1. Click Start > Run.
2. Type regedit
3. Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
4. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A5CDF7EC-751B-46aa-AD69-4005FE080DE8}
5. In the right pane, delete the value:
"stubpath" = "[PATH TO TROJAN]\pligde.exe"
6. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0002BB0C-D318-FD27-0505-050505040105}
7. In the right pane, delete the value:
"StubPath" = "[PATH TO TROJAN]\wmedia.exe"
8. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
9. In the right pane, delete the value:
"stubpath" = "[PATH TO TROJAN]\explorer..exe s"
10. Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
11. In the right pane, delete the value:
"StartKey" = "[PATH TO TROJAN]\pligde.exe""MSN Messenger" = "[PATH TO TROJAN]\explorer..exe"
12. Navigate to and delete the subkeys:
HKEY_CURRENT_USER\SOFTWARE\SKav
HKEY_CURRENT_USER\Software\Wget
HKEY_LOCAL_MACHINE\SOFTWARE\SKav
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
13. Exit the Registry Editor.
2008年10月13日 星期一
2008年10月7日 星期二
無法存取 Windows Installer 服務。可能是因為 Windows 處於安全模式,或是 Windows Instaler 並未正確安裝。
1)使用記事本編寫 installer.reg 檔,內容如下:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer] "ImagePath"=- "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,\ 00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,\ 74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,\ 00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\ 56,00,00,00
然後存檔類型選所有檔案,文件命名為 installer.reg,記得存成".reg"格式。雙擊該檔,將檔案內容寫入REGISTRY。
2) 重新啟動電腦進入安全模式(啟動時按F8鍵,選安全模式
3) 開始->執行->打入cmd按enter,在命令提示字元視窗中輸入msiexec /regserver [ENTER] 這樣便可重新將Windows Installer安裝至服務中。
4) 重新啟動系統。
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer] "ImagePath"=- "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,\ 00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,\ 74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,\ 00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\ 56,00,00,00
然後存檔類型選所有檔案,文件命名為 installer.reg,記得存成".reg"格式。雙擊該檔,將檔案內容寫入REGISTRY。
2) 重新啟動電腦進入安全模式(啟動時按F8鍵,選安全模式
3) 開始->執行->打入cmd按enter,在命令提示字元視窗中輸入msiexec /regserver [ENTER] 這樣便可重新將Windows Installer安裝至服務中。
4) 重新啟動系統。
Cisco AAA authentication
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization configuration default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
tacacs-server host 192.168.1.29 key 7 06120C234D4002
tacacs-server host 192.168.90.18 key 7 1506080E052420
tacacs-server directed-request
aaa authentication login default group tacacs+ local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization configuration default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
tacacs-server host 192.168.1.29 key 7 06120C234D4002
tacacs-server host 192.168.90.18 key 7 1506080E052420
tacacs-server directed-request
訂閱:
文章 (Atom)