告訴

從SYMANTEC抄下來的，很簡單阿，就是刪掉病毒再修改一下注冊表而已。

To remove the Trojan:

1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.
3. Delete any files detected as PWSteal.Trojan.D. What you do next depends on whether NAV was able to delete files that it detected as infected with PWSteal.Trojan.D:
* If NAV was able to delete all the files that it detected as infected, go to the section To edit the registry.
* If NAV was not able to delete all files that it detected as infected, go on to the next section and see the instructions for your operating system.


To remove files that cannot be deleted by NAV:
Follow the instructions for your version of Windows only if NAV could not delete files that it detected as infected with PWSteal.Trojan.D.

* Windows 95/98/Me
1. Restart the computer in Safe Mode. For instructions on how to restart in Safe Mode, see the document How to restart Windows 9x or Windows Me in Safe Mode.
2. Run the scan again, and delete any files detected as PWSteal.Trojan.D.
3. When the scan is finished, go on to the section To edit the registry.
* Windows NT/2000
1. Press Ctrl+Alt+Delete one time.
2. Click Task Manager.
3. Click the Processes tab.
4. Click the "Image Name" column header two times to sort the processes alphabetically.
5. Scroll through the list and look for Molecule.exe. If you find the file, click it and then click End Process.
6. Close the Task Manager.
7. Run the scan again, and delete any files detected as PWSteal.Trojan.D.
8. When the scan is finished, go on to the section To edit the registry.


To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding.

1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to the key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
4. In the right pane, delete the value

Molecule
5. Exit the Registry Editor.
6. Restart the computer.
7. Run the scan again, and delete any files detected as PWSteal.Trojan.D.


To detect any data that might have been stolen by the Trojan:

1. Right-click the My Computer icon on the Windows desktop, and click Explore.
2. In the left pane of Windows Explorer, right-click drive C and then click Find or Search.
3. In the "Named" or "Search for..." box, type--or copy and paste--the following file name:

*.mol
4. Click Find Now or Search Now. The following files could be found:

OldAddFile.mol
Molewin.mol
Moleadd.mol
5. When the search is finished, open each file in turn in a text editor such as Notepad. To do this:
1. Press and hold down the Shift key, and then right-click one of the files that was found.
2. Click "Open With." The Open With dialog box appears.
3. Scroll down the list of programs and choose Notepad. Make sure that you do not check "Always use this program."
4. Click OK.
5. Analyze the contents of all found .mol files. These files might contain private information stolen from your computer.

NOTE: The Trojan constantly updates and rewrites these files. If you have not found any sensitive information in these files, it does not necessarily mean that no data has been intercepted from your computer. If the PWSteal.Trojan.D has been detected on your computer, you are strongly advised to take additional security measures, such as changing your login passwords or blocking or changing accounts such as online banking.