Anonymous
Anonymous asked in 電腦與網際網路硬體桌上型電腦 · 2 decades ago

討厭的istsvc病毒怎麼移都移不了?(10唷)

討厭的istsvc病毒怎麼移都移不了?

用微軟ㄉ官網掃也說沒問題

用清廣告軟體掃.掃ㄉ到但清不掉

用終止"處理效能"還是會跑出來

找到他ㄉ路徑要刪他也無法刪

天阿..

陰魂不散

我在新增移除地方.有時他會短暫不見

但在去看他又出現ㄌ

請高人救我ㄅ

3 Answers

Rating
  • 2 decades ago
    Favorite Answer

    全文:

    http://www.trendmicro.com/vinfo/zh-tw/virusencyclo...

    說明:

    This Trojan installs itself as ISTSVC.EXE in its created folder, C:\Program Files\ISTsvc. It downloads and installs programs without the user consent.

    This malware accesses the following URL:

    http://www.sl<BLOCKED>tch.com/ist/scripts/istsvc_a...

    The script embedded in this URL triggers advertisements to be displayed. The domain host is a legitimate Internet search Web site however.

    It runs on Windows 95, 98, ME, NT, 2000 and XP.

    解決方案:

    Identifying the Malware Program

    To remove this malware, first identify the malware program.

    Scan your system with your Trend Micro antivirus product.

    NOTE all files detected as TROJ_ISTBAR.DA.

    Trend Micro customers need to download the latest pattern file before scanning their system. Other Internet users may use Housecall, Trend Micro free online virus scanner.

    Terminating the Malware Program

    This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

    Open Windows Task Manager.

    On Windows 95/98/ME systems, press

    CTRL+ALT+DELETE

    On Windows NT/2000/XP systems, press

    CTRL+SHIFT+ESC, then click the Processes tab.

    In the list of running programs*, locate the malware file or files detected earlier.

    Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.

    Do the same for all detected malware files in the list of running processes.

    To check if the malware process has been terminated, close Task Manager, and then open it again.

    Close Task Manager.

    *NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

    Deleting the Malware Files

    Right-click Start then click Search?or Find?depending on your version of Windows.

    In the Named input box, type:

    istsvc.exe

    In the Look In drop-down list, select the drive which contains Windows, then press Enter.

    Once located, select the file then hit Delete.

    Removing Autostart Entries from the Registry

    Removing autostart entries from the registry prevents the malware from executing during startup.

    To remove the malware autostart entries:

    Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.

    In the left panel, double-click the following:

    HKEY_LOCAL_MACHINE>Software

    In the right panel, locate and delete the entry or entries:

    STsvc?

    In the left panel, double-click the following:

    HKEY_LOCAL_MACHINE>Software>Microsoft>

    Windows>CurrentVersion>Run

    In the right panel, locate and delete the entry or entries:

    IST Service = "C:\Program Files\ISTsvc\istsvc.exe"

    Close Registry Editor.

    NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.

    Resetting Internet Explorer Homepage and Search Page

    This procedure restores the Internet Explorer homepage and search page to the default settings.

    Close all Internet Explorer windows.

    Open Control Panel. Click Start>Settings>Control Panel.

    Double-click the Internet Options icon.

    In the Internet Properties window, click the Programs tab.

    Click the eset Web Settings? button.

    Select lso reset my home page.?Click Yes.

    Click OK.

    Additional Windows ME/XP Cleaning Instructions

    Running Trend Micro Antivirus

    Source(s): 趨勢科技
  • 2 decades ago

    開始功能表--執行--regedit

    編輯--搜尋--istsvc.exe

    找到的都殺掉

    一直重複到找不到為止

    動到登錄檔

    事情可大可小

    建議先用系統還原試試

    因為登錄檔弄不好

    小則驅動程式重來

    大則整台無法進系統得殺掉重灌

    要動登錄檔的話建議找看得懂的朋友在旁協助比較保險唷

    Source(s): 多年維修經驗
Still have questions? Get your answers by asking now.