求救, 如何殺W32.Sinnaka.A@mm

Intmon.exe 和Intmop.exe
進程關不掉, 關了又開,

如果是關了之後，電腦重新啟動又開了，可以在關掉進程后，不關機，進入C:/WINDOWS/SYSTEM32，找到這個兩文件，刪除。
如果電腦沒有重啟的情況下，進程又回來了，說明這兩個文件還不是病毒源文件，還得繼續查找。

斷網，設置系統密碼，安全模式下查殺！

終於殺了.

Virus information
Troj/Puper-D

Type  Trojan

Affected operating systems Windows

Side effects Drops more malware
Installs itself in the Registry

Aliases trojan-clicker.win32.agent.dj
trojan.win32.zapchast
w32/adclicker.dn
puper.dll
trojan.popuper

Troj/Puper-D is a browser hacking Trojan for the Windows platform, modifying settings for Microsoft Internet Explorer, including Start Page and search settings.
When Troj/Puper-D is installed the following files are created:
<System>\hhk.dll
<System>\intmon.exe
<System>\hpXX.tmp - where XX denotes randomly generated characters.
Sophos Anti-Virus will detect each of these files as Troj/Puper-D, in addition to detecting the main file shnlog.exe.

This section tells you how to disinfect.


The restarting of the main process by intmon.exe only works if the main Trojan file is named shnlog.exe.
Therefore, both processes can be terminated by changing the name of the file shnlog.exe, then terminating the shnlog.exe process.
intmon.exe will then terminate itself when it cannot find the main file to re-execute it. Both files can then be deleted and the registry cleaned.
After shnlog.exe has been cleared from the system, standard procedures can be used for disinfection of the other two components.