virus-kako ga obrisati

1

virus-kako ga obrisati

Idi na vrh
offline
  • Pridružio: 24 Jul 2009
  • Poruke: 138

imam nod 32 antivirus koji je skenirao i pokazao da imam tri virusa u volume...kako da obrisem?
hitno mi treba resenje...u scan and clean ga pronadje ali izgubi se opcija delete

Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Glavni moderator foruma Zaštita
  • Pridružio: 24 Jul 2007
  • Poruke: 12133
  • Gde živiš: Höganäs, SE

Preciziraj "volume". Možda System Volume Information ?

Ako je to, potrebno je da isključiš System Restore i da ga ponovo uključiš:

http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


Ako nije pomenuti folder u pitanju, onda: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Idi na vrh
offline
  • Pridružio: 24 Jul 2009
  • Poruke: 138

Napisano: 25 Jul 2009 8:52

da system volume restore information...sa system restore sam odma probala i nece...a ovo drugo...nije mi bas najjasnije

Dopuna: 25 Jul 2009 9:40

hm sta li je sada...system restore mi izgubio funkciju...ne mogu da aktiviram recimo na 21.07 niti bilo koji drugi datum...sta sada???

Dopuna: 25 Jul 2009 9:52



Dopuna: 25 Jul 2009 9:53

ovako izgledaju u karantinu virusi...

Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Glavni moderator foruma Zaštita
  • Pridružio: 24 Jul 2007
  • Poruke: 12133
  • Gde živiš: Höganäs, SE

Sitna ta slika...


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Isprati uputstvo za postavljanje HijackThis loga.



Takođe, preuzmi program RootRepeal na Desktop.

  • Raspakuj RootRepeal.zip u neki folder.
  • Dvoklikom pokreni RootRepeal.exe.
  • Pređi na Report karticu (klikom na Report taster, dole, desno).
  • Klikni Scan taster.
  • U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
  • U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
  • Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Priloži taj file uz poruku korišćenjem opcije Prikači fajl.

Idi na vrh
offline
  • Pridružio: 24 Jul 2009
  • Poruke: 138

Napisano: 25 Jul 2009 9:57

:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe »7ZIP »OFFLINE/EB91CE86/3E688669/stbdl.exe - Win32/Adware.DoubleD application

Dopuna: 25 Jul 2009 9:58

ovo pise kada skenira...uh bas me namuci ovaj virus

Dopuna: 25 Jul 2009 10:02

samo mi iybaci opciju save file kada je u pitanju hijack

Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Glavni moderator foruma Zaštita
  • Pridružio: 24 Jul 2007
  • Poruke: 12133
  • Gde živiš: Höganäs, SE

Klikneš Do a system scan and save a logfile... Ubrzo nakon toga će se otvoriti Notepad sa izveštajem koji treba da iskopiraš ovde.

Idi na vrh
offline
  • Pridružio: 24 Jul 2009
  • Poruke: 138

Napisano: 25 Jul 2009 10:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:41 AM, on 7/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.593\picpick.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter/Exploder
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PicPick Start] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.593\picpick.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9fa4440203a06) (gupdate1c9fa4440203a06) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8704 bytes

Dopuna: 25 Jul 2009 10:39

sve sam uradila sto je receno tj napisano i virus je prisutan i dalje

Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Glavni moderator foruma Zaštita
  • Pridružio: 24 Jul 2007
  • Poruke: 12133
  • Gde živiš: Höganäs, SE

Citat:Takođe, preuzmi program RootRepeal na Desktop.

  • Raspakuj RootRepeal.zip u neki folder.
  • Dvoklikom pokreni RootRepeal.exe.
  • Pređi na Report karticu (klikom na Report taster, dole, desno).
  • Klikni Scan taster.
  • U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
  • U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
  • Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Priloži taj file uz poruku korišćenjem opcije Prikači fajl.

Idi na vrh
offline
  • Pridružio: 24 Jul 2009
  • Poruke: 138

Napisano: 25 Jul 2009 11:08

sve sam opet skenirala i opet isto,virusi su tu

Dopuna: 25 Jul 2009 11:09

i rootrepeal sam uradila kao sto si napisao...sve

Dopuna: 25 Jul 2009 11:12

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/25 11:10
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA3EEE000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5DE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA0D22000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DI00.734
Status: Invisible to the Windows API!

==EOF==

Dopuna: 25 Jul 2009 11:14

ovo izbacili posle rootrepeal

Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Glavni moderator foruma Zaštita
  • Pridružio: 24 Jul 2007
  • Poruke: 12133
  • Gde živiš: Höganäs, SE

Poenta korišćenja prethodnih programa nije bila automatsko brisanje bilo čega. U pitanju su dijagnostički programi koji meni treba da pruže uvid u stanje na tvom kompjuteru (kako da brišem bilo šta ako ne znam da postoji?).


Pažljivo isprati sledeće uputstvo.


Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer





Kada preuzimanje programa bude završeno:
  1. deaktiviraj zaštitni softver (uputstvo);
  2. zatvori pokrenute programe;
  3. dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:
  • proveriti postoji li novija verzija programa:
    • klikni Yes ako bude ponuđeno preuzimanje iste.
  • prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
    • klikni Yes kako bi proces bio nastavljen.
  • ako Recovery Console nije instalirana, ponuditi instalaciju:
    • prihvati klikom na Yes i isprati postupak.
  • postaviti/dati određeni broj upita/obaveštenja:
    • prihvati klikom na Yes ili OK.
  • po potrebi, restartovati Windows (više puta);
  • na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
  1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
  2. klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
  3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:
  • Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
  • Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 601 korisnika na forumu :: 82 registrovanih, 5 sakrivenih i 514 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1311 - dana 15 Nov 2012 21:40

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, amir3045, andricdijana85, aramis s, Arhiv, arsa2, Bane san, bokixl, boksi, borca71, Chuck Norris, CZ 75, Davor Kerezovic, Davor Kondic, dejan__81, dekao, dexter300, djboj, Djordje Todorovic, dozorni, Drug pukovnik, dulentse, eleutheros, Eridan, Exreey, FOX, goxin, GrobarRomanticar, higuy, ivan1810, ivance95, jaeger, koja92, Korapg, Kule, laki_bb, Leone Montana, Levi, ljupcoveselinov, lolovoz, maiden6657, Majki2, Mercury, Milan A. Nikolic, nadase_70, nikoladim, objektus, paokjowanpfc, Pera Ždera, PRIVATE RYAN, RADOVAN.S, rapha, riva, rkekoke, robertfitzroy37, S-lash, sch, shadower78, Shone 89, sosko2, spasa, Srki94, stalker2, SVEVID2, t84dar, taz1cl, Teho, TitovPionir, tomislav91, vathra, Veber Zoltan, vrabac, Wiesel092, Wilson2, Wisdomseeker, Yellow Pinky, Zerajic, zgoljo, Zlox, zoran MKD, |_MeD_|, Žan Klod vam dam
Siguran hosting