Faʻafefea Ona Iloilo le TaligataThis Logs

by Tony Bradley, CISSP-ISSAP

Faʻamatalaina Faʻamatalaga Faʻamaumauga Avanoa e Fesoasoani e Aveese ai Spyware ma Pūtaʻi Suega

HijackThis o se mea faigaluega saoloto mai Trend Micro. Na amataina e Maryjn Bellekom, o se tamaititi aoga i Netherlands. E mafai e le polokalame a Spyware S & D ona fai se galuega lelei i le sailia ma le aveeseina o polokalame telefoni feaveaʻi, ae o nisi o mea e telefoni feaveai ma mea e teu ai masini e sili ona leaga mo nei mea aoga tele-spyware.

HijackO lenei mea ua tusia faapitoa e iloa ai ma aveese faʻamaloiloga o le masini, poʻo le masini komepiuta e aveesea ai lau 'upega tafaʻilagi, suia lau home page le lelei ma isi suʻesuʻega ma isi mea leaga. E le pei o le anti-spyware software, HijackThis e le faʻaogaina ni igoa poʻo se faʻaogaina soo se polokalama patino poʻo le URL e iloa ai ma poloka. Ae, HijackO lenei mea e vaʻavaʻai i togafiti ma metotia na faʻaaoga e malware e faʻafefe ai lau tino ma toe tuusaʻo ai lau sailiga.

E le o mea uma e faʻaalia i totonu o le HijackThis ogalaau e leaga ma e le tatau ona aveesea uma. O le mea moni, o le faafeagai. E toetoe lava a mautinoa o nisi o mea i lau HijackThis ogalaau o le a avea ma polokalama faʻapitoa ma aveesea ia mea e ono ono aʻafia ai lou tino poʻo le mafai foi ona faʻaogaina. Faaaogaina o le HijackThis e pei lava o le teuteuina o le Resitala Windows oe lava. E le o se sikola faasaienisi, ae e le tatau ona e faia e aunoa ma se faʻataʻitaʻiga faʻapitoa sei vagana ua e iloa lelei mea o loʻo e faia.

O le taimi lava e te faʻapipiʻi ai HijackThis ma faʻafetaui i le fatuina o se faila log, o loʻo i ai se vateatea tele o faʻasalalauga ma nofoaga e mafai ona e faʻailogaina pe lafoina ai lau faamaumauga ogaoga. O tagata tomai faʻapitoa oe iloa le mea e te suʻe i ai e mafai ona fesoasoani ia oe e suʻeina le faʻamaumauga o le ogalaau ma fautuaina oe po o fea aitema e aveese ma po oa mea e tuulafoaiina.

Ina ia sii mai le lomiga lata mai o HijackThis, e mafai ona e asiasi i le nofoaga aloaia i Trend Micro.

O se vaaiga lautele lenei o le HijackThis log entries e mafai ona e faʻaaoga e oso ai i le faʻamatalaga o loʻo e sailia:

R0, R1, R2, R3 - Initaneti Start / Search itulau URL
F0, F1 - Polokalama faʻapipiʻi
N1, N2, N3, N4 - Netscape / Mozilla Amata / Suʻe itulau URL
O1 - Faʻamaumauga faila a le au faipisinisi
O2 - Mea e Fesoasoani Fesoasoani i le Initaneti
O3 - Toolbar taʻavale Internet Explorer
O4 - Polokalame faʻapipiʻi mai le Resitala
O5 - IE Ata o filifiliga e le o vaaia i le Paefaʻatasi Manaʻomia
O6 - IE Filifiliga avanoa faasaina e le Pule
O7 - Regedit avanoa faasaina e le Pule
O8 - Faʻaopoopoga i totonu o le IE i le itu-taumatau menu
O9 - Faʻaopoopoga i luga o le IE button toolbar, poʻo isi aitema i le lisi 'IʻU' Tools 'menu
O10 - Winsock hijacker
O11 - O se vaega faʻaopoopo ile IE 'Advanced Options' window
O12 - IE plugins
O13 - IE DefaultPrefix hijack
O14 - 'Toe Faʻasaʻo Faʻasinomaga Tetele'
O15 - Nofoaga i luga o le Faʻasalaga Faamaonia
O16 - Avanoa ActiveX (faʻapipiʻi Polokalama Faʻataʻitaʻiina)
O17 - Lop.com vaega o le au veveta
O18 - Faʻasalalau faʻasalalau ma faʻatautaia o vaʻalele
O19 - Vaevaeina o pepa pepa a le tagata
O20 - AppInit_DLLs Faʻasalaga tau faʻamaufaʻailoga
O21 - ShellServiceObjectDelayLoad Registry key autorun
O22 - SharedTaskScheduler Registry key autorun

O23 - Windows NT Services

R0, R1, R2, R3 - IE Amata ma Suʻe itulau

E foliga foliga:
R0 - HKCU Software Microsoft \ Internet Explorer Main, Start Page = http://www.google.com/
R1 - HKLM Software Microsoft \ InternetExplorer \ Main, Default_Page_URL = http://www.google.com/
R2 - (o lenei ituaiga e le faʻaogaina e HijackThis yet)
R3 - Leiloloa URLSearchHook o loʻo misi

Le mea e fai:
Afai e te iloaina le URL i le faaiuga o lau homepage or search engine, e le afaina. Afai e te le faia, siaki ma ia i ai le FaʻamalologaThis fix it. Mo mea R3, ia faʻasaʻoina pea sei vagana ua taʻua se polokalama e te iloa, pei o Copernic.

F0, F1, F2, F3 - Polokalama faʻapipiʻi mai INI faila

E foliga foliga:
F0 - system.ini: Shell = Explorer.exe Openme.exe
F1 - win.ini: run = hpfsched

Le mea e fai:
O mea U0 e leaga pea, o lea ia faʻapipiʻi ai. O mea F1 e masani lava o polokalama tuai tele e saogalemu, o lea e tatau ai ona e sailia nisi faʻamatalaga i le igoa e iloa ai pe lelei pe leaga. Pacman's Startup List e mafai ona fesoasoani i le faailoaina o se mea.

N1, N2, N3, N4 - Netscape / Mozilla Amata & amp; Suʻe le itulau

E foliga foliga:
N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C: \ Program Files \ Netscape \ Users default \ prefs.js)
N2 - Netscape 6: user_pref ("browser.startup.homepage", "http://www.google.com"); (C: \ Documents ma le Seti o le Faʻamatalaga o le Faʻamatalaga o Faʻamatalaga Data \ Mozilla \ Profiles \ defaulto9t1tfl.slt prefs.js)
N2 - Netscape 6: user_pref ("browser.search.defaultengine", "afi: //C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C: \ Documents ma le Seti o le Faʻamatalaga o le Faʻamatalaga o Faʻamatalaga Data \ Mozilla \ Profiles \ defaulto9t1tfl.slt prefs.js)

Le mea e fai:
E masani lava o le Netscape ma Mozilla itulau ma le itulau suʻesuʻe e saogalemu. E seasea lava ona faʻaumatia, na o Lop.com ua lauiloa e fai lenei mea. Afai e te vaʻavaʻai i se URL e te le amanaʻia o lau itulau autu poʻo le sailiga itulau, ia i ai HijackThis faʻafaigofie.

O1 - Faʻasalaga o le Aufaigaluega

E foliga foliga:
O1 - Au: 216.177.73.139 auto.search.msn.com
O1 - Au: 216.177.73.139 search.netscape.com
O1 - Au: 216.177.73.139 ieautosearcharch
O1 - Faila faila i C: \ Windows \ Help \ hosts

Le mea e fai:
O le a toe faʻasalalauina le tuatusi i le taumatau i le tuatusi IP i le agavale. Afai e le oi le IP le tuatusi, o le a toe faʻafeiloaia oe i se nofoaga sese i taimi uma e te ulu ai i le tuatusi. E mafai ona e faʻamalosia i le taimi nei. Sei vagana ua e tuʻuina ma le iloa na laina i lau faila o au.

O le mea mulimuli e tupu i luga o le Windows 2000 / XP ma le Coolwebsearch infection. Faʻamaumau i taimi uma lenei meataitasi, pe faia foi e CWShredder ia toe faaleleia.

O2 - Mea e Fesoasoani Fesoasoani i le Initaneti

E foliga foliga:
O2 - BHO: Yahoo! Paʻu BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C: \ POLOKALAMA FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O2 - BHO: (leai se igoa) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C: \ PROGRAM FILES \ PUMU EL ELIMINATOR \ AUTODISPLAY401.DLL (faila o loʻo misi)
O2 - BHO: Faʻalauteleina o Alafua - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C: \ POLOKALAMA FILES \ MEDIALOADS LONA MAU ME1.DLL

Le mea e fai:
Afai e te le o iloa tonu le igoa o le Fesoasoani Fesoasoani i le Sigali, faʻaaoga le TonyK's BHO & Toolbar List e sue ai e le ID ID (CLSID, le numera i le va o paletini) ma vaai pe lelei pe leaga. I le BHO List, 'X' o lona uiga o le saogala ma 'L' o lona uiga o le saogalemu.

O3 - IE meafaigaluega

E foliga foliga:
O3 - Meafaigaluega: & Yahoo! Soa - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C: \ PROGRAM FILES \ YAHOO! \ COMPANION \ YCOMP5_0_2_4.DLL
O3 - Meafaigaluega: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C: \ POLOKALAMA FILESIA \ PUMU ELIMINATOR \ PETOOLBAR401.DLL (faila o loʻo misi)
O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C: \ WINDOWS APPLICATION DATA \ CKSTPRLLNQUL.DLL

Le mea e fai:
Afai e te le o iloa saʻo le igoa o le meafaigaluega, faʻaaoga le TonyK's BHO & Toolbar List e sue ai e le ID ID (CLSID, le numera i le va o paletini) ma vaai pe lelei pe leaga. I totonu o le Lisi o Meafaigaluega, 'X' o lona uiga o le saienisi ma le 'L' o lona uiga o le saogalemu. Afai e le o luga o le lisi ma o le igoa e foliga mai o se faasologa o tagata amio ma o le faila o loʻo i totonu o le 'Faʻamaumauga o Faʻamaumauga' (e pei o le mulimuli i faataitaiga o loʻo i luga), atonu o Lop.com, ma e tatau ona e faʻamaonia le PuipuiThis fix ia.

O4 - Polokalame faʻapipiʻi mai le Resitala poʻo le Faʻatomuaga

E foliga foliga:
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Pepa Polokalama Faʻatasi Faʻatasi \ Symantec Shared \ ccApp.exe"
O4 - Amataina: Microsoft Office.lnk = C: \ Polokalama Polokalama Microsoft Office \ Office \ OSA9.EXE
O4 - Global Startup: winlogon.exe

Le mea e fai:
Faʻaaogā le Lisi Faʻamatalaga a PacMan e suʻe ai le ulufale ma vaai pe lelei pe leaga.

Afai e faaalia e le aitema se polokalama o loʻo nofo i totonu o le kuluma kulupu (e pei o le mea mulimuli o loʻo i luga), HijackE le mafai ona toe faaleleia le mea pe afai o loʻo i ai pea lenei polokalama. Faʻaaoga le Task Manager Windows (TASKMGR.EXE) e tapunia le faagasologa aʻo leʻi faʻapipiʻi.

O5 - IE Filifiliga e le o vaaia i le Potu Pulea

E foliga foliga:
O5 - control.ini: inetcpl.cpl = leai

Le mea e fai:
Sei vagana ua e nanaina ma le iloa le faʻamalo mai le Potu Puipuia, ia HijackThis fix it.

O6 - IE Filifiliga avanoa faasaina e le Pule

E foliga foliga:
O6 - HKCU Software Policies \ Microsoft \ Internet Explorer Restrictions present

Le mea e fai:
Seʻi vagana ua i ai sau filifiliga Spybot S & D 'Lock homepage from changes' active, poʻo le faʻatonuga o lau faʻapitoa, ia HijackThis faʻapipiʻi lenei mea.

O7 - Regedit avanoa faasaina e le Pule

E foliga foliga:
O7 - HKCU Software Microsoft Windows CurrentVersion \ Policies \ System, DisableRegedit = 1

Le mea e fai:
Ia i ai i taimi uma le PuipuiTautu lenei mea, seʻi vagana ua tuʻuina e lou pule faʻapitoa lenei tapulaʻa.

O8 - Faʻaopoopoga i totonu o le IE i le itu-taumatau menu

E foliga foliga:
O8 - Faʻamatalaga o le lisi autu o mea: & Google Search - res: // C: \ WINDOWS \ SAUNIA LE POLOKALAMA FILES \ GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL / cmsearch.html
O8 - Faʻamatalaga o mea e fai i le lisi: Yahoo! Saili - faila: /// C: \ Polokalama Polokalama Yahoo! \ Common / ycsrch.htm
O8 - Faʻamatalaga o le lisi autu o mea: Zoom & In - C: \ WINDOWS \ WEB \ zoomin.htm
O8 - Faʻamatalaga o le lisi o mea o loʻo i luga: Zoom O & ut - C: \ WINDOWS \ WEB \ zoomout.htm

Le mea e fai:
Afai e te le iloa le igoa o le aitema i le itu taumatau-i le IE, fai le HijackThis faʻapipiʻi.

O9 - Faʻamau i luga o le IE toolbar poʻo nisi mea faaopoopo i IE & # 39; Tools & # 39; lisi

E foliga foliga:
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)

Le mea e fai:
Afai e te le iloa le igoa o le ki poʻo le lisi o mea, ia HijackThis faʻapipiʻi.

O10 - tagata faʻatauvaʻa Winsock

E foliga foliga:
O10 - Faʻafeiloaia le Initaneti e New.Net
O10 - Faʻasalalau le Initaneti ona o le LSP kamupani 'c: \ progra ~ 1 common' 2 \ toolbar \ cnmib.dll 'o loʻo misi
O10 - Faila le iloa i Winsock LSP: c: \ program files \ newton iloa \ vmain.dll

Le mea e fai:
E sili le faʻaaogaina o le LSPFix mai Cexx.org, poʻo Spybot S & D mai Kolla.de.

Manatua o faila 'le iloa' i le faaputuga LSP o le a le faia e HijackThis, mo mataupu saogalemu.

O11 - Vaega faʻaopoopo ile IE & # 39; Advanced Options & # 39; faamalama

E foliga foliga:
O11 - Vaega filifilia: [CommonName] CommonName

Le mea e fai:
Na o le pau lava le mea e faʻaaogaina i le taimi nei o loʻo faʻaopoopoina lana lava filifiliga i le IE Advanced Options window o le CommonName. O lea e mafai ai ona e faʻamalosia i le taimi nei.

O12 - IE plugins

E foliga foliga:
O12 - Faʻapipi mo .spop: C: \ Polokalame Polokalama \ Internet Explorer Plugins \ NPDocBox.dll
O12 - Faʻavaa mo .PDF: C: \ Polokalame Polokalama \ Internet Explorer PLUGINS \ nppdf32.dll

Le mea e fai:
O le tele o taimi e saogalemu ai. Na o le OnFlow e faaopoopoina se mea faapipii iinei e te le manaʻo (.ofb).

O13 - IE DefaultPrefix hijack

E foliga foliga:
O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?
O13 - WWW. Prefix: http://ehttp.cc/?

Le mea e fai:
O nei mea leaga uma. FaʻamalosiO faʻapipiʻi nei mea.

O14 - & # 39; Toe Faʻatonu Faʻamatalaga Tukutuku ma # 39; sopo

E foliga foliga:
O14 - IERESET.INF: START_PAGE_URL = http: //www.searchalot.com

Le mea e fai:
Afai e le o le URL e tuʻuina atu lau komepiuta poʻo lau ISP, fai le HijackThis faʻapipiʻi.

O15 - Nofoaga e leʻi faʻaaogaina i le Lisi Faʻamaonia

E foliga foliga:
O15 - Taaloga Faamaonia: http://free.aol.com
O15 - Taaloga Faamaonia: * .coolwebsearch.com
O15 - Lisi Faamaonia: * .msn.com

Le mea e fai:
O le tele lava o le taimi na o AOL ma Coolwebsearch e faʻapipiʻi le faʻapipiʻi o saite i le Faʻamaufaʻailogaina. Afai e te leʻi faʻaopoopoina le lisi o le lisi i le Pitonuʻu Talitonuina ia oe lava, ia HijackThis faʻapipiʻi.

O16 - Avanoa ActiveX (faʻapipiʻi Polokalama Faʻataʻitaʻiina)

E foliga foliga:
O16 - DPF: Yahoo! Talimalo - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Le mea e fai:
Afai e te le iloaina le igoa o le mea faitino, poʻo le URL na sii mai mai, ia HijackThis faʻapipiʻi. Afai o le igoa poʻo le URL o loʻo aofia ai upu e pei o le 'dialer', 'casino', 'free_plugin' ma isi mea, faʻamautu lelei. Javacool's SpywareBlaster o loʻo i ai se faʻamaumauga tele o mea leaga ActiveX e mafai ona faʻaaoga mo le tulimataʻi o CLSIDs. (Faʻasala-aunoa le lisi e faʻaaoga ai le sailiga Find.)

O17 - Lop.com domain hijacks

E foliga foliga:
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: Domain = aoldsl.net
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = W21944.find-quick.com
O17 - HKLM Software \ .. \ Telephony: DomainName = W21944.find-quick.com
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ {D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Faʻamau: SearchList = gla.ac.uk
O17 - HKLM \ System \ CS1 \ Services \ VxD MSTCP: NameServer = 69.57.146.14,69.57.147.175

Le mea e fai:
Afai o le vaega e le o mai i lau ISP poʻo le kamupani kamupanī, ia i ai le FaʻamalologaTe faʻamautuina. O le mea lava lea e tasi mo faʻamaumauga 'SearchList'. Mo le 'NameServer' ( DNS servers ) faʻamatalaga, Google mo IP poʻo IPs ma o le a faigofie ona iloa pe lelei pe leaga.

O18 - Faʻasalalau faʻasalalau ma faʻatautaia o vaʻalele

E foliga foliga:
O18 - Maliega: sootaga tutusa - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ MSIETS \ msielink.dll
O18 - Maliega: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
O18 - Faʻafeiloaiga faʻatagaina: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}

Le mea e fai:
E naʻo ni nai tagata faimalaga na faʻaalia i luga iinei. O fomaʻi lauiloa o 'cn' (CommonName), 'ayb' (Lop.com) ma 'sootaga e fesoʻotai' (Huntbar), e tatau ona e faʻamalosia le puipuia o nei mea. O isi mea o loʻo faʻaalia, e leʻo faʻamaoniaina i le saogalemu, pe ua faʻaumatia (e pei o le CLSID ua suia) e ala i le togafiti feaveaʻi. I le faʻasalaga mulimuli, ia i ai le FaʻataʻitaʻigaThis fix it.

O19 - Vaevaeina o pepa pepa a le tagata

E foliga foliga:
O19 - Faiga pepa a le tagata: c: \ WINDOWS \ Java \ my.css

Le mea e fai:
I le tulaga o le faʻalauiloaina o le komepiuta ma le tele o popups, ia i ai HijackThis faʻapipiʻi lenei mea pe afai e faʻaalia i le log. Ae ui i lea, talu ai na o Coolwebsearch e faia lenei mea, e sili atu le faʻaogaina o CWShredder e faʻaleleia ai.

O20 - AppInit_DLLs Faʻasalaga tau faʻamaufaʻailoga

E foliga foliga:
O20 - AppInit_DLLs: msconfd.dll

Le mea e fai:
Ole tau ile Resitala ile HKEY_LOCAL_MACHINE Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows e ave ai le DLL i le mafaufau pe a faʻapipiʻi le tagata, mulimuli ane e nofo i le mafaufau seia oʻo i le logo. E itiiti lava polokalama faʻaaogaina e faʻaaogaina (Norton CleanSweep faʻaaoga APITRAP.DLL), e masani ona faʻaaogaina e taʻavale poʻo tagata faʻamalosivale e teu i tua.

I le tulaga o se DLL 'natia' o lo o faʻatauina mai lenei tau o le Resitala (faʻaalia pe a faʻaaoga le 'Faʻamatalaga Faʻamatalaga Faʻamatalaga' i Regedit) e ono tuʻuina le igoa dll i se paipa '|' ia faʻaalia i totonu o le ogalaau.

O21 - ShellServiceObjectDelayLoad

E foliga foliga:
O21 - SSODL - AUHOOK - {11566B38-955B-4549-930F-7B7482668782} - C: \ WINDOWS \ System \ auhook.dll

Le mea e fai:
Ole auala aloaʻia lea e le faʻamaonia, e masani ona faʻaaogaina e nisi o vaega o le Windows. Aitema ua lisiina i le HKEY_LOCAL_MACHINE Software \ Microsoft \ Windows \ CurrentVersion \ ShellServiceObjectDelayLoad e utaina e Explorer pe a amata le Windows. HijackE faʻaaogaina e se tasi o mea e masani ai le SSODL mea masani, o lea la o taimi uma e faʻaalia ai se mea i totonu o le ogalaau e le o iloa ma e ono leaga. Taulima ma le popole tele.

O22 - SharedTaskScheduler

E foliga foliga:
O22 - SharedTaskScheduler: (leai se igoa) - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - c: \ windows \ system32 \ mtwirl32.dll

Le mea e fai:
O se maliega lē faʻasalalau mo le Windows NT / 2000 / XP, lea e seasea lava ona faʻaaogaina. E oʻo lava i le na o CWS.Smartfinder e faʻaaogaina. Talia ma le faʻaeteete.

O23 - NT Services

E foliga foliga:
O23 - Auaunaga: Kerio Personal Firewall (PersFw) - Kerio Technologies - C: \ Polokalama Polokalame \ Kerio \ Personal Firewall \ persfw.exe

Le mea e fai:
O le lisi lenei o auaunaga a le Microsoft. O le lisi e tatau ona tutusa ma le mea e te vaʻaia i le Msconfig o le Windows XP. E tele faʻataʻitaʻiga e faʻaaogaina fale faigaluega i le faʻafeiloaʻiga i isi amataga e toe faʻaleleia ai i latou lava. O le igoa atoa e masani ona taua-leo, pei o le 'Networking Service Security', 'Auaunaga Faʻasalalau Galuega' poʻo le 'Remote Procedure Call Helper', ae o le igoa i totonu (i le va o puipui) o se manoa lapisi, e pei o le 'Ort'. O le vaega lona lua o le laina o le pule lea o le faila i le faaiuga, e pei ona vaaia i meatotino a le faila.

Manatua o le faʻapipiʻiina o se mea O23 o le a na ona taofia le tautua ma faʻamalo ai. O le tautua e manaʻomia le faʻamalo faʻatasi mai le Ofisa Resitala poʻo le isi mea faigaluega. I le HijackThis 1.99.1 poʻo le maualuga, o le 'Faamaumau NT Service' i le vaega Misc Tools e mafai ona faʻaaoga mo lenei.