กระดานแสดงความคิดเห็น

ปรับปรุง : 2566-10-15 (กระดานแสดงความคิดเห็น)

เว็บเพจหน้านี้สำหรับผู้ดูแลเท่านั้น
รหัส secure =>	นำตัวอักษร สีขาวบนพื้นแดง มาป้อนในช่องนี้
edit_topic_password =>
<center><table width=90% border=0 bgcolor=#000080><tr><td><font color=white size=4>จัดการกับ spy บางตัว</td></tr></table><table width=90% bordercolor=#000080 border=1><tr><td bgcolor=white><br>HKEY_CURRENT_USER\Software\aurora (delete whole section)<br /> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SvcProc (delete whole section)<br /> In the section...<br /> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<br /> ...you will see a very obvious value pointing to a file that Aurora has created in %System32%. The value will be...<br /> %System32%\randomname.exe r<br /> randomname is exactly that, but really easy to spot, both times I saw it, it was two different names, both were just 8 random characters long.<br /> in the key...<br /> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon<br /> It changes the value of the Shell key from...<br /> Explorer.exe<br /> to<br /> Explorer.exe %WindowsDir%\Nail.exe<br /> All I did here was change it back to Explorer.exe<br /> I haven't had any problems yet with this, so hopefully the above has killed it off for good.<br /> Pixie.<br><br></td></tr><tr><td align=right bgcolor=black><font color=white><small><b>จากคุณ :</b> บุรินทร์ <a href=mailto:></a><a title='202.29.78.93'>.</a><br> 01:52am (10/10/05)</font></td></tr></table></center>