症狀:
1.複製貼上無法使用。
2.RPC服務意外終止倒數60秒重新啟動
3.無法拖曳
4.網路有連線,但無法正常使用
判定:
開始工作管理員會發現,Ahnrpta.exe
解決方式:
移除AhnRpta.exe
以下移除方式引用至...... http://babyface.name/2009/02/27/how-to-remove-ahnrptaexe/
Ahnrpta.exe is a dangerous trojan/backdoor that can make your system slow or damage your whole system. It also locks your task manager sometimes.
There are several ways to remove this trojan.
You can remove it by downloading stopzilla or regrun or malwarebytes.
Or if you feel like removing Ahnrpta.exe manually, you can follow this steps:
1. Download REG UNLOCKER
2. Execute reg unlocker (select all options) and as quick as you can, open the task manager (CTR+ ALT +DEL) and kill the process EXPLORER.EXE (don’t worry if all programs start closing and you end with the task manager alone, that is the point)
3. Using the task manager kill the process AhnRpta.exe which is the virus of course you’ll have to do this dozens of times thru this tutorial, because it keeps starting itself again
4. run REGUNLOCKER again. With the task manager go to Applications–> New Task and write “explorer” (without quotes) Remember step 4. Now in the explorer window go to Tools — Folder Options — View and select “show hidden files and folders” accept and go to the task manager and kill “explorer.exe” there.
5. Dont forget step 4. Now, you only have open the task manager in the tab applications click New Task and write
“msconfig” without quotes, (never forget step 4) go to the start tab and look for olhrwef, deselect it, apply, but don’t restart the system, no yet.(step 4), now in the task manager, go to applications – New Task and write “regedit” without quotes. Browse the following path
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-4526-8C08-51278EA437C1}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-4526-8C08-51278EA437C1}\InprocSer…
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSI… F-882A-8C08-4526-51278EA437C1}
the last part can vary a little in each computer, but the firts dozen of numbers will be the same. Delete the keys (I mean, delete the last folder for example {BB4C402F-882A-4526-8C08-51278EA437C1} don’t delete the root folders or you will completly screw up your system.
also browse to
# [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W... entVersion\Explorer\ShellExecuteHooks]
* {BB4C402F-882A-4526-8C08-51278EA437C1} = “hook dll rising”
and delete the key… be careful in this part you don’t have to delete the complete folder, in the right pane look for the “hook dll rising” part and delete that one only.
Don’t forget step 4.
You can closes the registry and go back to the task manager. New task, click browse and go to
“c:\windows\” you will find the file “AhnRpta.exe” delete it.
Now go to “C:\WINDOWS\system32″ look for the file “olhrwef” and delete it (note: I didn’t found it in my pc but this part was in the original tutorial that I followed).
Also delete the following files in that folder
afmain0.dll
afmain1.dll
afmain2.dll
If you can’t find these files, repeat step 5 and try again.
留言列表
