Online Armor?

Online Armor?

offline
  • Pridružio: 21 Apr 2008
  • Poruke: 102
  • Gde živiš: Maklosevac, Nasice, Hrvatska

Pozdrav svima!

Evo ovako..... Prije koju minutu cim sam ukljucio Online Armor firewall poceo mi je izbacivati da neke internet stranice zele promijenit localhost 127.0.0.1 u sljedece..... evo prilazem i export iz OA firewall-a.


Type,Date/Time,Action,Description
New Host Entry Detected,23.1.2009 22:59:55,Blocked,127.0.0.1 virus-alert-center.com
New Host Entry Detected,23.1.2009 22:59:54,Blocked,127.0.0.1 www.virus-alert-center.com
New Host Entry Detected,23.1.2009 22:59:52,Blocked,127.0.0.1 ultraantivirus2009.com
New Host Entry Detected,23.1.2009 22:59:51,Blocked,127.0.0.1 www.ultraantivirus2009.com
New Host Entry Detected,23.1.2009 22:59:49,Blocked,127.0.0.1 trafikfind.com
New Host Entry Detected,23.1.2009 22:59:48,Blocked,127.0.0.1 www.trafikfind.com
New Host Entry Detected,23.1.2009 22:59:47,Blocked,127.0.0.1 sys-scanner.com
New Host Entry Detected,23.1.2009 22:59:45,Blocked,127.0.0.1 www.sys-scanner.com
New Host Entry Detected,23.1.2009 22:59:44,Blocked,127.0.0.1 spywareinfo.com
New Host Entry Detected,23.1.2009 22:59:42,Blocked,127.0.0.1 www.spywareinfo.com
New Host Entry Detected,23.1.2009 22:59:37,Blocked,127.0.0.1 sgviralscan.com
New Host Entry Detected,23.1.2009 22:59:33,Blocked,127.0.0.1 www.sgviralscan.com
New Host Entry Detected,23.1.2009 22:59:32,Blocked,127.0.0.1 sg9scanner.com
New Host Entry Detected,23.1.2009 22:59:31,Blocked,127.0.0.1 www.sg9scanner.com
New Host Entry Detected,23.1.2009 22:59:28,Blocked,127.0.0.1 scan4plus.com
New Host Entry Detected,23.1.2009 22:59:28,Blocked,127.0.0.1 www.scan4plus.com
New Host Entry Detected,23.1.2009 22:59:25,Blocked,127.0.0.1 pcantivirusscanneronline.com
New Host Entry Detected,23.1.2009 22:59:24,Blocked,127.0.0.1 www.pcantivirusscanneronline.com
New Host Entry Detected,23.1.2009 22:59:20,Blocked,127.0.0.1 myfasterpc.com
New Host Entry Detected,23.1.2009 22:59:19,Blocked,127.0.0.1 www.myfasterpc.com
New Host Entry Detected,23.1.2009 22:59:13,Blocked,127.0.0.1 liveprotectionupdate.cn
New Host Entry Detected,23.1.2009 22:59:12,Blocked,127.0.0.1 www.liveprotectionupdate.cn
New Host Entry Detected,23.1.2009 22:59:07,Blocked,127.0.0.1 isafeantivir.com
New Host Entry Detected,23.1.2009 22:59:06,Blocked,127.0.0.1 www.isafeantivir.com
New Host Entry Detected,23.1.2009 22:58:59,Blocked,127.0.0.1 in5is.com
New Host Entry Detected,23.1.2009 22:58:57,Blocked,127.0.0.1 www.in5is.com
New Host Entry Detected,23.1.2009 22:58:55,Blocked,127.0.0.1 griehe.com
New Host Entry Detected,23.1.2009 22:58:53,Blocked,127.0.0.1 www.griehe.com
New Host Entry Detected,23.1.2009 22:58:11,Blocked,127.0.0.1 defender2008.com
New Host Entry Detected,23.1.2009 22:58:07,Blocked,127.0.0.1 www.defender2008.com
New Host Entry Detected,23.1.2009 22:57:28,Blocked,127.0.0.1 childhe.com
New Host Entry Detected,23.1.2009 22:57:25,Blocked,127.0.0.1 www.childhe.com
New Host Entry Detected,23.1.2009 22:56:17,Blocked,127.0.0.1 astrumavrpro.com
New Host Entry Detected,23.1.2009 22:56:07,Blocked,127.0.0.1 www.astrumavrpro.com





Evo HJT loga.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:40, on 23.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 5549 bytes





Bilo kakva pomoc u vezi toga. Ja se ispricavam ako sam promasio temu.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Te promene u Hosts file-u su legitimnog porekla i svrha im je blokiranje pristupa tim sajtovima (koji služe za distribuciju malware-a).

Upise u Hosts file je verovatno izvršio Spybot S&D ili neki drugi zaštitni program.

offline
  • Pridružio: 21 Apr 2008
  • Poruke: 102
  • Gde živiš: Maklosevac, Nasice, Hrvatska

Ok. Hvala na pomoci!

Dopuna: 23 Jan 2009 23:32

Da to je bilo od spybota. Jer bas sam napravio update. Pa sam ponovo otiso na imunizaciju, pa je OA opet izbacio isto.

Ko je trenutno na forumu
 

Ukupno su 1104 korisnika na forumu :: 39 registrovanih, 8 sakrivenih i 1057 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Areal84, Asparagus, babaroga, bojank, bokisha253, Brana01, Centauro, Chainsaw, DonRumataEstorski, draganca, Goran 0000, hologram, ikan, ILGromovnik, janbo, Još malo pa deda, Karla, kihot, Krvava Devetka, kybonacci, Luka Blažević, Mlav, nenad81, oldtimer, repac, sasa87, simazr, Singidunumac, Srle993, Stanlio, stegonosa, Toper, vathra, VJ, vladaa012, vladulns, |_MeD_|, šumar bk2