Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Wolfenstein 2009 i kocenje interneta

[es] :: Zaštita :: Wolfenstein 2009 i kocenje interneta

[ Pregleda: 3807 | Odgovora: 16 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

elektros
Bač

Član broj: 84580
Poruke: 428
79.101.198.*



+4 Profil

icon Wolfenstein 2009 i kocenje interneta05.10.2009. u 14:27 - pre 176 meseci
Pozdrav forumu. Imam jedan ogroman problem sa internetom. Naime, nakon instaliranja windowsa (last xp16), i instalacije KAV2010 (trial licenca) sve radi kako treba. Nakon instaliranja igre Wolfenstein 2009 opet sve radi kako treba. E, a nakon njenog pokretanja internet mi je poceo da pravi silne probleme. Uspori skroz download jer po net metru primetim da mi upload ide nenormalno (po 10-15 kb/sec),a nista ne uploadujem i to verovatno koci download. Uradio sam hijack log nakon instaliranja igre i nakon pokretanja igre pa ako neko moze da mi pomogne oko analize. Skidao sam i malwarebytes, on je izvrsio analizu i obrisao neke stvari, ali opet isto. Da budem siguran da nije do provajdera problem (telekom) skinuo sam Slax i instalirao ga na USB. Internet radi perfektno i sa Slax-a pisem ovu poruku. Da li cu se odreci interneta u koristi Wolfenstajna ili obrnuto, ako ne uspem da resim problem?

nakon instaliranja igre:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:28, on 4.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\program files portable\Bandwidth_Meter_Pro_v2.6.603.exe
C:\Users\Administrator\Desktop\this.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{430CAA2F-2111-44DB-8F4F-44FC0697EBE3}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{430CAA2F-2111-44DB-8F4F-44FC0697EBE3}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{430CAA2F-2111-44DB-8F4F-44FC0697EBE3}: NameServer = 212.200.191.166,212.200.190.166
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6085 bytes
*************************************
nakon pokretanja igre:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:36, on 5.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Users\Administrator\reader_s.exe
C:\Users\Administrator\restorer32_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
D:\program files portable\FirefoxPortable\FirefoxPortable.exe
D:\program files portable\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\program files portable\Bandwidth_Meter_Pro_v2.6.603.exe
C:\Users\Administrator\Desktop\this.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
F3 - REG:win.ini: load=C:\WINDOWS\fonts\services.exe
F3 - REG:win.ini: run=C:\WINDOWS\fonts\services.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [21488] C:\WINDOWS\system32\EF2.tmp.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [reader_s] C:\Users\Administrator\reader_s.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Users\Administrator\restorer32_a.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [restorer32_a] C:\Users\Administrator\restorer32_a.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [restorer32_a] C:\Users\Administrator\restorer32_a.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{430CAA2F-2111-44DB-8F4F-44FC0697EBE3}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{430CAA2F-2111-44DB-8F4F-44FC0697EBE3}: NameServer = 212.200.191.166,212.200.190.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{430CAA2F-2111-44DB-8F4F-44FC0697EBE3}: NameServer = 212.200.191.166,212.200.190.166
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6608 bytes




Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

Zoran Rodic
Beograd

Član broj: 57538
Poruke: 3215
*.adsl-a-1.sezampro.yu.

Sajt: zoranrodic.in.rs


+63 Profil

icon Re: Wolfenstein 2009 i kocenje interneta05.10.2009. u 15:18 - pre 176 meseci
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\System32\reader_s.exe
C:\Users\Administrator\reader_s.exe
F3 - REG:win.ini: load=C:\WINDOWS\fonts\services.exe
F3 - REG:win.ini: run=C:\WINDOWS\fonts\services.exe
O4 - HKLM\..\Run: [21488] C:\WINDOWS\system32\EF2.tmp.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Users\Administrator\reader_s.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Users\Administrator\restorer32_a.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\fonts\services.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [restorer32_a] C:\Users\Administrator\restorer32_a.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [restorer32_a] C:\Users\Administrator\restorer32_a.exe (User 'Default user')
Neutral (3.27 / 5.00)
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')


Ukloni ovo, mada ... uz taj LastXP i gomilu krekova ....
Lomografija je kad imaš sa čime, a nećeš … a Pinhole kad nemaš sa čime, a hoćeš! tm

 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
79.101.198.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta05.10.2009. u 16:02 - pre 176 meseci
Za sada radi,videcemo... Hvala na pomoci.
Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

Milos911
Serbia

Član broj: 219127
Poruke: 1230
*.telenor.rs.



+303 Profil

icon Re: Wolfenstein 2009 i kocenje interneta05.10.2009. u 16:44 - pre 176 meseci
Dobro bez krekova se ne moze :) Ali bez tog custom djubr.. windowsa moze. Instaliraj normalnu instalaciju pa ga onda sminkaj do mile volje... Ti custom windowsi dolaze sa preinstaliranim virusima...
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Wolfenstein 2009 i kocenje interneta05.10.2009. u 18:19 - pre 176 meseci
uh...ti izmedju ostalog imas i Virut...a tu malo sta pomaze... i ne moze da se izleci iz aktivnog Windowsa...
i nista ih ne moze obrisati tako lako pa ni mocni Combofix

C:\WINDOWS\System32\reader_s.exe

moja preporuka..(sto je najbolje) format C i odmah na svezem Windowsu Dr.Web Curit ili neki AntiVirus Live CD ,a moze i avast (jer avast ima boot scan) ...
kao "additional" scan ..malwarebytes antimalware...sve sto nadju obrisi!
bitno je na ne becupujes sve .exe ili .scr fajlove (to su uglavnom neki tvoji programi i instalacije..jer su i oni inficirani ,a ako pokrenes inficiranu instalaciju...jovo nanovo...)
...etc...


info::
http://www.secureworks.com/res...ats/virut-encryption-analysis/
http://vil.nai.com/vil/content/v_143034.htm



Dr.Web::

Citat:
Dashkes: Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u (dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira (to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning (izgleda kao Play dugme).


Srecno


PS: nakog nekog vremena ponovo pokreni HijackThis i videces da ce se pola HJT unosa "vratilo"
 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
93.86.81.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta05.10.2009. u 19:09 - pre 176 meseci
Realno,koliko je opasan taj Virut? Da ne bih ponovo instalirao windows, pokusacu ovu "kracu" opciju koju je dao Dashkes. Ako mi se u hijack logu nakon toga ne pojavi nesto kao reader_s.exe, da li sam siguran da sam ga se resio?
Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Wolfenstein 2009 i kocenje interneta05.10.2009. u 21:08 - pre 176 meseci
Nisi 100% siguran ...rekoh da cak ni Combofix +CFScript ne moze da ga ukloni a kamoli HJT ili rucno brisanje file-a.
Dr.Web ga uklanja ali ...iz aktivnog Windowsa se taj virus tesko odstranjuje...
zato sam ti i rekao...najsigurnije resenje..Becup tvojih podataka (samo ne programa) , FormatC..now Windows...pa odmah Dr.Web (imas gore uputstvo)
pa instaliraj avast ( update pa selektuj boot scan ) ...i onda bi trebalo da je system 100% cist...ali ako sacuvas neki krek (jer je taj malware i najverovatnije i dosao preko kreka) i pokrenes ga..jovo nanovo...kapiras?
 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
79.101.199.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta07.10.2009. u 18:52 - pre 176 meseci
Danas sam skenirao racunar sa Dr.Web, HDD 640Gb, 3 particije-potrajalo je oko 10 sati. Skenirano je 975365 fajlova, a od toga je inficirano 911, sumnjivo 3, adware 6, jokes 2, hacktools 17."izlecio" je 899, 5 je izbrisao, premestio je 15. Ali i dalje ne mogu da nadjem koliko je realno opasan taj virus, dakle, sta moze da uradi?
Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

Zoran Rodic
Beograd

Član broj: 57538
Poruke: 3215
93.86.14.*

Sajt: zoranrodic.in.rs


+63 Profil

icon Re: Wolfenstein 2009 i kocenje interneta07.10.2009. u 21:09 - pre 176 meseci
Ako piše virut, mani se ćorava posla, jer ćeš skenirati opet i opet će ti naći isto to ... bez obzira što piše da su fajlovi očišćeni.

Lomografija je kad imaš sa čime, a nećeš … a Pinhole kad nemaš sa čime, a hoćeš! tm

 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Wolfenstein 2009 i kocenje interneta07.10.2009. u 23:46 - pre 176 meseci
Citat:
elektros:Ali i dalje ne mogu da nadjem koliko je realno opasan taj virus, dakle, sta moze da uradi?


Ja sam ti dao jedan link...ako taj nevalja...google ..keyword "what is Virut?" ...i sve ce ti se samo kazti :)

evo jos jedna pomoc:

http://remove-malware.com/anti...rut-and-why-is-it-sooooo-evil/
 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
93.86.81.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta09.10.2009. u 16:24 - pre 176 meseci
Uradio sam kako ste rekli-instalirao svez windows, iskljucio system restore, nakon toga u safe modu skenirao sa dr.web-om i jos nakon toga, skinuo i narezao Dr.Web Live CD i sa njim skenirao. Na C particiji nije vise nadjeno nista. Na D particiji je pronasao, ali sam te programe rucno izbrisao (to su samo instalacije programa, a ne instalirani programi na D particiji). Izbrisao sam i onaj folder system restore... E sada, finalno pitanje-ako ga Dr.Web vise ne nadje u racunaru, da li to znaci da sam se resio virut-a???

[Ovu poruku je menjao elektros dana 09.10.2009. u 17:54 GMT+1]
Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Wolfenstein 2009 i kocenje interneta09.10.2009. u 19:39 - pre 176 meseci
Citat:
E sada, finalno pitanje-ako ga Dr.Web vise ne nadje u racunaru, da li to znaci da sam se resio virut-a???


pa trebalo bi da je tako ali to ti sa sigurnoscu niko ne moze tvrditi. Ja cu ti proveriti C particiju,a za drugu particiju svaki program brisi jer znaj da je inficiran.Ako ga pokrenes...i ako ga AV ne blokira na vreme..sve ispocetka.
Znaci AntiVirus moras imati (za sad preporucujem Avast!,a ako ti se nesvidi,promeni ga kasnije)

Sad,sto se tice C particije...procitaj Top Temu i Uputstvo o koriscenju Combofix-a!

Znaci... 1 .Iskljuci AntiVirus
2.Po uputstvu skini na Desktop CF i pokreni ga
3.kopiraj ovamo log koji dobijes
 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
93.86.83.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta10.10.2009. u 11:04 - pre 176 meseci
Danas nemam vremena da pokrecem Combofix, ali cu to uraditi sutra ili prekosutra. Malo sam "tvrdoglav" i "zao" mi je da brisem instalacije sa D particije (uglavnom igre), a i nasao sam negde na internetu da Virut ne napada sve exe fajlove, pa za sada necu brisati te instalacije ako ih Dr.Web nije oznacio kao inficirane. Kada instaliram neku od tih igara, i ako mi se ponovo pojavi virut, e onda cu sigurno sve obrisati, sacuvati podatke i uraditi format svih particija!
Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
212.200.215.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta12.10.2009. u 08:54 - pre 176 meseci
Evo Combofix log-a:

ComboFix 09-10-11.01 - Administrator 12.10.2009 9:45.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.712 [GMT -7:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Data
c:\windows\system32\install.exe
d:\my documents\java.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-11 17:34 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-11 17:34 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-11 17:34 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-10 02:50 . 2007-05-18 00:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-10-10 02:50 . 2004-02-22 17:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-10 02:50 . 2005-07-14 19:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2009-10-10 02:50 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 02:50 . 2004-01-25 07:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-10-10 02:50 . 2009-10-10 02:50 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-10 02:48 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-10-10 02:48 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-10-10 02:48 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-10-10 02:48 . 2009-10-10 02:48 -------- d-----w- c:\program files\eRightSoft
2009-10-09 22:12 . 2004-08-04 06:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2009-10-09 22:09 . 2004-08-04 05:58 100992 ----a-w- c:\windows\system32\drivers\bthpan.sys
2009-10-09 22:08 . 2004-08-04 07:56 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-10-09 22:08 . 2004-08-04 06:10 59648 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-10-09 22:08 . 2004-08-04 06:10 17024 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-10-09 22:08 . 2004-08-04 07:56 152576 ----a-w- c:\windows\system32\irftp.exe
2009-10-09 22:08 . 2004-08-04 07:56 27136 ----a-w- c:\windows\system32\irmon.dll
2009-10-09 22:08 . 2004-08-04 06:10 274304 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-10-09 22:08 . 2004-08-04 06:10 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-10-09 22:07 . 2009-10-09 22:07 -------- d-----w- C:\Drivers
2009-10-09 20:12 . 2009-10-09 20:12 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-10-09 01:50 . 2009-10-09 01:50 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2009-10-09 01:50 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 01:50 . 2009-10-09 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 01:50 . 2009-10-09 01:50 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2009-10-09 01:50 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 23:40 . 2009-10-08 23:40 25464 ----a-w- c:\users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 23:37 . 2009-10-08 23:37 -------- d-----w- c:\users\Administrator\Application Data\Ahead
2009-10-08 20:39 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-08 20:39 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-08 20:39 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-08 20:39 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-08 20:39 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-08 20:39 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-08 20:39 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-08 20:39 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-08 20:39 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-08 20:39 . 2009-10-08 20:39 -------- d-----w- c:\program files\Alwil Software
2009-10-08 19:43 . 2009-10-10 01:51 -------- d-----w- c:\users\Administrator\DoctorWeb
2009-09-27 04:09 . 2009-09-27 04:09 -------- d-----w- c:\users\All Users\Application Data\TuneUp Software
2009-09-27 04:09 . 2009-09-27 04:09 -------- d-----w- c:\users\Administrator\Application Data\TuneUp Software
2009-09-27 04:08 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-27 04:07 . 2005-03-22 15:00 65536 ----a-w- c:\windows\system32\CNAB4SMK.DLL
2009-09-27 04:07 . 2005-03-22 15:00 57344 ----a-w- c:\windows\system32\CNAB4RPK.EXE
2009-09-27 04:07 . 2005-03-22 15:00 28672 ----a-w- c:\windows\system32\CNAB4PTU.DLL
2009-09-27 04:07 . 2005-03-22 15:00 28672 ----a-w- c:\windows\system32\CNAB4LMK.DLL
2009-09-27 04:07 . 2005-03-22 15:00 135168 ----a-w- c:\windows\system32\CNAB4EMU.DLL
2009-09-27 04:07 . 2009-09-27 04:08 -------- d-----w- c:\program files\Canon
2009-09-27 04:03 . 2009-09-27 04:03 -------- d-----w- c:\program files\Alcohol Soft
2009-09-27 04:02 . 2009-09-27 04:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-27 04:01 . 2009-09-27 04:01 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Adobe
2009-09-27 04:01 . 2009-09-27 04:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-27 04:00 . 2009-09-27 04:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-27 03:59 . 2009-09-27 03:59 -------- d-----w- c:\program files\The KMPlayer
2009-09-27 03:57 . 2009-10-10 02:59 -------- d-----w- c:\users\Administrator\Application Data\Thinstall
2009-09-27 03:51 . 2009-09-27 03:51 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Identities
2009-09-27 02:08 . 2009-09-27 02:08 -------- d-----w- c:\program files\Microsoft Works
2009-09-27 02:04 . 2009-09-27 02:04 -------- d-----w- c:\windows\SHELLNEW
2009-09-27 02:04 . 2009-09-27 02:04 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Microsoft Help
2009-09-27 02:04 . 2009-09-27 02:09 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help
2009-09-27 02:04 . 2009-09-27 02:04 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 04:07 . 2009-09-27 01:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-27 01:44 . 2009-09-27 01:39 -------- d-----w- c:\program files\Creative
2009-09-27 01:44 . 2009-09-27 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 01:35 . 2009-09-26 18:19 4840 ----a-w- c:\windows\system32\drivers\INFCACHE.1
2009-09-27 01:30 . 2009-09-27 01:30 -------- d-----w- c:\program files\ULI5289
2009-09-27 01:30 . 2009-09-27 01:30 12628 ----a-w- c:\windows\system32\drivers\netuli.PNF
2009-09-27 01:28 . 2009-09-27 01:28 295 ----a-w- c:\windows\system32\StartAU.cmd
2009-09-27 01:26 . 2009-09-27 01:26 -------- d---a-w- c:\program files\Utilities
2009-09-27 01:24 . 2009-09-27 01:24 -------- d-----w- c:\program files\VAIOXP
2009-09-27 01:21 . 2009-09-27 01:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-27 01:21 . 2009-09-27 01:21 -------- d-----w- c:\program files\Windows Media Connect 2
2006-05-03 09:06 . 2009-10-10 02:48 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-10-10 02:48 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-10-10 02:48 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2007-06-28 . 1A5FB58FC6E970A308719A4EA49EB8B5 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-06-28 . 69A39AAFF83508304FC92B49A81915DE . 2321792 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe

[-] 2007-06-28 . C7BCEA1533BE5C9E15884D6C39B667F1 . 80216 . . [7.0.6000.374] . . c:\windows\system32\wuauclt.exe

[-] 2007-03-14 . E373EBA833DBBC604726CF51A450E583 . 1656832 . . [6.00.2900.2894] . . c:\windows\explorer.exe


c:\windows\system32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-06-07 409600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"LXPNewUser"="c:\windows\System32\TrunksLXP-NUserFix.cmd" [2007-06-28 2303]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-06-28 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2.7.2007 23:03 52480]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [26.9.2009 18:30 45056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8.10.2009 13:39 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.10.2009 13:39 20560]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [26.9.2009 18:30 28672]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {430CAA2F-2111-44DB-8F4F-44FC0697EBE3} = 212.200.191.166,212.200.190.166
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\users\Administrator\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 09:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-12 9:49
ComboFix-quarantined-files.txt 2009-10-12 16:49

Pre-Run: 47.656.886.272 bytes free
Post-Run: 47.648.870.400 bytes free

183

Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Wolfenstein 2009 i kocenje interneta12.10.2009. u 10:34 - pre 176 meseci
Ok,Combofix log je cist,mada je pronasao par stvari na drugoj particiji sa .exe extenzijom koji su jos inficirani.
Nebi bilo lose da jos jednom "precesljas" drugu particiju i obrises sve stvari sa .exe extenzijom...jer ili su svi inficirani i cekaju "aktivaciju" ili su osteceni.

Uninstaliraj Combofix
Start >> Run
Combofix /u
Ok

PS: avast boot scan si odradio?


u sustini...to je to...sad znas na cemu si..kako stoje stvari...
"koristite zastitu"
 
Odgovor na temu

elektros
Bač

Član broj: 84580
Poruke: 428
93.86.253.*



+4 Profil

icon Re: Wolfenstein 2009 i kocenje interneta12.10.2009. u 11:11 - pre 176 meseci
Kada pokrenem start---run---ComboFix/u kaze da ne moze da nadje taj fajl. I pri restartu mi normalno "dize" windows, bez odabira windows ili combofix (mozda zato sto mi je sistem restore iskljucen). Skenirao sam sa Avast-om, i nalazi mi samo neke trojance (D particija),ali mislim da to nije toliko "opasno". Boot scan nisam uradio, ali mogu i to. Skeniracu D particiju jos jednom sa Dr.Web-om, pa ako jos negde naidje na infekciju-BRISEM JE! Hvala svima koji su pomogli, magna86 tebi pogotovo! Imam racunar 10 godina i isto toliko sam na internetu, ali ovo je po prvi put da mi se desi nesto ovako. U tih deset godina, koristio sam uglavnom kasperskog, ali kada mi se ovo desilo, verovatno nisam apdejtovao bazu, ili je Virut ipak prosao kroz antivirus. Za sada je sve ok, videcemo... Hvala jos jednom!
Nije važno učestvovati, važno je pobediti !!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Wolfenstein 2009 i kocenje interneta12.10.2009. u 23:07 - pre 176 meseci
kaspersky ima definicije za taj malware...u stvari vecina jacih i poznatijih AV ga poznaje ali problem je u tome sto "nasi" alati ovaj malware nemogu ukloniti.
Kaspersky Live CD ( rescue disk) je takodje dobar za uklanjanje ove napasti.


ps: hvala
 
Odgovor na temu

[es] :: Zaštita :: Wolfenstein 2009 i kocenje interneta

[ Pregleda: 3807 | Odgovora: 16 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.