|
个人操作记录,暂时看是清除干净了
1. 火绒断网(防护中心-->高级防护-->IP协议控制)
a. 禁止winrdlv3.exe访问网络 TCP/UDP 访问
b. 限制端口-8235-TCP/UDP
c. 限制端口8237-TCP/UDP
2. 使用 FreeFixer 处理有疑问的 程序
3. 使用 验证微软签名工具DigitalSignCheck 查找 签名带 "T.E.C Solutions" 字样的程序(.exe/.dll/.sys) 全部删除
主要是这几个目录下:
C:\Program Files\Common Files\System
C:\WINDOWS
C:\WINDOWS\system32
C:\WINDOWS\SysWOW64
C:\Windows\INF
IP-Guard的主要程序文件:
Agt3Tool
winrdlv3.exe
ONacAgent.exe
winhafnt64.dll
winhadnt64.dll
DtFrame64.dll
TIjtdrvd64.dll
DtsFrame64.dll
TMailHook64.dll
thooksv364.dll
winncap364.dll
winrdgv3.exe
winwdgv364.dll
TSandbox64.dll
TSafeDoc64.dll
IFOCMSDll64.dll
winencyx64.dll
winusrmd64.dll
sdfileicon64.dll
EnumIACC264.dll
winbrohca64.dll
thlpdrv64.sys
tijtdrv64.sys
tnullfilter.sys
tpacket7.sys
tsdencrypt.sys
tsdencryptmf.sys
|