回複：求助高手，PC中了木馬trojan.vundo.b, 用諾頓

Try this:

boot into safe mode, and see if you can delete the DLL.
If it still says winlogon.exe and explorer.exe are using that dll, try to kill those two processes and then try to delete the DLL.

To kill the processes:
Go to http://www.microsoft.com/whdc/ddk/debugging/, and download/install debugging tools. After you installed debugging tools, you will find kill.exe under the debugging tools directory. Use these command:
kill /f explorer.exe
kill /f winlogon.exe
Then delete the DLL. If it still says some other processes are using the dll, use tlist command (which is also available under the debugging tools directory)
tlist -m ddayv.dll
It will tell you what exes are using the DLL, and what the process IDs are. Then kill those processes using
kill /f xxxx.exe (or kill /f process-id).

This may delete the DLL, but it may not be able to really clean up the trajon for you.
Good luck.

• The name "kill.exe" makes me a -yu8366- ♀ (333 bytes) () 10/19/2005 postreply 10:50:31

• also try this if above fails.. -CutOnce- ♀ (891 bytes) () 10/19/2005 postreply 17:54:13

• Thank u all. So far no luck. -yu8366- ♀ (282 bytes) () 10/19/2005 postreply 23:34:03

• a tough one, uh :) -CutOnce- ♀ (509 bytes) () 10/20/2005 postreply 09:43:02

• I suspect it is a combined -yu8366- ♀ (493 bytes) () 10/20/2005 postreply 11:21:45