徹底解決TSPY_WOW.IP的方法

✔ 最佳答案

請「按此」查看下列所引用的資料連結

類型 : Spyware

廣泛傳播 : 不

有破壞性的 : 不

語言 : English

受影響的系統 : Windows 98, ME, NT, 2000, XP, Server 2003

加密的 : 不

整體風險程度 :

圖片參考：http://www.trendmicro.com/global/common/images/icons/status-gray-long.gif

低度

偵測報告 :

圖片參考：http://www.trendmicro.com/global/common/images/icons/status-gray-long.gif

低度

系統影響 :

圖片參考：http://www.trendmicro.com/global/common/images/icons/status-red-long.gif

高度

資訊曝光 :

圖片參考：http://www.trendmicro.com/global/common/images/icons/status-red-long.gif

高度

描述:

This spyware may be downloaded from the Internet. It may also be dropped by another malware.
It is a self-extracting archive that drops several files into the Program Files and Windows system folders.
It monitors a list of IP addresses hardcoded in its body. The said IP addresses are servers of certain online games. Once an affected system accesses any of the said IP addresses, this spyware gathers information such as user names and passwords.
All gathered information are sent to a remote user.

TSPY_WOW.IB

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px-666666.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px-666666.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px-666666.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px-666666.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

全覽

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

解決方案

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

技術細節

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

統計

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

快速連結
友善列印頁面

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

至少需要的掃描引擎版本 : 7.500

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

Virus pattern version needed : 3.650.19

病毒碼公佈日期 : Aug 13, 2006

圖片參考：http://www.trendmicro.com/global/common/images/px.gif

解決方案:

Terminating the Spyware Program
Since this spyware uses a file name that is also the file name of a legitimate process, it is necessary to use third party process viewers such as Process Explorer, to isolate the spyware process itself.
If the process you are looking for is not in the list displayed by Process Explorer, proceed to the succeeding solution set.

Download Process Explorer.
Extract the contents of the compressed (ZIP) file to a location of your choice.
Execute Process Explorer by double-clicking procexp.exe.
In the Process Explorer window, locate the process:
SVCHOST.EXE
Right-click the spyware process, and choose Properties.
Check if the value for the Current Directory is the following:
%Program Files%\Win32
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
If yes, then right-click on the spyware process, and click Kill Process Tree.
Close Process Explorer.

*NOTE: On computers running all Windows platforms, if the process you are looking for is not in the list displayed by Process Explorer, continue with the next solution procedure, noting additional instructions. If the spyware process is in the list displayed by Process Explorer, but you are unable to terminate it, restart your computer in safe mode.

Deleting the Spyware File(s)

Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:
foo
In the Look In drop-down list, select the drive that contains Windows, then press Enter.
Once located, select the file then press Delete.
Repeat the steps above to delete the following files:

GServers.inf
LServers.inf
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.
Scan your computer with Trend Micro antivirus and delete files detected as TSPY_WOW.IB. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.

希望資料可以幫到你吧！不過；建議你重裝系統，這樣會讓你更加安心的。

2006-11-28 19:47:59 補充：
謝謝各下的選用。

回答 (1)