Vesti

blue boy · Super građanin

----------- Napisano: 25 Jan 2010 17:17 ---------

Na flashu mi je bio vidljiv autorun.inf ,posle instaliranja i skeniranja programom usb drive antivirus 2.3 on je sklonio autorun.inf kao hidden,i kad god ga skenira on nalazi infekciju threads,medjutim kada otvorim free commanderom flash on mi pored autorun.inf prikazuje driver folder pa u njemu ikonicu recycle bin-a i u njoj jos neki fajl –¼‡‘Š•†‘Í€ŒŽ i desktop.ini ,kada ga ocisti ovako izgleda

Scan completed successfully
C:\ no threat found
D:\ no threat found
G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ cleaned
G:\Autorun.inf cleaned
G:\ cleaned completed.

symantec i super antyspyware ne nalaze nista. Nisam siguran da li je infekcija sada ,pre je bila jer mi je kada sam nakacio n96 mass memory bio pretvoren u exe ,svaki folder pa sam formatirao mob. ali to je druga prica,.... da li je neka infekcija i kako da je uklonim,sve sam pokusao uradi mi format normalno kada restartujem komp ali mi i dalje u hidden kada otvaram free commanderom stoje ti fajlovi

kapacitet je 7.44gb ,ti fajlovi zauzimaju 140kb ,da li je to normalno

http://www.mycity.rs/Uploads/356_1365180460_DDS.txt

http://www.mycity.rs/Uploads/356_1619863595_Attach.txt

http://www.mycity.rs/Uploads/356_666324238_gmer1.log

http://www.mycity.rs/Uploads/356_2041634731_gmer2.log

http://www.mycity.rs/Uploads/356_772809390_gmer3.txt

----------- Dopuna: 25 Jan 2010 17:21 ---------

e jbg. tek sada videh da je upustvo izmenjeno...sorry

diarno · Anti Malware Fighter Rank 2

Uploaduj C:\WINDOWS\rndll.exe

Preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

blue boy · Super građanin

ja mislim da sam oslepeo,ne vidim ga nigde

ili iz win32 rndll.exe

diarno · Anti Malware Fighter Rank 2

Izvadi sve memorijske usb uredjaje.

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:

Kod:

:processes
C:\WINDOWS\rndll.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Firevall Administrating"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Taskman"=-

:files
C:\WINDOWS\rndll.exe
c:\windows\system32\Npad.exe
c:\documents and settings\ratko\application data\uyugq.exe
C:\123ds.exe

:commands
[emptytemp]

Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.

Ukoliko se pojavi upit:

blue boy · Super građanin

All processes killed
Error: Unable to interpret <processes> in the current context!
Error: Unable to interpret <C:\WINDOWS\rndll.exe> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Firevall Administrating not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\npad_ql deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Taskman not found.
========== FILES ==========
File/Folder C:\WINDOWS\rndll.exe not found.
c:\windows\system32\Npad.exe moved successfully.
File/Folder c:\documents and settings\ratko\application data\uyugq.exe not found.
File/Folder C:\123ds.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Ratko
->Temp folder emptied: 17944616 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2765919 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 3348 bytes

Total Files Cleaned = 22.00 mb

OTM by OldTimer - Version 3.1.6.0 log created on 01252010_193335

Files moved on Reboot...

Registry entries deleted on Reboot...

diarno · Anti Malware Fighter Rank 2

----------- Napisano: 25 Jan 2010 20:00 ---------

Pusti ponovo DDS i postavi DDS.txt file

Zatim, preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

----------- Dopuna: 25 Jan 2010 20:01 ---------

Pusti ponovo DDS i postavi DDS.txt file

Zatim, preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

blue boy · Super građanin

----------- Napisano: 25 Jan 2010 20:23 ---------

e skrljo mi se sistem bio ,sve sam podigao ponovo,formatirao sam sve i podigao novi sistem,dakle sad ostaje samo taj usb za proveru samo njega imam nista drugo

----------- Dopuna: 25 Jan 2010 20:53 ---------

uh napokon sam ga ocistio,sad je kao suza ,hvala puno diarno

diarno · Anti Malware Fighter Rank 2

A log od usbnorisk-a.?

blue boy · Super građanin

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 1/25/2010 9:48:29 PM

Searching for connected USB Mass storage...
----------------------------------------
G: {6c39f9a2-09df-11df-91ff-806d6172696f}
========================================

Searching for other storage...
----------------------------------------
D: {6c39f9a4-09df-11df-91ff-806d6172696f}
C: {6c39f9a6-09df-11df-91ff-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on G:
No Autorun.inf files found on G:
Sanitized mountpoint for 6c39f9a2-09df-11df-91ff-806d6172696f
No Desktop.ini files found on G:
No mimics found on drive G:
----------------------------------------

Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6c39f9a6-09df-11df-91ff-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6c39f9a4-09df-11df-91ff-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================

diarno · Anti Malware Fighter Rank 2

To je samo inicijalni sken, tj sken particija... meni treba ono posle kad ubacujes usb uredjaje... No ako ti smatras da je problem resen mozemo privoditi kraju, al cisto da znas infekcija je dosla sa usb-a.

blue boy · Super građanin

pa G: mi je flash,samo sam njega ubacio i drzao 10sek. kao sto si rekao,uostalom njega sam drzao u kompu dok sam drzao sistem i preko onog windows menija i flash skroz izbrisao tj. formatirao i sistem napakovao ponovo,scan je bio posle dizanja sistema sa ovim usb-no risko-m

Vesti

Usb flash problem autorun.inf