Trojan.PWS.Wow Removal Tool 0.2 Build0802

Trojan.PWS.Wow Removal Tool 0.2 Build0802 Written in VB.net Use it AT YOUR OWN RISK 有關WINLOGON,LSASS,SMSS這系列的木馬 Dr.Web: Trojan.PWS.Wow Symantec: Infostealer.Wowcraft 啟動項(其中之一): TProgram ToP Torjan Program Process (其中之一): %WinDir%\WINLOGON.exe %WinDir%\SMSS.exe %WinDir%\LSASS.exe 檔案(包括不同的變種,不同的變種可能有不同): %WinDir%\1.com %WinDir%\SMSS.exe %WinDir%\SERVICES.exe %WinDir%\LSASS.exe %WinDir%\WINLOGON.exe %WinDir%\ExERoute.exe %WinDir%\EXPLORER.com %WinDir%\FINDER.com %WinDir%\EXERT.exe %WinDir%\IO.SYS.BAK %WinDir%\Debug\DebugProgram.exe %WinDir%\Shell.sys %WinDir%\Winsock32.DLL.SCF %System%\Anskya0.exe %System%\Anskya1.exe %System%\rundll32.com %System%\finder.com %System%\msconfig.com %System%\dxdiag.com %System%\regedit.com %System%\command.pif %System%\i.com %CommonProgramFiles%\intexplore.pif %CommonProgramFiles%\inexplore.pif %CommonProgramFiles%\iexplore.pif %ProgramFiles%\Internet Explorer\Intexplore.com %ProgramFiles%\Internet Explorer\Inexplore.com %ProgramFiles%\Internet Explorer\iexplore.com %SystemDrive%\bootconf.exe %SystemDrive%\command.com %SystemDrive%\command.exe %SystemDrive%\pagefile.pif D:\command.com D:\pagefile.pif PS: -%WinDir%是環境變數,一般Windows XP(Windows),2000(WINNT) -%System%是環境變數,一般Windows XP,2000為System32 -%CommonProgramFiles%是環境變數,一般Windows都是Common Files(在%ProgramFiles%內) -%ProgramFiles%係環境變數,一般Windows都是Program Files -%SystemDrive%係環境變數 ============= 使用方法: a) 先檢查系統是否裝上了Microsoft .NET Framework 2.0 你可以到X:\WINDOWS\Microsoft.NET\Framework下,看看有沒有v2.0.XXXXX的資料夾 如果有,可以繼續 如果沒有,先裝上Microsoft .NET Framework 2.0 http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5 b) 下載Trojan.PWS.Wow Removal Tool v0.2 Build0802 到 桌面 c) 進行解壓後,執行 Trjwow_rem.com, 按 Do a quick scan and save a logfile 生成報告,報告會生成到 %SystemDrive%\Search_WOW.log d) 再按 Destroy 就可以進行清除 + Restore Registry + Repair File assoc.,報告會生成到%SystemDrive%\Remove_WOW.log