Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Pomoc oko"mIrc"virusa!!!!!!!!!

[es] :: Zaštita :: Pomoc oko"mIrc"virusa!!!!!!!!!

[ Pregleda: 1961 | Odgovora: 5 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

bojanlazovic

Član broj: 163267
Poruke: 36
*.adsl-4.sezampro.yu.



Profil

icon Pomoc oko"mIrc"virusa!!!!!!!!!09.12.2007. u 16:33 - pre 199 meseci
Imam problem oko virusa koji se pojavio posle instalacije odredjenog programa!
u task baru mi se pojavljuje ikonica(koja se inace ne vidi,prazno mesto) i pokazuje da je mirc iako ga nemam instaliranog!!!
ne moze da se iskljuci ,kada pokusam na exit ukljucuje ie i pokusava da otvori nrku rumunsku stranu ,kada ugasim ie prijavljuje da "alex66" ne postoji!!startuje se pri svakom dizanju sistema iako ,gledao sam na start up-nema,u msconfig-nema! Imam avast pro,updejtovan ali ga ne pronalazi!!!pomoc!!!!!!!
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-3.sezampro.yu.



+3779 Profil

icon Re: Pomoc oko"mIrc"virusa!!!!!!!!!09.12.2007. u 20:18 - pre 199 meseci
Okaci HiJackThis! log... Koristi pretragu na ovom forumu ako neznas sta je HiJackThis!...
 
Odgovor na temu

bojanlazovic

Član broj: 163267
Poruke: 36
*.adsl-1.sezampro.yu.



Profil

icon Re: Pomoc oko"mIrc"virusa!!!!!!!!!09.12.2007. u 23:19 - pre 199 meseci
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0:15:14, on 10.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\forcxifr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programi\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gozobil.lx.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro
F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {5608770a-40d2-c059-9a94-91953c8d7366} - {6637d8c3-5919-49a9-950c-2d04a0778065} - C:\WINDOWS\system32\wrdqajrd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8E028B54-5F8E-4C69-BA7F-4F0309BB9AC7} - C:\WINDOWS\system32\awvvv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\system32\xxyabba.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [7cd1fba5] rundll32.exe "C:\WINDOWS\system32\qsqdemvk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7579841-D805-4335-B047-42BF4C657ECA}: NameServer = 77.105.0.19 77.105.0.18
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O20 - Winlogon Notify: xxyabba - C:\WINDOWS\SYSTEM32\xxyabba.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\forcxifr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe




----mislim da suu ovi rumunski sajtovi,ali ne znam kako da to sredim
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-4.sezampro.yu.



+3779 Profil

icon Re: Pomoc oko"mIrc"virusa!!!!!!!!!10.12.2007. u 12:26 - pre 199 meseci
Inficiran si varijacijom netsky crva (SmitFraud)... Pretrazi bas ovaj forum sa kljucnom reci Smitfraud i NetSky... Mnogo je tema o slicnim infekcijama i nacinima da se one izlece (takodje je mnogo alata prilozeno ukljucujuci Smitfarud fix, ComboFix, VundoFix itd..) Obavezno iskljuci System Restore dok ne resis problem. Sto se tice HiJackThis loga sledece treba stikljirati i izbrisati (pritisni fix checked):


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gozobil.lx.ro

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro

F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe

O2 - BHO: {5608770a-40d2-c059-9a94-91953c8d7366} - {6637d8c3-5919-49a9-950c-2d04a0778065} - C:\WINDOWS\system32\wrdqajrd.dll

O4 - HKLM\..\Run: [7cd1fba5] rundll32.exe "C:\WINDOWS\system32\qsqdemvk.dll",b

O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll

O20 - Winlogon Notify: xxyabba - C:\WINDOWS\SYSTEM32\xxyabba.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: DomainService - - C:\WINDOWS\system32\forcxifr.exe



Procesi koji su deo infekcije su sledeci:


C:\WINDOWS\system32\winlogin.exe

i

C:\WINDOWS\system32\forcxifr.exe


Njih treba da skines kako umes i znas. Rucno se mogu skinuti tako sto ih iskljucis u Task Manager-u i izbrises tako sto ih rucno nadjes na datim putanjama (boldirane gore) i izbrises (ili bar probas :))... ako ne uspe u normalnom modu probaj preko Safe Mode-a.

Skini HiJackThis! 1.99.1 jer je taj bolji za Windows XP... Ima cak i linkova na nekim temama ovde...

Nadam se da se ovakve infekcije nece ponavljati, jer znam da ih slucajno nisi mogao zaraditi. Mozes slobodno da kazes i preko kog programa si se zarazio da se neko drugi ne bi opeklao kao ti...
 
Odgovor na temu

bojanlazovic

Član broj: 163267
Poruke: 36
*.adsl-1.sezampro.yu.



Profil

icon Re: Pomoc oko"mIrc"virusa!!!!!!!!!10.12.2007. u 16:30 - pre 199 meseci
Hvala na pomoci,uspeo sam da resim problem!A sto se tice programa -BSPLAYER PRO!!!
Jos jednom havala na trudu!!!
 
Odgovor na temu

Danilo Cvjeticanin
Danilo Cvjeticanin
Apatin-Beograd

Član broj: 9614
Poruke: 3517
212.200.220.*



+37 Profil

icon Re: Pomoc oko"mIrc"virusa!!!!!!!!!10.12.2007. u 20:25 - pre 199 meseci
I koristi Firefox, batali IE!
www.getfirefox.com
 
Odgovor na temu

[es] :: Zaštita :: Pomoc oko"mIrc"virusa!!!!!!!!!

[ Pregleda: 1961 | Odgovora: 5 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.