Win32/Xema.A Win32/Xema.A
Win32/Xema.AThreat Level: Win32/Xema.AThreat级别: 
Win32/Xema.A , AKA Troj/Agent-FXF, Backdoor.Win32.Agobot.h, is a trojan that drops a worm with backdoor characteristics into your system. Win32/Xema.A,又名Troj / Agent的FXF,Backdoor.Win32.Agobot.h,是一个木马,下降一个到您的系统后门蠕虫病毒的特征。 The worm will spread through removable drives through their autorun function.该蠕虫会通过可移动驱动器传播通过其自动运行功能。
Win32/Xema.A steals private information such as your computer name, IP address, and operating system info, and, by launching IE in the background, reports these details to remote servers at 11.36.299.234 and/or http://httpdocs. Win32/Xema.A次抢断,如您的计算机名称,IP地址的私人信息,和操作系统信息,并通过在后台启动IE浏览器,在11.36.299.234报告和/或http://httpdocs这些细节到远程服务器。 From this hive, Win32/Xema.A then accepts download instructions to install more malware into your PC.从这个配置单元,然后接受Win32/Xema.A下载说明安装更多的恶意软件到您的电脑。
Win32/Xema.A also modifies the registry to hide system files, making it very difficult to detect and remove – but not impossible. Win32/Xema.A还会修改注册表以隐藏的系统文件,使得它很难检测和删除-但并非不可能。 We'll show you how to get rid of Win32/Xema.A for free.我们会告诉你如何摆脱对Win32/Xema.A免费。
GET RID of Win32/Xema.A摆脱Win32/Xema.A
- Manually remove Win32/Xema.A with step-by-step instructions手动删除与分步说明Win32/Xema.A
- Download Spyware Doctor to automatically remove Win32/Xema.A下载Spyware Doctor自动删除Win32/Xema.A
- You can你可以 download award-winning, anti-badware software SpywareDoctor下载屡获殊荣,反有害软件软件SpywareDoctor to easily remove Win32/Xema.A.轻松消除Win32/Xema.A。 Want to know why I dig SpywareDoctor?想知道为什么我挖SpywareDoctor? Read my review.看我的检讨。
Do You Have Win32/Xema.A?你有Win32/Xema.A?
When you're infected with badware — whether it's Win32/Xema.A, spyware, adware, a Trojan, or a virus — there are a few key symptoms.当你感染了恶意软件-无论是Win32/Xema.A,间谍软件,广告软件,木马,或病毒-有几个关键的症状。 Have you noticed…你注意到...
- Slow computer performance : It just takes one parasite like Win32/Xema.A to slow your computer dramatically. 慢速计算机性能 :它只是需要一个这样Win32/Xema.A寄生虫放慢您的计算机显着。 If your PC takes longer than usual to reboot, or if your Internet connection is unusually slow, you may be infected with Win32/Xema.A.如果您的电脑需要比通常要重新启动,或者如果您的Internet连接异常缓慢长,你可能感染Win32/Xema.A。
- New desktop shortcuts or switched homepage : Badware like Win32/Xema.A may change your Internet settings to redirect your homepage to another site. 新的桌面快捷方式或交换网页 :像Win32/Xema.A恶意软件可能会改变您的互联网设置您的网页重定向到另一个站点。 Badware can even add desktop shortcuts to your PC.恶意软件甚至可以添加桌面快捷方式到您的PC。
- Annoying popups : Badware can bombard your computer with popup ads, even when you're not online. : 恼人的弹出式窗口 ,恶意软件可以轰炸您的计算机上弹出的广告,即使你不在线。 Through these popups, you may be tricked into downloading more spyware.通过这些弹出式窗口,您可能会欺骗用户下载更多的间谍软件。
How to Remove Win32/Xema.A Manually如何删除Win32/Xema.A手动
Before we get started, you should backup your system and your registry, so it'll be easy to restore your computer if anything goes wrong.在我们开始之前,您应该备份您的系统注册表,因此它很容易恢复,如果您的电脑出了岔子。
To remove Win32/Xema.A manually, you need to delete Win32/Xema.A files.要删除Win32/Xema.A手动,您需要删除Win32/Xema.A文件。 Not sure不能确定 how to delete Win32/Xema.A files如何删除Win32/Xema.A文件 ? ? Click here点击这里 , and I'll show you. ,我会告诉您。 Otherwise, go ahead and…否则,请继续...
Delete Win32/Xema.A Files: 删除Win32/Xema.A文件:
c_19460.nls – detected as Win32/Xema.A virus c_19460.nls -作为Win32/Xema.A病毒检测
c_20462.nls – detected as Win32/Xema.A trojan c_20462.nls -作为Win32/Xema.A木马检测
inter32.dll – detected as Win32/Xema.A worm inter32.dll -作为Win32/Xema.A蠕虫检测
shell64.dll – detected as Win32/Xema.A worm Shell64.dll中-作为Win32/Xema.A蠕虫检测
shlmon.exe – detected as Win32/Xema.A worm shlmon.exe -检测为Win32/Xema.A蠕虫
w1234.exe – detected as Win32/Xema.A trojan w1234.exe -检测为Win32/Xema.A木马
serlibk.exe – detected as Win32/Xema.A trojan serlibk.exe -检测为Win32/Xema.A木马
windfire.exe – detected as Win32/Xema.A trojan windfire.exe -检测为Win32/Xema.A木马
windfire2.exe – detected as Win32/Xema.A trojan windfire2.exe -检测为Win32/Xema.A木马
msregsv.exe – copy of “cmd.exe” or command.com, depending on the affected operating system msregsv.exe -对“Cmd.exe的副本”或command.com,在受影响的操作系统而异
config\systemevent.log配置\ systemevent.log
config\software.chk配置\ software.chk
config\Temporary Internet Files\配置\ Temporary Internet Files文件\
%Startup%\officexp.exe\Win32/Xema.A %启动%\ officexp.exe \ Win32/Xema.A
%System%\config\Temporary Internet Files\*.iau %系统%\配置\ Temporary Internet Files文件\ *.天文学
RemoveWin32/Xema.A Register Keys: RemoveWin32/Xema.A注册键:
“shell32.dll” = “%System%\shell64.dll” “Shell32.dll中”=“%系统%\ Shell64.dll中”
Find “ShowSuperHidden” and re-set value to 1寻找“ShowSuperHidden”,并重新设置其值为1
Delete Win32/Xema.A DLL files: 删除Win32/Xema.A DLL文件:
Delete Win32/Xema.A Files on Removable Drives: 删除可移动驱动器Win32/Xema.A文件:
Note: In any Win32/Xema.A files I mention above, “%UserProfile%” is a variable referring to your current user's profile folder. 注:在任何Win32/Xema.A我上面提到的文件,“为%USERPROFILE%”是指一个变量的当前用户的配置文件夹。 If you're using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (eg, “C:\Documents and Settings\JoeSmith”). 如果您使用默认的Windows NT/2000/XP的,这是“C:\ Documents和Settings \ [当前用户]”(例如类,“C:\ Documents和Settings \ JOESMITH”的)。 If you have any questions about manual Win32/Xema.A removal, go ahead and leave a comment. 如果您对手工Win32/Xema.A清除,请继续发表评论的任何问题。
How Do You Remove Win32/Xema.A Files?你如何删除Win32/Xema.A文件?
Need help figuring out how to delete Win32/Xema.A files?需要帮助解决如何删除Win32/Xema.A文件吗? While there's some risk involved, and you should only manually remove Win32/Xema.A files if you're comfortable editing your system, you'll find it's fairly easy to delete Win32/Xema.A files in Windows.虽然有一些涉及的危险,你应该只手动删除Win32/Xema.A文件如果你舒服编辑您的系统,你会发现它很容易在Windows Win32/Xema.A删除的文件。
How to delete Win32/Xema.A files in Windows XP and Vista: 如何删除Windows XP和Vista Win32/Xema.A文件:
- Click your Windows Start menu, and then click “ Search .”单击您的Windows 开始菜单,然后点击“ 搜索 ”。
- A speech bubble will pop up asking you, “ What do you want to search for? ” Click “ All files and folders .”阿讲话泡沫会弹出问你,“ 你要查找 ?”点击“ 所有文件和文件夹 。”
- Type a Win32/Xema.A file in the search box, and select “ Local Hard Drives .”请在搜索框中Win32/Xema.A文件,然后选择“ 本地硬盘驱动器 。”
- Click “ Search .” Once the file is found, delete it.点击“ 搜索”。一旦找到该文件,删除它。
How to stop Win32/Xema.A processes: 如何有效地防止Win32/Xema.A过程:
- Click the Start menu, select Run .单击开始菜单,选择运行 。
- Type taskmgr.exe into the the Run command box, and click “ OK .” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC . 键入 taskmgr.exe到运行命令框中,然后点击“ 确定 ”。您也可以通过按启动键 CTRL任务管理器+ SHIFT键 + ESC键 。
- Click Processes tab, and find Win32/Xema.A processes.单击进程选项卡,找到Win32/Xema.A进程。
- Once you've found the Win32/Xema.A processes, right-click them and select “ End Process ” to kill Win32/Xema.A.一旦你找到了Win32/Xema.A过程中,右键单击并选择“结束进程 ”杀死Win32/Xema.A。
How to remove Win32/Xema.A registry keys: 如何删除Win32/Xema.A注册表项:
Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it.由于注册表是如此您的Windows系统的关键部分,你应该总是备份注册表,然后再进行编辑。 Editing your registry can be intimidating if you're not a computer expert, and when you change or a delete a critical registry key or value, there's a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.编辑注册表,可吓人,如果你不是一个电脑专家,当您更改或删除关键注册表项或值,有一个机会,你可能需要重新安装整个系统。 确保您的备份您编辑注册表之前 , 它。
- Select your Windows menu “ Start ,” and click “ Run .” An “ Open ” field will appear.选择您的Windows菜单“ 开始 ”,单击“ 运行 ”。“ 开放 ”字段将显示。 Type “ regedit ” and click “ OK ” to open up your Registry Editor.键入“regedit”并单击“ 确定 ”打开注册表编辑器。
- Registry Editor will open as a window with two panes. 注册表编辑器将打开一个与两个窗格的窗口。 The left side Registry Editor's window lets you select various registry keys, and the right side displays the registry values of the registry key you select.在注册表编辑器左侧的窗口,您可以选择不同的注册表项,右边显示的注册表项您选择的注册表值。
- To find a registry key, such as any Win32/Xema.A registry keys, select “ Edit ,” then select “ Find ,” and in the search bar type any of Win32/Xema.A's registry keys.为了找到一个注册表项,如任何Win32/Xema.A注册表项,选择“ 编辑 ”,然后选择“查找”,在搜索栏中键入的Win32/Xema.A氏任何注册表项。
- As soon as Win32/Xema.A registry key appears, you can delete the Win32/Xema.A registry key by right-clicking it and selecting “ Modify ,” then clicking “ Delete .”只要Win32/Xema.A注册表项时,您可以删除右键单击它并选择“ 修改 ”,然后点击“ 删除 Win32/Xema.A注册表项。”
How to delete Win32/Xema.A DLL files: 如何删除Win32/Xema.A DLL文件:
- First locate Win32/Xema.A DLL files you want to delete.首先找到Win32/Xema.A DLL文件要删除。 Open your Windows Start menu, then click “ Run .” Type “ cmd ” in Run, and click “ OK .”打开你的Windows 开始菜单,然后单击“ 运行 ”。键入“cmd中运行”,然后单击“ 确定 ”。
- To change your current directory, type “ cd ” in the command box, press your “ Space ” key, and enter the full directory where the Win32/Xema.A DLL file is located.要更改当前目录,键入“cd在命令框”,按你的“ 空间 ”键,并输入完整的目录的Win32/Xema.A DLL文件的位置。 If you're not sure if the Win32/Xema.A DLL file is located in a particular directory, enter “ dir ” in the command box to display a directory's contents.如果你不知道Win32/Xema.A DLL文件位于一个特定的目录,输入“ 迪尔在命令中”以显示目录的内容。 To go one directory back, enter “ cd .. ” in the command box and press “ Enter .”去一回的目录,输入“,在命令框,然后按光盘..”“输入 ”。
- When you've located the Win32/Xema.A DLL file you want to remove, type “ regsvr32 /u SampleDLLName.dll ” (eg, “regsvr32 /u jl27script.dll”) and press your “ Enter ” key.当你所在的Win32/Xema.A DLL文件要删除,键入“regsvr32 / U系列SampleDLLName.dll”(例如,“键入regsvr32 / ü jl27script.dll”),然后按你的“ 输入 ”键。
That's it.就是这样。 If you want to restore any Win32/Xema.A DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (eg, “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.如果你想恢复任何Win32/Xema.A您删除DLL文件,键入“regsvr32 DLLJustDeleted.dll”(例如,“Regsvr32的jl27script.dll”)到您的命令框,然后按你的“输入”键。
Did Win32/Xema.A change your homepage? 是否Win32/Xema.A更改您的主页?
- Click Windows Start menu > Control Panel > Internet Options .单击Windows 开始菜单>“控制面板 ”> Internet选项 。
- Under Home Page , select the General > Use Default .在主页 , 选择常规>“使用默认值 。
- Type in the URL you want as your home page (eg, “http://www.homepage.com”).在您的网址为您的主页要类型(例如,“http://www.homepage.com”)。
- Select Apply > OK .选择应用“确定 。
- You'll want to open a fresh web page and make sure that your new default home page pops up.您想打开一个新网页,并确保您的新的默认主页弹出。
Win32/Xema.A Removal Tip Win32/Xema.A删除提示
Is your computer acting funny after deleting any Win32/Xema.A files?是您的计算机有异常后,删除任何Win32/Xema.A文件? I recommend using a program like我建议使用一个程序一样 File Recover文件恢复 from PC Tools.从PC工具。 File Recover saves deleted files that otherwise can't be recovered by Windows operating sytem.恢复已删除的文件保存,否则无法由Windows操作系统sytem恢复的文件。
Want to save time finding Win32/Xema.A files?想节省时间寻找Win32/Xema.A文件? Download Spyware Doctor下载Spyware Doctor , let it find the Win32/Xema.A files for you, and then manually delete Win32/Xema.A files. ,让它找到Win32/Xema.A档案你,然后手动删除Win32/Xema.A文件。
How Did You Get Win32/Xema.A?你怎么Win32/Xema.A?
Wondering how Win32/Xema.A ended up on your PC?想知道如何Win32/Xema.A结束你的电脑呢? If you're infected with Win32/Xema.A or other badware, perhaps you were using…如果你感染Win32/Xema.A或其他有害软件,也许你正在使用...
- Freeware or shareware : Did you download and install shareware or freeware? 免费软件或共享软件 :你下载并安装共享软件或免费软件? These low-cost or free software applications may come bundled with spyware, adware, or programs like Win32/Xema.A.这些低成本或免费软件应用程序可能会捆绑了间谍软件,广告,或者像Win32/Xema.A程序。 Sometimes adware is attached to the free software to “pay” developers for the cost of creating the software, and more often spyware is secretly attached to free software to harm your computer and steal your personal and financial information.有时,广告软件连接到免费软件,“支付”为制造商的软件成本,而且往往是秘密间谍软件连接到免费软件,损害您的计算机,窃取你的个人和财务信息。
- Peer-to-peer software : Do you use a peer-to-peer (P2P) program or other application with a shared network? 对等网络软件 :您使用的是点对点(P2P)的程序或共享的网络与其他应用程序? When you use these applications, you put your system at risk for unknowingly downloading an infected file, including applications like Win32/Xema.A.当您使用这些应用程序,你将在不知不觉下载受感染的文件,包括像Win32/Xema.A应用系统的风险。
- Questionable websites : Did you visit a website that's of questionable nature? : 可疑的网站你访问一个网站,有问题的性质的? When you visit malicious sites that are fishy and phishy, badware may be automatically downloaded and installed onto your computer, sometimes including applications like Win32/Xema.A.当您访问是腥味和phishy恶意网站,恶意软件可能会自动下载并安装到您的电脑,有时包括像Win32/Xema.A应用程序。 I recommend you use Firefox web browser, if you don't already.我建议你使用Firefox浏览器,如果你不已经。
Understanding Win32/Xema.A理解Win32/Xema.A
If you're infected with Win32/Xema.A, you should know what you're fighting.如果您对Win32/Xema.A感染,你应该知道你在战斗。 I'll explain some definitions related to Win32/Xema.A.我会解释有关Win32/Xema.A的定义。
Win32/Xema.A May Be a Backdoor Win32/Xema.A可能是一个后门
“Backdoor” describes a parasite that gets past your system's normal means of authentication, remotely accesses your PC, or otherwise enters your system without being detected. “后门”描述了过去寄生虫得到您的身份验证系统的正常手段,远程访问你的电脑,或以其他方式进入而不被发现您的系统。 Trojans and worms often use backdoor methods to access your computer and steal your personal and financial information and/or install more malware into your PC.特洛伊木马和蠕虫后门经常使用的方法来访问您的计算机,窃取你的个人及财务信息和/或安装更多的恶意软件到您的电脑。
Win32/Xema.A May Be a Trojan Win32/Xema.A可能是一个木马
Trojans install themselves secretly onto your computer, most often through your downloading a simple email attachment (often Trojans pose as harmless pictures).木马自己偷偷安装到您的计算机,通过您下载一个简单的电子邮件附件(通常是无害的图片木马最常构成)。 Most Trojans are able to gain complete control over your PC after installation.大多数木马能够得到安装后对您的电脑的完全控制。 With this control, the Trojan and the hacker behind it may change your system settings, delete important files, steal your passwords, and watch your computer acitivity.有了这个控制,木马以及其背后可能更改系统设置,删除重要文件,盗取您的密码,看着你的电脑acitivity黑客。
Infection Methods of Win32/Xema.A and Other Trojans 感染Win32/Xema.A和其他方法木马
Most Trojans infect your computer by tricking you into launching an infected file.大多数木马程序通过诱骗感染被感染的文件启动您的计算机。 This poisoned file could disguised as a small file, such as a jpeg or other email attachment, or it might be downloaded via a website or FTP.这中毒文件可能伪装成一个小文件,如JPEG或其他电子邮件附件,或者它可能是通过一个网站或FTP下载。
- Email: Your PC may be infected with a Trojan when you download infected email attachments, or sometimes even when you simply open an email. 电子邮件:您的电脑可能与木马下载病毒感染时,电子邮件附件,有时甚至当您只需打开一封电子邮件。 Many Trojans exploit security holes in Microsoft Outlook.很多木马利用Microsoft Outlook中的安全漏洞。 You may be able to reduce your chances of getting infected by a Trojan by using a spam-blocking software.您可能能够减少你的机会获得一个木马病毒通过垃圾邮件拦截软件。
- Websites: Your PC may be infected with a Trojan when you visit a rogue site. 网站:您的电脑可能感染了特洛伊木马当您访问一个恶意网站。 Many Trojans exploit security holes in Internet Explorer web browser so that by simply visiting a website you may unknowingly download a Trojan.很多木马利用了IE浏览器的安全漏洞,使受只要浏览一个网站你可以下载一个木马不知情。
- Open ports: If your computer runs programs that provide file-sharing functions – such as AOL Instant Messenger (AIM), MSN Messenger, and more – you may open your computer up to vulnerabilities. 开放的端口:如果您的计算机运行的程序,提供诸如AOL即时消息(AIM),MSN Messenger和更多的文件共享功能- -你可以打开你的电脑漏洞的影响。 Using file sharing through these applications may create a network that gives attackers the opportunity to remotely access your computer.通过这些应用程序使用文件共享可能会创建一个网络,使攻击者有机会远程访问您的计算机。
Win32/Xema.A May Be a Worm Win32/Xema.A可能是一个蠕虫
Worms are virus-like badware with destructive codes.像蠕虫病毒的破坏性的恶意软件代码。 Worms are able to mutate, or replace their own code by automatically, which makes worms very dangerous, difficult to find, and hard to delete.蠕虫能够发生变异,或者通过自动更换自己的代码,这使得蠕虫很危险的,难以找到,很难将其删除。 Similar to viruses, worms can spread to the other computers by secretly and automatically emailing themselves to other Internet users in your address book.类似的病毒,蠕虫可以传播到其他计算机的秘密,并自动在您的电子邮件地址簿自己向其它网络用户。 The main difference between worms and viruses is that a worm wil replace your computer files rather than simply inserting their code into your files.该蠕虫和病毒之间的主要区别是,蠕虫港岛线替换计算机上的文件而不是简单地插入到文件中的代码。
Categories:分类: BHOs BHOs , , Backdoors后门 , , Trojans木马 , , Worms蠕虫