Anonymous
Anonymous asked in 電腦與網際網路其他:電腦 · 1 decade ago

為何每到中午就說我中毒

為何每到中午就會出現這兩隻病毒呀

請問有辦法清掉這兩隻病毒嗎??

中毒的檔案: C:\System Volume Information\_restore{29B55C5C-8F41-416B-93A8-5B78C2BEE3F7}\RP61\A0008618.exe

病毒名稱: ADW_HOTBAR.C

中毒處理行動: 無法清除的病毒,已刪除中毒檔案。

中毒的檔案: C:\System Volume Information\_restore{29B55C5C-8F41-416B-93A8-5B78C2BEE3F7}\RP61\A0008619.dll

病毒名稱: ADW_HOTBAR.C

使用者名稱: user

中毒處理行動: 無法清除的病毒,已刪除中毒檔案。

Update:

可不可以說簡單一點呀

都是英文看不懂ㄟ

1 Answer

Rating
  • Anonymous
    1 decade ago
    Best Answer

    這是因為你電腦有安裝HOTBAR這個東東,你可以去"新增移除程式"去把它移除,再掃一次毒,應該就不會出現了,如果無法正常的移除HOTBAR,那就要按照下列方式一一處理嘍,會比較麻煩喔!

    Terminating the Adware Program

    This procedure terminates the running adware process. You will need the name(s) of the file(s) detected earlier.

    1.Open Windows Task Manager.

    » On Windows 95, 98, and ME, press

    CTRL+ALT+DELETE

    » On Windows NT, 2000, and XP, press

    CTRL+SHIFT+ESC, then click the Processes tab.

    2.In the list of running programs*, locate the adware file(s) detected earlier.

    3.Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.

    4.Do the same for all detected adware files in the list of running processes.

    5.To check if the adware process has been terminated, close Task Manager, and then open it again.

    6.Close Task Manager.

    如果還是不行,就繼續下列

    --------------------------------------------------------------------------------

    *NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the adware process. Otherwise, continue with the next procedure, noting additional instructions. Win95、98與WinMe 的工作管理員有時無法顯示該確切的程式,你可以下載微軟的 Process Explorer來檢視並結束該執行程式

    Removing Autostart Entries from the Registry 刪除相關的Regedit機碼

    Removing autostart entries from the registry prevents the adware from executing at startup.

    Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

    In the left panel, double-click the following:

    HKEY_LOCAL_MACHINE>Software>Microsoft>

    Windows>CurrentVersion>Run

    In the right panel, locate and delete the entry:

    Hotbar ="C:\Program Files\%Hotbar%\HbInst.exe /Upgrade"

    (Note: %Hotbar% is the directory created by this adware during installation.)

    In the left panel, look for and delete the following keys:

    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Office>

    Outlook>Addins>HbHostOL.HbMailAnim

    HKEY_CLASSES_ROOT>Contact.Contacts

    HKEY_CLASSES_ROOT>Contact.Contacts.1

    HKEY_CLASSES_ROOT>HbCoreServices.LfgAx

    HKEY_CLASSES_ROOT>HbCoreServices.LfgAx.1

    HKEY_CLASSES_ROOT>HbCoreSrv.HbCoreServices

    HKEY_CLASSES_ROOT>HbCoreSrv.HbCoreServices.1

    HKEY_CLASSES_ROOT>HbHostOL.HbElementFocus

    HKEY_CLASSES_ROOT>HbHostOL.HbElementFocus.1

    HKEY_CLASSES_ROOT>HbHostOL.HbMailAnim

    HKEY_CLASSES_ROOT>HbHostOL.HbMailAnim.1

    HKEY_CLASSES_ROOT>HbHostOL.HbWebmailSend

    HKEY_CLASSES_ROOT>HbHostOL.HbWebmailSend.1

    HKEY_CLASSES_ROOT>CLSID>

    {013A482E-1893-4f49-8D41-AC89156A6955}

    HKEY_CLASSES_ROOT>CLSID>

    {175652E8-8BCC-47C4-B591-0D630F469C19}

    HKEY_CLASSES_ROOT>CLSID>

    {1038DD23-8AE8-451B-A134-4DB8A49AA519}

    HKEY_CLASSES_ROOT>CLSID>

    {3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}

    HKEY_CLASSES_ROOT>CLSID>

    {60F630A2-41EC-11D5-B558-00D0B77F0A6D}

    HKEY_CLASSES_ROOT>CLSID>

    {6FE00B71-7251-4E00-9186-ED89BBB946B8}

    HKEY_CLASSES_ROOT>Interface>

    {17719B53-FAD1-11D4-A466-00508B5BA2DF}

    HKEY_CLASSES_ROOT>Interface>

    {20D21E02-8C1C-41FE-9826-DAB4C223436C}

    HKEY_CLASSES_ROOT>Interface>

    {3103E312-E1BB-49AB-80EB-0A92FCA78746}

    HKEY_CLASSES_ROOT>Interface>

    {31321312-E1BB-49AB-80EB-13212CA78746}

    HKEY_CLASSES_ROOT>Interface>

    {4BF4FAFA-186E-4E36-8F74-525290438D7B}

    HKEY_CLASSES_ROOT>Interface>

    {66291BEF-C867-43C0-A7B4-D13393814BCD}

    HKEY_CLASSES_ROOT>Interface>

    {7138714C-9819-4AB1-9A86-E7C413C9A99E}

    HKEY_CLASSES_ROOT>Interface>

    {7E33BC81-0818-11D5-B50D-00D0B77F0A6D}

    HKEY_CLASSES_ROOT>Interface>

    {927420A3-7259-4A74-B402-9329177EC3FC}

    HKEY_CLASSES_ROOT>Interface>

    {B00609A6-82AF-4C55-BBB8-ADC8593CEB86}

    HKEY_CLASSES_ROOT>Interface>

    {C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4}

    HKEY_CLASSES_ROOT>Interface>

    {DA603411-0593-11D5-A46B-00508B5BA2DF}

    HKEY_CLASSES_ROOT>Interface>

    {F64B26C1-07DE-11D5-B50D-00D0B77F0A6D}

    HKEY_CLASSES_ROOT>TypeLib>

    {5BA32D9E-F1BD-476C-AD42-97C9379A57A4}

    HKEY_CLASSES_ROOT>TypeLib>

    {60F63095-41EC-11D5-B558-00D0B77F0A6D}

    HKEY_CLASSES_ROOT\TypeLib\

    {6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}

    HKEY_CURRENT_USER\Software\Hotbar

    HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar

    Close Registry Editor.

    --------------------------------------------------------------------------------

    NOTE: If you were not able to terminate the adware process as described in the previous procedure, restart your system. 如果你無法結束該adware程序,請重新啟動你的電腦

    Additional Windows ME/XP Cleaning Instructions

    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and delete all files detected as ADW_HOTBAR.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.

    Details:

    Installation and Autostart

    Upon execution, this adware program creates the folder HOTBAR or HBINST under the Program Files folder and drops any of the following files:

    HBCORESRV.DLL

    HBHOSTIE.DLL

    HBHOSTOE.DLL

    HBHOSTOL.DLL

    HBINST.EXE

    HbInstIE.dll

    HBSRV.EXE

    HbToolbar.dll

    It then creates the following registry entry to ensure its automatic execution at every system startup:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

    CurrentVersion\Run

    Hotbar="C:\Program Files\%Hotbar%\HbInst.exe /Upgrade"

    (Note: %Hotbar% is the directory created by this adware during installation.)

    Components and Features

    This adware program has several .dll components. It also contains an export function that installs itself as a Browser Helper Object (BHO). The said BHO executes each time the Internet Explorer is opened.

    BHOs are programs installed unknowingly on affected systems. They are commonly not dangerous nor destructive. However, these programs can affect user's privacy and leak confidential information by monitoring user activity in the Internet Explorer.

    It has an executable component that installs some more of its components.

    Other version of this adware adds graphical skins and toolbars to the Internet Explorer browser. It also has special features that can add graphical plugins to the Microsoft Outlook and Microsoft Express toolbar.

    This adware also adds the following registry keys which contains installation information:

    HKEY_CURRENT_USER\Software\Hotbar

    HKEY_LOCAL_MACHINE\Software\Hotbar

    It also adds the following registry keys, which may vary with each component:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\

    Outlook\Addins\HbHostOL.HbMailAnim

    HKEY_CLASSES_ROOT\Contact.Contacts

    HKEY_CLASSES_ROOT\Contact.Contacts.1

    HKEY_CLASSES_ROOT\HbCoreServices.LfgAx

    HKEY_CLASSES_ROOT\HbCoreServices.LfgAx.1

    HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices

    HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices.1

    HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus

    HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus.1

    HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim

    HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim.1

    HKEY_CLASSES_ROOT\HbHostOL.HbWebmailSend

    HKEY_CLASSES_ROOT\HbHostOL.HbWebmailSend.1

    HKEY_CLASSES_ROOT\CLSID\

    {013A482E-1893-4f49-8D41-AC89156A6955}

    HKEY_CLASSES_ROOT\CLSID\

    {175652E8-8BCC-47C4-B591-0D630F469C19}

    HKEY_CLASSES_ROOT\CLSID\

    {1038DD23-8AE8-451B-A134-4DB8A49AA519}

    HKEY_CLASSES_ROOT\CLSID\

    {3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}

    HKEY_CLASSES_ROOT\CLSID\

    {60F630A2-41EC-11D5-B558-00D0B77F0A6D}

    HKEY_CLASSES_ROOT\CLSID\

    {6FE00B71-7251-4E00-9186-ED89BBB946B8}

    HKEY_CLASSES_ROOT\Interface\

    {17719B53-FAD1-11D4-A466-00508B5BA2DF}

    HKEY_CLASSES_ROOT\Interface\

    {20D21E02-8C1C-41FE-9826-DAB4C223436C}

    HKEY_CLASSES_ROOT\Interface\

    {3103E312-E1BB-49AB-80EB-0A92FCA78746}

    HKEY_CLASSES_ROOT\Interface\

    {31321312-E1BB-49AB-80EB-13212CA78746}

    HKEY_CLASSES_ROOT\Interface\

    {4BF4FAFA-186E-4E36-8F74-525290438D7B}

    HKEY_CLASSES_ROOT\Interface\

    {66291BEF-C867-43C0-A7B4-D13393814BCD}

    HKEY_CLASSES_ROOT\Interface\

    {7138714C-9819-4AB1-9A86-E7C413C9A99E}

    HKEY_CLASSES_ROOT\Interface\

    {7E33BC81-0818-11D5-B50D-00D0B77F0A6D}

    HKEY_CLASSES_ROOT\Interface\

    {927420A3-7259-4A74-B402-9329177EC3FC}

    HKEY_CLASSES_ROOT\Interface\

    {B00609A6-82AF-4C55-BBB8-ADC8593CEB86}

    HKEY_CLASSES_ROOT\Interface\

    {C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4}

    HKEY_CLASSES_ROOT\Interface\

    {DA603411-0593-11D5-A46B-00508B5BA2DF}

    HKEY_CLASSES_ROOT\Interface\

    {F64B26C1-07DE-11D5-B50D-00D0B77F0A6D}

    HKEY_CLASSES_ROOT\TypeLib\

    {5BA32D9E-F1BD-476C-AD42-97C9379A57A4}

    HKEY_CLASSES_ROOT\TypeLib\

    {60F63095-41EC-11D5-B558-00D0B77F0A6D}

    HKEY_CLASSES_ROOT\TypeLib\

    {6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}

    HKEY_CURRENT_USER\Software\Hotbar

    HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar

    2005-10-24 08:11:17 補充:

    不好意思,今天上來才看到你看不懂。

    基本上就是你要去移除hotbar,如果無法移除的話,再按趨勢的步驟做,我從頭告訴你,首先去"新增移除程式"移除hotbar,如果可移除那恭喜你,再掃毒一次一定掃不到病毒了,如非,者

    2005-10-24 08:11:45 補充:

    1.Open Windows Task Manager.

    » On Windows 95, 98, and ME, pressCTRL+ALT+DELETE

    » On Windows NT, 2000, and XP, pressCTRL+SHIFT+ESC, then click the Processes tab. -------Windows 95, 98, and ME按pressCTRL+ALT+DELETE,若是Windows NT, 2000, and XP, pressCTRL+SHIFT+ESC,然後去看這個視窗。

    2005-10-24 08:12:16 補充:

    2.In the list of running programs*, locate the adware file(s) detected earlier.

    在這視窗去把和hotbar相關的正執行的程式關畢,如不知道就把h開頭的全關。

    3.Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.

    2005-10-24 08:12:31 補充:

    4.Do the same for all detected adware files in the list of running processes.

    5.To check if the adware process has been terminated, close Task Manager, and then open it again. 3.和4.這段我不是很懂它的意思,基本上應該就是要你再去試試把電腦中之前無法移除的hotbar全部移除,再用搜尋的功能確認一下。

    2005-10-24 08:12:37 補充:

    6.Close Task Manager.

    如果上述的動作還是不行的話,我個人建議你看能不能重灌或ghost還原,因為再來的動作是要針對Regedit機碼,這個如果刪到系統檔,會影響到你電腦的正常運作的,由於複雜且多,所以我也無法一一解釋,不過基本上上述的動作如果你都完成,應該就不會再出現了。

    Source(s): 趨勢科技
Still have questions? Get your answers by asking now.