邮件防护能力之外,它还拥有排程扫描、在线更新病毒码、及时侦测等功能,和市面上知名防毒软件比起来一点也不逊色! 软件特点 1.对病毒及间谍软件的检测率高 2.拥有"计划任务扫描"功能 ...
ClamWin是一款用于Microsoft Windows 7/Vista/XP/Me/2000/98及...添加至Microsoft Outlook中,自动清除染毒附件请注意:ClamWin免费反病毒软件并不具备实时读写扫描功能。您需要手动扫描文件以检测病毒或间谍软件
产品名称: 驱逐舰单机版 产品备注: 国际顶级超微专业级杀毒软件 产品类别: Virus驱逐舰 <br>Virus驱逐舰单机版,全面防御网络病毒及间谍软件 强大的广告/间谍软件扫描功能 完美的病毒...
软件功能齐全,具有强大的病毒清除和Windows修复功能,允许用户所有类型的恶意软件和间谍软件检测和删除受感染的系统。软件界面美观简洁、简单全面、实用方便,可快速上手,轻轻松松完成日常计算机杀毒修复功能,...
--能准确检测和清除的病毒数超过5万种; --在功能对比测试中各项指标位居前茅; --实时病毒卫士能时刻监测各种文件操作; --防护大型未知病毒; --Internet更新向导更加容易更新; --防护未知根目录病毒和主引导记录...
IObit Security 360是一款超级强大的恶意软件、间谍软件清除工具,扫描和清除恶意软件,保护你的PC不受恶意软件、广告软件、木马、键盘记录器、蠕虫等带来的危害。IObit Security 360内置独立的双核启发式扫描引擎,...
采用新型的启发式扫描方式,提供多层次的防护方式,紧紧的和你的操作系统融合一起,拒绝接纳任何包含恶意的代码进入你的电脑,比如病毒、蠕虫、特洛伊木马以及广告软件、间谍软件等等。一种新型的基因式扫描杀毒软件...