Moguci virusi, racunar se sporije gasi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav.
Dakle juce mi se desilo da Nod detektuje jedno 7-8 infiltracija za redom, ali uglavnom su to bili neki file-ovi iz njegovog foldera, dakle iz Nod-a. Tako je pisalo u nazivu dok "sam terao dalje" da vidim dokle ce da javlja. I uglavnom su bili s Nod32 natpisom.
Usporenost kompa je samo primecena pri gasenju, bas mu dugo treba, iako pogledam u Task-u da su programi s kojima sam radio prestali s radom.
Da, desi se da pri otvaranju obicnih foldera, MyDocuments, ili My Computer posle par otvorenih subfolder-a komp ukoci, i cak sta vise sinoc mi se pojave 3 explorer.exe procesa, od kojih dva, iako odradim End Process ne desi im se nista i jos rade; dok jedan od te trojice kad odradim End Process, izbacilo bi mi neko obavestenje da ne moze da "enduje" process. Sta sve to znaci ne znam.
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Pokreni GUI Nod32 antivirusa: Start -> All Programs -> ESET -> ESET Anti virus
Isprati detaljno sve korake (redom od 1 do 6) sa slike:


Start -> Run -> Notepad -> Edit -> Paste; pojavice se sadrzaj Nod-ovih detekcija u tekstualnom obliku
File -> Save As; snimi .txt file na Desktop pod nazivom nod32log
U sledecoj poruci, opcijom Prikaci fajl, okaci mi fajl nod32log.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo, valjda nisam izgresio.
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jel mozes da uslikas to sto ti nod prijavljuje.. Log deluje cist? A i Nod nista maliciozno nije detektovao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 13 Sep 2010 16:33

Trenutno sam van kuce a racunar mi nije pri ruci, cim se vratim nakacicu sliku.

Dopuna: 14 Sep 2010 0:17

Ovo je ono sto sam nasao u karantin. Ono sto mi bjavljuje nod, kad iskoce prozorcici jedan za drugim to nisam mogao da sacuvam. Desilo bi se pri zvakom paljenju racunara, ali evo trenutno se nije jos pojavilo. ?!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 14 Sep 2010 14:01

To je to. Ako sam dobro shvatio, osim inicijalnog skeniranja ne treba da mu kazem da skenira kad ubacim eksterne HD-ove? Ovo je log:

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 14/09/2010 13:55:14

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {d89795a8-2b9e-11df-b6e6-806e6f6e6963}
D: {d89795a9-2b9e-11df-b6e6-806e6f6e6963}
E: {d89795aa-2b9e-11df-b6e6-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d89795a8-2b9e-11df-b6e6-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for d89795a9-2b9e-11df-b6e6-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for d89795aa-2b9e-11df-b6e6-806e6f6e6963
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 14/09/2010 13:57:04

Scanning for connected USB mass storage...
----------------------------------------
H: {d89795d7-2b9e-11df-b6e6-806e6f6e6963}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
ICON=autorun\WDLOGO.ICO
----------------------------------------

No mountpoint found for H:
Sanitized mountpoint for d89795d7-2b9e-11df-b6e6-806e6f6e6963
----------------------------------------

----------------------------------------
Desktop.ini found at H:\$RECYCLE.BIN\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\YBCWipe\command,@ = "C:\Program Files (x86)\Jetico\BCWipe\BCWipe.exe" RecycleBin
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\YBCWipe\command,@ = "C:\Program Files (x86)\Jetico\BCWipe\BCWipe.exe" RecycleBin
----------------------------------------
Desktop.ini found at H:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\YBCWipe\command,@ = "C:\Program Files (x86)\Jetico\BCWipe\BCWipe.exe" RecycleBin
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\YBCWipe\command,@ = "C:\Program Files (x86)\Jetico\BCWipe\BCWipe.exe" RecycleBin
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 14/09/2010 13:59:31

Scanning for connected USB mass storage...
----------------------------------------
M: {770b1a28-2db8-11df-be3c-001d6025b942}
Added M:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on M:
----------------------------------------
No autorun.inf files found on M:
No mountpoint found for 770b1a28-2db8-11df-be3c-001d6025b942
----------------------------------------

No Desktop.ini files found on M:
----------------------------------------

No mimics found on drive M:
========================================

========================================
Removed M:
========================================

Dopuna: 14 Sep 2010 15:32

A evo inace ono sto objavljuje nod, desilo se ponovo jutros. Uhvatio sam jedan screenshot.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E pa prijatelju ovde smo zavrsili(a ionako nisi imao malware).

To je ilegalan sajt za snabdevanje korisnika sa kompromitovanim siframa za Nod. Neko je pukao kintu a ti hoces za dzabe Nod da koristis. Nece da moze.

Resenje je da izbacis taj sajt iz rss feed readera(nemam pojma kako jer nikad nisam koristio takav softvare).


Procitaj Pravilnik jos jednom.

Nista licno, samo radim po pravilniku.. Pozzzz