偶然发现电脑什么时候又偷偷装上了百度工具栏,检查微点里的程序生成日志,找到以下信息,先是迅雷目录里KANKAN(据说现在迅雷把看看卖了,现在的迅雷影音叫XMP)下一个PUSHER文件夹中的XAPPDISP.2.0.0.82.DLL自动从后台下载了BAIDU_ADDRESSBAR_1440[1].EXE,其实就是BAIDU_ADDRESSBAR_1440.EXE,加了[1],说明这事不止干过一次(确实这东西以前有删过),所以有重名才重命名加了1。下载完成,这个BAIDU_ADDRESSBAR_1440.EXE就出现在windows临时文件夹TEMP里了,这才是XAPPDISP.2.0.0.82.DLL定的下载位置,之前有[1]时所在的是下载的临时路径,就是IE的缓存文件夹。
接着开始安装了,生成了ADDRESSBAR.DLL、ASBARBROKER.EXE等文件,路径在C:\PROGRAM FILES\BAIDU\。幸好,还是可以卸载的,卸载完再到那个百度路径里检查是否有残留,有就继续删除。不过,这个XAPPDISP.2.0.0.82.DLL还是会自动下载的,不受人为控制,PUSHER就是推送。所以要解决它,卸载KANKAN,或者直接删除PUSHER文件夹,或者换新版本迅雷,没有KANKAN,有什么新的再说。另外,我另一台装win7的电脑上没有出现迅雷这种自动后台下载的情况,虽然也有同样的XAPPDISP.2.0.0.82.DLL,前述出现自动下载安装的电脑装的是XP系统。
附程序生成日志部分信息,按创建时间顺序从下往上:
| 创建时间 | 文件名 | 创建者 |
| 12:19:14 | C:\PROGRAM FILES\BAIDU\{AFFB3E9E-F0B9-A737-B484-D2D5D4C56EC2}\PROTOCOL.DLL | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:14 | C:\PROGRAM FILES\BAIDU\{AFFB3E9E-F0B9-A737-B484-D2D5D4C56EC2}\REPORT.DLL | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:13 | C:\PROGRAM FILES\BAIDU\{AFFB3E9E-F0B9-A737-B484-D2D5D4C56EC2}\ASBARBROKER.EXE | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:13 | C:\PROGRAM FILES\BAIDU\{AFFB3E9E-F0B9-A737-B484-D2D5D4C56EC2}\ADDRESSBAR.DLL | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:13 | C:\PROGRAM FILES\BAIDU\PROTOCOL.DLL | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:13 | C:\PROGRAM FILES\BAIDU\REPORT.DLL | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:13 | C:\PROGRAM FILES\BAIDU\ASBARBROKER.EXE | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:13 | C:\PROGRAM FILES\BAIDU\ADDRESSBAR.DLL | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE |
| 12:19:12 | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BAIDU_ADDRESSBAR_1440.EXE | C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\THUNDER NETWORK\KANKAN\PUSHER\XAPPDISP.2.0.0.82.DLL |
| 12:19:12 | C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\9HURSXJA\BAIDU_ADDRESSBAR_1440[1].EXE | C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\THUNDER NETWORK\KANKAN\PUSHER\XAPPDISP.2.0.0.82.DLL |
>> 除非说明均为原创,如转载请注明来源于http://www.stormcn.cn/post/1724.html
