Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

www.magicsearch.ws

[es] :: Zaštita :: www.magicsearch.ws

[ Pregleda: 3287 | Odgovora: 1 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

wargamehide
Sex & Ex
`

Član broj: 17397
Poruke: 51
*.ptt.yu



Profil

icon www.magicsearch.ws07.02.2004. u 20:37 - pre 245 meseci
Slucajno sam posetio sajt i sada kada ukucam neku adresu (bilo koju) IE ode na sajt
www.magicsearch.ws

Kako ovo da resim

maybe baby
baby meybe
 
Odgovor na temu

Zed-Zen

Član broj: 20906
Poruke: 2
*.cmu.carnet.hr



Profil

icon Re: www.magicsearch.ws16.02.2004. u 18:01 - pre 245 meseci
Momci, momci, momci!!! Pa nećemo tako. Pa jesmo li mi tu da rešimo problem ili ne?
Meni se pre neki dan isto desilo. Pa kažem: "www.magicsearch.ws, majku vam fašističku!"

Ali imam rešenje problema. Radi se o jednoj otimačini browsera i jednom crvu.
Pobrišite datoteke na disku koje imaju ovakve nazive, ali samo ako su veličine oko 21 kb i u sebi imaju tekst "HidePE":

C:\Program Files\directx\directx.exe
C:\Program Files\Common Files\System\systeem.exe (ima viška 'e')
C:\Windows\explore.exe (fali slovo 'r' na kraju)
C:\Windows\System\internet.exe
C:\Windows\Media\wmplayer.exe
C:\Windows\Help\helpcvs.exe
C:\Program Files\Accessories\accesss.exe (ima viška 's')
C:\Games\systemcritical.exe
C:\Documents Settings\sistem.exe
C:\Program Files\Common Files\Windows Media Player\wmplayer.exe
C:\Windows\Start Menu\Programs\Accessories\Game.exe
C:\Windows\sistem.exe
C:\Windows\System\RunDll16.exe
C:\Windows\iexplorer.exe (extra 'i' ili extra 'r')
C:\y.exe
C:\x.exe

c:\funny.exe
c:\funniest.exe
c:\Windows\notepad32.exe
C:\Windows\system\kazaa.exe
C:\Windows\system32\kazaa.exe
C:\Program Files\Common Files\Services\iexplorer.exe
C:\Program Files\Common Files\Services\explore.exe
C:\Program Files\Common Files\Services\exploreer.exe
C:\Program Files\Common Files\Services\sistem.exe
C:\Program Files\Common Files\Services\critical.exe
C:\Program Files\Common Files\Services\directx.exe
C:\Program Files\Common Files\Services\internet.exe
C:\Program Files\Common Files\Services\window.exe
C:\Program Files\Common Files\Services\winmgnt.exe
C:\Program Files\Common Files\Services\clrssn.exe
C:\Program Files\Common Files\Services\explorer32.exe
C:\Program Files\Common Files\Services\win32e.exe
C:\Program Files\Common Files\Services\directx32.exe
C:\Program Files\Common Files\Services\uninstall.exe
C:\Program Files\Common Files\Services\volume.exe
C:\Program Files\Common Files\Services\autorun.exe
C:\Program Files\Common Files\Services\users32.exe
C:\Program Files\Common Files\Services\notepad.exe
C:\Program Files\Common Files\Services\win64.exe
C:\Program Files\Common Files\Services\inetinf.exe
C:\Program Files\Common Files\Services\time.exe
C:\Program Files\Common Files\Services\systeem.exe

c:\Windows\system32\iexplorer.exe
c:\Windows\system32\explore.exe
c:\Windows\system32\exploreer.exe
c:\Windows\system32\sistem.exe
c:\Windows\system32\critical.exe
c:\Windows\system32\directx.exe
c:\Windows\system32\internet.exe
c:\Windows\system32\window.exe
c:\Windows\system32\winmgnt.exe
c:\Windows\system32\clrssn.exe
c:\Windows\system32\explorer32.exe
c:\Windows\system32\win32e.exe
c:\Windows\system32\directx32.exe
c:\Windows\system32\uninstall.exe
c:\Windows\system32\volume.exe
c:\Windows\system32\autorun.exe
c:\Windows\system32\users32.exe
c:\Windows\system32\win64.exe
c:\Windows\system32\inetinf.exe
c:\Windows\system32\time.exe
c:\Windows\system32\systeem.exe

- ili sve slično, ALI veličine oko 21.06KB i sa tekstom "HidePE" unutra
- u slučaju da ne možete da ih pobrišete, ubijte istoimene procese iz memorije
- ovaj crv će vam onesposobiti vaš firewall, pa se požurite da to rešite

ALI TO NIJE SVE!!! Time nije rešen problem browsera. Za TO ćete morati u REGEDIT da promenite zapise koji zlostavljaju vaš registry:

HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer,SearchURL =

HKCU\Software\Microsoft\Internet Explorer\SearchURL,@ = http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\SearchURL,@ =

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magicsearch.ws
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.ws
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKCU\Software\Microsoft\Internet Explorer,Search = http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer,Search =


HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer,SearchURL =

HKLM\Software\Microsoft\Internet Explorer\SearchURL,@ = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\SearchURL,@ =

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magicsearch.ws
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.ws
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.ws/?q=

HKLM\Software\Microsoft\Internet Explorer,Search = http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer,Search =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix,@ = http://magicsearch.ws/?q=
promenite u
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix,@ = http://

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes,www = http://magicsearch.ws/?q=
promenite u
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes,www = http://


- na svim ostalim mestima gde nađete "*magicsearch.ws*", promenite u ""

TO BI BILO TO! Ja sam uspio u svom naumu.Bar mislim. Probajte i ako vam uspije, javite mi.

Hvala, zlatna ste publika!
Vaš, Zed-Zen
 
Odgovor na temu

[es] :: Zaštita :: www.magicsearch.ws

[ Pregleda: 3287 | Odgovora: 1 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.