[TMG] Re: Ziwagawu.dll,jumidani.dll,howivuti.dl (long mail)

Nawanan Theera-Ampornpunt nawanan.rama at gmail.com
Mon Jan 12 06:46:16 ICT 2009 

ÃÒ§ҹÊÃØ»ãËéÊÁÒªÔ¡·ÃÒºà¼×èÍà»ç¹à¡Ãç´àÅç¡à¡Ãç´¹éÍÂËÒ¡ÂѧäÁè·ÃÒº¤ÃѺ ÊÓËÃѺ¤¹·Õèãªé Linux
ËÃ×Í Unix-compatible systems ¡ç¤§¨ÐäÁèµéͧ·ÓÍÐäÃÍÂèÒ§¹Õé
áµèÊÓËÃѺ·èÒ¹·ÕèàËÅ×Í·ÕèÂѧµéͧ¨ÓÂÍÁÍÂÙèã¹âÅ¡áËè§ Microsoft ¡çÅͧÍèÒ¹´Ù¤ÃѺ

⪤´Õ·Õè malware ·Õè¤Ø³ËÁ͸¹Ôµà¨Í äÁè complicated µÍ¹áá¼ÁãËéàªç¤ Start -> All
Programs -> Startup «Öè§à»ç¹ folder ·Õèà¡çº shortcuts ¢Í§â»Ãá¡ÃÁ·Õè Windows ¨Ð
run ·Ø¡¤ÃÑ駷Õèà¢éÒ Windows ´ÙÇèÒÁÕâ»Ãá¡ÃÁÍÐä÷ÕèäÁè¤Øé¹ÍÂÙèºéÒ§ ¡çäÁèà¨ÍÍÐäüԴ»¡µÔ ¨Ö§ãËéà¢éÒ
Registry Editor â´Â Start -> Run... -> ¾ÔÁ¾ìÇèÒ regedit áÅéÇ¡´ OK

ã¹ Registry Editor ¡ç browse ä»·Õè 2 locations ·Õè Windows
ÁÑ¡¨Ðà¡çº¤èҢͧâ»Ãá¡ÃÁ·Õè¨ÐÊÑè§ run ·Ø¡¤ÃÑ駷Õèà¢éÒ Windows àªè¹¡Ñ¹ Locations àËÅèÒ¹Õé¤×Í
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run áÅÐ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

ã¹¹Ñ鹨ÐÁÕÍÐäÃàÂÍÐáÂÐ «Ö觺ҧâ»Ãá¡ÃÁ¡ç¨Ðà»ç¹·Õè¤Øé¹à¤Â´ÕËÒ¡ã¤ÃÁÕâ»Ãá¡ÃÁ·Õè run
·Ø¡¤ÃÑ駷Õèà»Ô´à¤Ã×èͧ áµè¡ç¨ÐÁÕËÅÒÂÍÂèÒ§·ÕèäÁè¤Øé¹ «Ö觺ҧµÑÇ¡ç¨Ðà»ç¹â»Ãá¡ÃÁ¨ÃÔ§æ ·ÕèÊӤѭÊÓËÃѺ
Windows ËÃ×Í¡Ò÷ӧҹ¢Í§ hardware ºÒ§ÍÂèÒ§ ºÒ§â»Ãá¡ÃÁ¡ç¨Ðà»ç¹â»Ãá¡ÃÁ¢Í§ user
·ÕèÍÒ¨¨ÐÂѧµéͧ¡ÒÃäÇéÍÂÙè áµè¡çÍÒ¨¨Ðà¨ÍÍÐäûÃÐËÅÒ´æ ·Õè¨ÃÔ§æ áÅéÇà»ç¹ malware (àªè¹
spyware, trojan ËÃ×Í malware »ÃÐàÀ·Í×è¹ä´é) ¡çµéͧźÍÍ¡

¢Í§¤Ø³ËÁ͸¹Ôµ à¨Í¤èҢͧ file 3 µÑǹÑé¹ ã¹
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
àÁ×èÍźàÊÃç¨ áÅéÇ boot ãËÁè ¡çÂ×¹ÂѹÇèÒäÁèÁÕ error message áÅéÇ »Ñ­ËÒ¨Ö§à·èҡѺ¨º
(áµèã¹ËÅÒ¡óշÕè¼Áà¤Âà¨Í ¨Ðà»ç¹ malware ·Õè©ÅÒ´ ¡ç¨Ð½Ñ§µÑÇàͧ㹷ÕèÍ×è¹æ ·ÕèàÃÒäÁèÃÙé ¾Íź
registry ¢Í§ÁѹÍÍ¡áÅéÇ boot ãËÁè Áѹ¡ç¨ÐËÒ·Ò§à¢éÒÁÒä´éÍÂÙè´Õ ¡Ã³Õ¹ÕéÍÒ¨µéͧãªé
Antivirus ËÃ×Í Anti-spyware ªèÇ («Ö觺èͤÃÑ駡çäÁèªèÇÂ) ºÒ§¤ÃÑ駡çµéͧãªéâ»Ãá¡ÃÁÍ×è¹æ
·ÕèÂÒ¡¡ÇèÒ àªè¹ HijackThis ËÃ×Í smitfraudfix
ºÇ¡¡Ñº¤ÇÒÁªÓ¹Ò­¢Í§¤¹ªèÇÂ㹡ÒÃÃ×éÍ´ÙÇèÒÁѹ¨Ð仫è͹ÍÂÙèµÃ§ä˹ä´éºéÒ§
áÅжéÒÂѧ䧡çàÍÒÍÍ¡äÁèä´é áÅÐäÁèÁÕ¢éÍÁÙÅ online ·Õèà»ç¹»ÃÐâª¹ì ¡çÍÒ¨¨Ðµéͧ format áÅéÇ
install Windows ãËÁè

¹Í¡¨Ò¡ã¹ Start Menu's startup folder áÅéÇ ã¹ Registry locations 2
áË觷Õè¼ÁºÍ¡¹Ñé¹ á¹Ð¹ÓãËé user à¢éÒä»ËÑ´´Ù¤ÃѺ
à¾×èÍ·Õè¨Ðä´é·Ó¤ÇÒÁ¤Øé¹à¤ÂÇèÒ»¡µÔÁÕâ»Ãá¡ÃÁÍÐäÃÍÂÙèºéÒ§
͹ҤµàÇÅÒà¡Ô´»Ñ­ËÒÍÂèÒ§¤Ø³ËÁ͸¹Ôµ¡çÍÒ¨¨Ðà¨ÍµÑÇ»ÃÐËÅÒ´·Õè add µÑÇàͧ㹠registry
§èÒ¢Öé¹ áÅÐÊÓËÃѺ¤¹·ÕèàÇÅÒà¢éÒ Windows ¨Ð¤è͹¢éÒ§ªéÒ
(ºÒ§¤¹¶Ö§¢¹Ò´ä»ª§¡Òá¿àÊÃ稡çÂѧäÁèàÊÃç¨) ¹Í¡¨Ò¡»Ñ­ËÒ´éÒ¹ hardware (àªè¹ RAM, hard
disk space áÅÐ CPU speed) áÅéÇ ÊÔ觷ÕèªèÇÂä´é¡ç¤×Í¡ÒÃźâ»Ãá¡ÃÁºÒ§ÍÂèҧ㹠registry
·Ñé§ 2 locations ·Ôé§ ¶éÒÁѹäÁèä´é¨Óà»ç¹ÊÓËÃѺ¡Ò÷ӧҹ¢Í§ÃкºËÃ×ÍÎÒÃì´áÇÃì

á¹è¹Í¹ÇèÒ¡ÒèзÓÍÐäáѺ registry µéͧÃÐÇѧÁÒ¡æ à¾ÃÒзӼԴáÅéÇ Windows ¾Ñ§ä´éàÅÂ
(áµèäÁèà¡ÕèÂǡѺ hardware ¨Ö§ reinstall Windows ä´é) µÃǨ´ÙãËéá¹èã¨ÇèÒµÑÇàͧÍÂÙè¶Ù¡
location á¹è (à¾ÃÒÐÊèǹãË­èª×èÍÁѹ¤ÅéÒÂæ ¡Ñ¹) ¡è͹źËÃ×Íá¡éä¢ registry áÅФÇÃ
backup registry äÇé¡è͹ ¨Ðä´éàÍҤ׹ä´éËÒ¡à¡Ô´»Ñ­ËÒ ¹Í¡¨Ò¡¹Õé ¡Òè´¤èÒµèÒ§æ
äÇé¡è͹¨ÐźËÃ×Íá¡éä¢ ¡çªèÇÂä´é¤ÃѺ ÃÇÁ·Ñ駡è͹¨ÐźÍÐä÷ÕèµÑÇàͧäÁè¤Øé¹à¤ÂËÃ×ÍäÁèá¹èã¨
¤ÇûÃÖ¡ÉÒ¼ÙéÁÕ»ÃÐʺ¡ÒóìËÃ×ÍËÒ¢éÍÁÙÅÍ͹äŹì¡è͹
ÍÂèÒźà¾Õ§à¾ÃÒÐÊÁÁµÔ°Ò¹ÇèÒàÃÒäÁèÃÙé¨Ñ¡ËÃ×ͤØé¹à¤Â¡ÑºÁѹ

Íա˹Öè§ tip ·ÕèÍÒ¨¨Ðà»ç¹»ÃÐ⪹ì¡ç¤×Í ¡ÒÃËÒÃÒª×èÍâ»Ãá¡ÃÁ·Õè Windows ¨Ð run
·Ø¡¤ÃÑ駷Õèà¢éÒ Windows ÁÕËÅÒÂáËè§ ·Õè¼ÁºÍ¡¢éÒ§º¹à»ç¹ most common áµèÂѧäÁè¤Ãº¶éǹ
¢éÒ§ÅèÒ§¤×Íà·èÒ·Õè¼Á¤Ô´ÇèҤú¶éǹ¤ÃѺ
1. ã¹ Start -> All Programs -> Startup
2. ã¹ Registry Editor ·Õè
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run áÅÐ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
3. Start Menu -> All Programs -> Administrative Tools -> Services ¤ÃѺ
áµèÍÒ¨¨Ð´ÙÂҡ˹èÍ ¤§µéͧãËé¼ÙéÁÕ»ÃÐʺ¡ÒóìªèÇ´Ù
4. ã¹ C:\Windows\win.ini (ÁÕ¤ÇÒÁÊӤѭÊÁÑ Windows 3.1 - Windows 95
áµèÅ´¤ÇÒÁÊӤѭŧáÅÐá·ºäÁèÁÕ¤ÇÒÁÊӤѭ㹻Ѩ¨ØºÑ¹ áµèËÒ¡ËÒ program ã¹·ÕèÍ×è¹äÁèà¨Í ¡ç
worth ·Õè¨ÐËÒã¹¹Õé´éǤÃѺ)
(äÁèÃÙéÁÕ·ÕèÍ×è¹·Õè¼ÁäÁè·ÃÒºËÃ×Íà»ÅèÒ ã¤Ã·ÃÒºªèÇÂà¾ÔèÁàµÔÁ´éǤÃѺ)


¹Ç¹Ãù








Thanit Hasadsri wrote:
> ¤Ø³ËÁ͹ÃóÍÒÊÒ ªèÇÂá¡éãËé
> ·Ó·Ò§â·ÃÈѾ·ìÃÒÇ ñõ ¹Ò·Õ
> ¡çàÃÕºÃéÍ ¤ÃѺ
> 
>

More information about the Thai-l mailing list