不慎中了Adware:Win32/FastSaveApp,IE浏览器被感染。
IE浏览器打开任意网站,MSE均报告风险,网上有很多处理方法(比如会安装浏览器扩展程序,但我的并没发现),但尝试过都无效,它会伪装成不同文件名,最终使用adwcleaner清理掉。
通过Log发现被感染的文件
View Code
***** [Files / Folders] *****
Folder Found : C:\ProgramData\BetterSoft
Folder Found : C:\ProgramData\InstallMate
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\TENCENT
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\TENCENT
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.onewebsearch.com?hp=CN-1000-01032013090145
-\\ Mozilla Firefox v16.0.1 (zh-CN)
File : C:\Users\localuser\AppData\Roaming\Mozilla\Firefox\Profiles\v8xs9g4j.default\prefs.js
Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("browser.startup.homepage", "hxxp://www.onewebsearch.com?hp=CN-1000-01032013090145");
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v [Unable to get version]
File : C:\Users\localuser\AppData\Local\Google\Chrome\User Data\Default\Preferences