▲悪質なウィルスプログラムに悩まされて。。。。。WINDOWS defenderで削除されても、すぐに復活。
私の場合は
mybrowserとuninstallというプログラムが厄介でした。
グーグルクロームの一部にも付いてきたりした可能性もあり。
セーフモードで、ユーザー/appdata/local/TEMPファイルの中から怪しいファイルを片っ端から削除。
そのあと、拡張子を表示し、他のフォルダにも同じプログラムを発見し、削除。
registryファイルの中も調べて、怪しいファイルを削除。
下記、英語サイトの方法から分かる範囲で処置トライし、昨日からとりあえず、攻撃が止まった感じ。。。。
私の場合は
mybrowserとuninstallというプログラムが厄介でした。
グーグルクロームの一部にも付いてきたりした可能性もあり。
セーフモードで、ユーザー/appdata/local/TEMPファイルの中から怪しいファイルを片っ端から削除。
そのあと、拡張子を表示し、他のフォルダにも同じプログラムを発見し、削除。
registryファイルの中も調べて、怪しいファイルを削除。
下記、英語サイトの方法から分かる範囲で処置トライし、昨日からとりあえず、攻撃が止まった感じ。。。。
Method 1: Remove win32/detplock Virus Manually
Step 1. Show hidden files on your computer system by changing
system folder settings:
Here’s how to display hidden files and folders.
Here’s how to display hidden files and folders.
On Win7/Vista
1. Open Folder Options by clicking the Start button ,
clicking Control Panel, clickingAppearance
and Personalization, and then clicking Folder
Options.
2.Click the View tab.
3.Under Advanced settings, click Show hidden files, folders, and drives, and then clickOK.
2.Click the View tab.
3.Under Advanced settings, click Show hidden files, folders, and drives, and then clickOK.
On Win 8
1. Press Win key(the key that has Windows
logo) and R key together, and then type Control, hit Enter
2. Type “folder” into the search bar and select Show hidden files and folders.
2. Type “folder” into the search bar and select Show hidden files and folders.
3.
Then, click on the View tab at the top of the window.
4. Under Advanced Settings, locate “Hidden files and folders.” Select Show hidden files and folders just below that
4. Under Advanced Settings, locate “Hidden files and folders.” Select Show hidden files and folders just below that
5.Click on OK.
6. Hidden files will now be shown when performing searches in Windows Explorer.
6. Hidden files will now be shown when performing searches in Windows Explorer.
Step 2. Search for and remove malicious files generated by
win32/detplock on your Hard Drive.
CAUTION: Windows
stores many important settings in hidden files and folders. Do not modify or
delete hidden files if you do not know precisely what will happen as a result.
%program
files%\common files\system\win32/detplock.dll
%program files(x86)%\win32/detplock uninstall\
%programData%\win32/detplock.exe\
%appdata%\roaming\[win32/detplock].exe or folder
%Windows%\system32\driver\win32/detplock.sys
%users%\default\appdata\local\win32/detplock.log
%program files(x86)%\win32/detplock uninstall\
%programData%\win32/detplock.exe\
%appdata%\roaming\[win32/detplock].exe or folder
%Windows%\system32\driver\win32/detplock.sys
%users%\default\appdata\local\win32/detplock.log
Step 3. Go to Registry Editor and delete all its related registry
keys
The Registry Editor enables you to view, search for, and change
settings in your system registry, which contains information about how your
computer runs. Although you can use Registry Editor to inspect and modify the
registry, doing so is risky, as making incorrect changes can damage your
system.
1.
Open Registry Editor first:
On Win7/Vista
Click Start
In the Start Menu, either in the Run Box or Search box, type regedit and press Enter.
In the Start Menu, either in the Run Box or Search box, type regedit and press Enter.
If prompted by User
Account Control, click Yes to open the Registry Editor.
Once
opened successfully, you should be in the Windows Registry Editor Window,
similar to the example shown below.
On Win 8
Press
windows key + R key together
Type “regedit.exe” and run it
You can see the registry editor now.
Type “regedit.exe” and run it
You can see the registry editor now.
2.Look
for and delete malicious registry entries created by win32/detplock Virus
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{EAF386F0-7205-40F2-8DA6-1BABEEFCBE89}\2014.07.30.07.52.18]
“ProductName”=”win32/detplock”
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EAF386F0-7205-40F2-8DA6-1BABEEFCBE89}]
“DisplayName”=”win32/detplock”
[HKEY_USERS\S-1-5-21-3825580999-3780825030-779906692-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{50f25211-852e-4d10-b6f5-50b1338a9271}]
“DisplayName”=”win32/detplock”
“ProductName”=”win32/detplock”
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EAF386F0-7205-40F2-8DA6-1BABEEFCBE89}]
“DisplayName”=”win32/detplock”
[HKEY_USERS\S-1-5-21-3825580999-3780825030-779906692-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{50f25211-852e-4d10-b6f5-50b1338a9271}]
“DisplayName”=”win32/detplock”
Important Notes: Manual removal method requires certain level of
computer skills, if you dont do it correctly or remove the wrong system files,
your machine will not be able to satrt up. Therefore, you must be very careful
during the process. If you want to remove the pesky win32/detplock virus safely
and quickly, please refer to method 2 or method 3.
For Chrome
1.Click the Chrome menu on the browser
toolbar.
2.Click Tools.
3.Select Extensions.
2.Click Tools.
3.Select Extensions.
4.Click the trash can icon by the
extension you’d like to completely remove (related to win32/detplock).
5.A confirmation dialog appears, click Remove.
5.A confirmation dialog appears, click Remove.
For Firefox
1. Click the menu button
and choose Add-ons. The Add-ons Manager tab will open.
2.In the Add-ons Manager tab, select the Extensions or Appearance panel.
and choose Add-ons. The Add-ons Manager tab will open.
2.In the Add-ons Manager tab, select the Extensions or Appearance panel.
3. Select the add-on you wish to remove.
4. Click the Remove button.
5. Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
For Internet Explorer
1. Open Internet Explorer;
2. Press Alt+T, or Click on Gear Icon in the right-top corner;
3. Click Manage Add-ons;
4. Select Toolbars and Extensions;
2. Press Alt+T, or Click on Gear Icon in the right-top corner;
3. Click Manage Add-ons;
4. Select Toolbars and Extensions;
5. Find unwanted add-ons and Click Disable ;
6. Click More information button;
7. Click Remove
6. Click More information button;
7. Click Remove