Virus Sality i još ponešto

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav
Sam naslov govori, zakačio sam svašta nešto, ne mogu da instaliram nijedan antivirusni program imam mbam i evo dva njegova loga, da bi znali o čemu se radi, ali ne može da ih ukloni, tj. oni ih navodno ukloni ali posle restarta i ponovnog skeniranja opet isto.
mycity.rs/must-login.png
ovo je drugi log od fajla koji sam posebno skenirao
mycity.rs/must-login.png

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_37
Run by ja at 22:04:51 on 2013-01-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.44 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\windows\Explorer.EXE
C:\windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\ja.JA-7104F2BA20C2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\xylrxl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\JA82DC~1.JA-\LOCALS~1\Temp\winmpgead.exe
C:\DOCUME~1\JA82DC~1.JA-\LOCALS~1\Temp\winvgytj.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yandex.ru/?clid=41529
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {C9F97205-62A3-41F2-9F2C-D99392F882EB} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DLD.EXE] c:\program files\download direct\DLD.exe
uRun: [Google Update] "c:\documents and settings\ja.ja-7104f2ba20c2\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{86D626BD-51A4-4458-99F5-B357B4E2521F} : DHCPNameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{A7873874-A1AC-41DE-8486-C5CB92EEE61A} : DHCPNameServer = 89.216.1.30 89.216.1.50
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ja.ja-7104f2ba20c2\application data\mozilla\firefox\profiles\1qdansar.default\
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\ja.ja-7104f2ba20c2\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-12-09 20:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\fmngmm.sys --> c:\windows\system32\drivers\fmngmm.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-9-24 475648]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-23 100736]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-7-19 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-26 40776]
.
=============== Created Last 30 ================
.
2013-01-26 20:32:24 103140 ----a-w- C:\xylrxl.exe
2013-01-26 19:14:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-26 12:56:47 323584 ------w- c:\windows\Setup1.exe
2013-01-26 12:56:42 146944 ----a-w- c:\windows\ST6UNST.EXE
.
==================== Find3M ====================
.
2013-01-15 06:55:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-15 06:55:22 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-19 12:09:46 8382464 ----a-w- C:\Tablic.msi
2012-12-17 18:17:24 10712304 ----a-w- C:\bsplayer263-1071.exe
2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 19:50:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-09 19:50:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 22:06:00.39 ===============





mycity.rs/must-login.png


mycity.rs/must-login.png

mycity.rs/must-login.png

Treći, neće da skenira, kada pritisnem r >>> i odaberem Autostart karticu i kliknem scan ništa se ne dešava

• 2Ovo se svidja korisnicima: TwinHeadedEagle, mcrule
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav, strike

Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti da uradiš jednu od sledećih solucija:

1) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.

2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).

3) Poseti temu Primena Live CD Rescue rešenja kako bi skenirao računar sa nekim RescueCD rešenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rešenjima.

Javi za koju si se varijantu odlučio.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav Hix

Pretpostavio sam da ne može da se očisti ali reko da pitam možda je i moguće. Uradio sam prvu opciju, hteo sam treću, međutim nisam mogao da narežem program na disk jer nisam mogao da otvorim program za to, niti sam mogao da instaliram bilo koji drugi program koji sam skinuo sa interneta.

Formatirao sam c particiju, d nisam, instalirao nov Windows, skinuo AVG antivirus. on mi je prvi "pao pod ruku" skenirao i pronašao je Sality na d particiji koju nisam formatirao i uklonio, bio je tu i Trojan, uglavnom bilo ih je 4. Uklunio je sve, pustio sam još jedan scan i nije bilo zaraza.

Uglavnom ne znam kako sam zakačio tu "neman", verovatno preko CD-a kada mi je prijatelj donosio nešto da pogledam, jer u principu i ne skidam ništa posebno sa interneta, u smislu rizičnih fajlova, filmova igara, nekih krekova i tako to, niti posećujem da tako kažem rizične sajtove.

Hvala na pomoći i veliki pozdrav.

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Preuzmi i ponovo pokreni DDS i dostavi mi svez DDS.txt izvestaj, kako bismo bili sigurni da je infekcija zaista uklonjena.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.11.2
Run by ja at 19:27:20 on 2013-01-27
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.42 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{C2D50764-902C-40F4-80EE-BE9B34E7C8B4} : DHCPNameServer = 89.216.1.30 89.216.1.50
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ja\application data\mozilla\firefox\profiles\drzypai1.default\
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_155.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-01-27 16:09; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\ja\application data\mozilla\firefox\profiles\drzypai1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-27 17:19; {B1FC07E1-E05B-4567-8891-E63FBE545BA8}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-8-9 38608]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
.
=============== Created Last 30 ================
.
2013-01-27 16:19:14 -------- d-----w- c:\program files\RealNetworks
2013-01-27 16:19:03 -------- d-----w- c:\documents and settings\ja\application data\RealNetworks
2013-01-27 16:18:30 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-01-27 16:17:14 -------- d-----w- C:\setapovi
2013-01-27 16:05:18 -------- d-----w- c:\program files\Tablic
2013-01-27 15:50:31 -------- d-----w- c:\program files\CCleaner
2013-01-27 15:46:21 -------- d-----w- c:\documents and settings\ja\application data\BSplayer Pro
2013-01-27 15:46:21 -------- d-----w- c:\documents and settings\ja\application data\BSplayer
2013-01-27 15:46:20 -------- d-----w- c:\program files\Webteh
2013-01-27 15:41:37 -------- d-----w- c:\documents and settings\ja\local settings\application data\Sun
2013-01-27 15:39:34 -------- d-s---w- c:\documents and settings\ja\UserData
2013-01-27 15:02:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-27 15:02:21 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-27 14:56:44 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-27 14:56:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-27 14:56:43 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-27 14:55:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
.
============= FINISH: 19:28:26.61 ===============

• 1Ovo se svidja korisniku: SlobaBgd
  
  Registruj se da bi pohvalio/la poruku!

Odlično si odradio posao, računar je čist šsto se malwarea tiče.


Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.

• 2Ovo se svidja korisnicima: TwinHeadedEagle, ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Još jednom hvala i svako dobro!