CodeCharge TAIWAN

http://www.nuker.com/container/details/ ... n32ssr.php

先用 fport 檢查什麼程式在使用網路

發現
win32ssr.exe 這隻程式在大量連線

確定是非本機服務(但是無法用系統管理員停止)

進安全模式

打開顯示所有檔案以及顯示系統檔
到windows目錄下找出win32ssr.exe 並且砍掉
Malware.win32ssr might create following files (some of the files might be loaded in memory while the software is running):

* %SYSTEMDRIVE%\U.exe

* %WINDOWS%\win32ssr.exe

* %SYSTEM%\perfont.exe

* %SYSTEM%\SVKP.sys

* %SYSTEM%\DRIVERS\netpt.sys

* %SYSTEM%\wbem\wmiprv.dll

Malware.win32ssr is often accompanied by the following tracking cookies:

n/a

Malware.win32ssr might create following registry keys (and inject subkeys and values):

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetPT

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfFont

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP

* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Win32Sr

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetPT

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfFont

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SVKP

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Win32Sr

再去找登錄檔
搜尋win32ssr 並且砍掉

重開機即可