msoffice2.exe

Discussion in 'Windows -ongelmat' started by Flash80, Aug 18, 2004.

  1. Flash80

    Flash80 Member

    Joined:
    Mar 5, 2004
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    Niin siis mikä tuo mahtaa olla, kun se löytyy Windows XP:n Tehtävienhallinta-prosessista? Googlesta löysin jotain, mutta kun tuo englanti ei ole iskostunut niin hyvin, et olisin ymmärtänyt.. jokin virus?
     
    Flash80, Aug 18, 2004
    #1
  2. Agent_007

    Agent_007 Senior member

    Joined:
    May 5, 2003
    Messages:
    29,936
    Likes Received:
    124
    Trophy Points:
    143
    Agent_007, Aug 18, 2004
    #2
  3. Flash80

    Flash80 Member

    Joined:
    Mar 5, 2004
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    'The connection was refused when attempting to contact www.sophos.com' Elikkä en pääse sinne sivulle. Ja saman tekee myös Symantecin sivut.
     
    Flash80, Aug 19, 2004
    #3
  4. jake87

    jake87 Member

    Joined:
    Jun 18, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    toivottavasti ymmärrät englantia:

    Profile Prevalence: low high
    Name W32/Rbot-GB
    Type Worm

    How it spreads Network shares
    Vulnerable operating systems Windows
    Side effects Allows others to access the computer
    Steals information
    Downloads code from the internet
    Records keystrokes
    Installs itself in the Registry

    Aliases Backdoor.Rbot.gen

    Please follow the instructions for removing worms.

    You will also need to edit the following registry entries, if present. Please read the warning about editing the registry.
    At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
    Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
    Locate the HKEY_LOCAL_MACHINE entries:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
    Microsoft Windows Update = msoffice2.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
    Microsoft Windows Update = msoffice2.exe
    and delete them if they exist.
    Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
    HKCU\[code number]\Software\Microsoft\Windows\CurrentVersion\Run\
    Microsoft Windows Update = msoffice2.exe
    and delete it if it exists.
    Close the registry editor.
    Check your administrator passwords and review network security.

    _X_X_X_X_X_[small]ultimate chainsaw=v8 baby.[/small]
     
    Last edited: Aug 19, 2004
    jake87, Aug 19, 2004
    #4
  5. Flash80

    Flash80 Member

    Joined:
    Mar 5, 2004
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    Jees.. Kiitoksia vaan. Sain poistettua se, mutta en ymmärrä, miksen pääse agentin antamalle sivulle? ja samoin oli siis symantecin ja muutamien muiden viruksen torjuntaan liittyviin sivuihin.
     
    Flash80, Aug 19, 2004
    #5
  6. Khauron

    Khauron Moderator Staff Member

    Joined:
    Jan 8, 2002
    Messages:
    1,112
    Likes Received:
    2
    Trophy Points:
    68
    - Tarkista rekisteristä, ettei Windowsia käynnistäessä käynnisty mitään ylimääräistä.
    - Tyhjennä hosts ja lmhosts -tiedostot
    - Aja virustorjunta
    - Aja Ad-Aware
     
    Khauron, Aug 19, 2004
    #6
  7. Flash80

    Flash80 Member

    Joined:
    Mar 5, 2004
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    No nyt pääsin ainakin Symantecin sivuille.. McAfee Stinger-ohjelma löysi joitain matoja viela AdAwaren ja Spy Hunterin jälkeenkin.
    Löytyi tällaisia:

    W32/sdbot.worm.gen
    W32/sdbot.worm.gen.u
    W32/sdbot.worm.gen.h
    Qhosts.apd

    Tuollaiset se poisti ja nyt toimii.. kiitos kaikille.
     
    Flash80, Aug 19, 2004
    #7

Share This Page