This website requires Javascript to function properly. Please go to the setting of your web browser and enable Javascript for this website.

Ad by

技多不压身，工到自然成：安省技工证书特训班，点击咨询报名！

Ad by

技多不压身，工到自然成：安省技工证书特训班，点击咨询报名！

嘿嘿，这个玩艺不是病毒新人哈。。。。咳，还是一外国GG告诉俺一招儿管用，干掉了！;-D

mildkiller(mk)

首先杀掉所有的由他引入的各种spyware，也杀掉他的变体dll副本和注册值，
然后到system32里把AoLEDIT.DLL的安全性设置为空，即任何人和系统都不可访问他。（这个是外国GG的提示，简单又聪明）
再把CurrentVersion\Winlogon\Notify\Guardianxxxx\注册值删掉。
reboot
直接到system32里把AoLEDIT.DLL删掉（启动时调用未遂，人家不吭声，忍了）
再去注册表删掉CurrentVersion\Winlogon\Notify\Guardianyyyy
看来这东西是在shutdown system的时候检查注册表的，或者重写一份，怪不得怎么杀都杀不掉。

防火墙一关就被这东西钻了空子，阶级斗争不能放松哈。

(#1738037@0)
Last Updated: 2004-5-25
This post has been archived. It cannot be replied.

Report

Replies, comments and Discussions:

枫下家园 / 电脑用户 / 中了一个VX2好像是AoLEDIT.DLL捣乱，safe mode下还删不掉，如何清除之？谢~ -mildkiller(mk); 2004-5-25 (#1737864@0)

Change your browser to : FireFox -> www.mozilla.org -canadiantire(算了，不戒了); 2004-5-25 (#1737879@0)
ZT -canadiantire(算了，不戒了); 2004-5-25 {1153} (#1737883@0)
本文发表在 rolia.net 枫下论坛This is the most intrusive spyware i've ever seen. be aware that this "betterinternet" acts as an installer. it downloads and installs all different kinds of spyware. everytime you remove the spyware it installed, it will go back to the internet and download and install something different. here is what i had to do to get rid of it:

1. unplug network cable. every time you reboot, this f**ker goes out to the inet and downloads then installs more crap.

2. reboot in safemode with command promt.

3. manually remove the file: c:\winnt\system32\msg{B4008848-5524-47EF-A489-6DFD13542EAD}0115.dll (NOTE: this file name is dynamic it will be different on each PC - so you have to figure out what yours is before going into safe mode to delete).
also delete any directories that ad aware identifies as problematic - some of these i found were: myway, autoup, incredeal...the list goes on my memory fails me...

4.restart then rerun adaware to make sure you terminated the beast.

i think if you were using adaware pro this would not have been so damn hard to get rid of - then again im not sure that adaware has been updated for this guy.更多精彩文章及讨论，请光临枫下论坛 rolia.net

没这么简单啊。aoledit.dll随机复制一份自己的拷贝，然后让它运行成rundll32.exe，这个容易杀，可aoledit.dll自己还有一个守候者，挺宁的东东~~ -mildkiller(mk); 2004-5-25 (#1737960@0)

safe mode 也不行么？ -canadiantire(算了，不戒了); 2004-5-25 (#1737974@0)

不行~~~Symantec对此竟然没有评论，是个新玩艺？ -mildkiller(mk); 2004-5-25 {451} (#1738000@0)
adware可以杀掉它的影子，就是那个在tasks manager中以rundll32.exe显示的变体dll，AoLEDIT.DLL(310kB)可以不断复制自己，而本尊杀不掉，在CurrentVersion\Winlogon\Notify\Guardianxxxx\中有它的引用，如果把整段注册值删掉，reboot，他会换个CurrentVersion\Winlogon\Notify\Guardianyyyy\的位置继续，同时继续制造影子。AoLEDIT.DLL守候机制俺还没找到。

hijack也不能在启动项里发现什么异常。

据说betterinernet还能自动从网络下载其余spyware。

有点奇怪的东西~~

是不是要先unregister这个DLL? -170(170 VLS); 2004-5-25 (#1737988@0)
Start->Programs->Accessories->System Tools->System Information->Software Environment->Startup Programs，没有可疑的exe？ -xanada(㊣流水); 2004-5-25 (#1738013@0)

嘿嘿，这个玩艺不是病毒新人哈。。。。咳，还是一外国GG告诉俺一招儿管用，干掉了！;-D -mildkiller(mk); 2004-5-25 {527} (#1738037@0)
首先杀掉所有的由他引入的各种spyware，也杀掉他的变体dll副本和注册值，
然后到system32里把AoLEDIT.DLL的安全性设置为空，即任何人和系统都不可访问他。（这个是外国GG的提示，简单又聪明）
再把CurrentVersion\Winlogon\Notify\Guardianxxxx\注册值删掉。
reboot
直接到system32里把AoLEDIT.DLL删掉（启动时调用未遂，人家不吭声，忍了）
再去注册表删掉CurrentVersion\Winlogon\Notify\Guardianyyyy
看来这东西是在shutdown system的时候检查注册表的，或者重写一份，怪不得怎么杀都杀不掉。

防火墙一关就被这东西钻了空子，阶级斗争不能放松哈。

我怎么没找到把某个dll的安全性设置为空的地方？ -xanada(㊣流水); 2004-5-25 (#1738051@0)
还是FireFox好呀，高枕无忧啊。:D -canadiantire(算了，不戒了); 2004-5-25 (#1738306@0)

@Manitoba

嘿嘿，这个玩艺不是病毒新人哈。。。。咳，还是一外国GG告诉俺一招儿管用，干掉了！;-D

Replies, comments and Discussions:

More Topics