Facebook locked - Chrome malware

2

Facebook locked - Chrome malware

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 46

U prilogu su izvještaji po koracima:


Korak 1.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by WINXPSP3 at 2013-10-09 17:37:44 Run:1
Running from C:\Documents and Settings\WINXPSP3\Desktop\sajt
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
MountPoints2: {73cd245f-d73e-11e1-a02f-00e07d9768df} - F:\silent.exe
C:\Documents and Settings\Administrator\NEWB5E.tmp.exe
C:\Documents and Settings\Default User\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\18vwc9qb.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Execute2App.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Kies2RemoveAll.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\ONAIRSetup4.0.0.905.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\vlc-2.0.7-win32.exe
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
CMD: ipconfig /flushdns
*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cd245f-d73e-11e1-a02f-00e07d9768df} => Key deleted successfully.
HKCR\CLSID\{73cd245f-d73e-11e1-a02f-00e07d9768df} => Key not found.
C:\Documents and Settings\Administrator\NEWB5E.tmp.exe => Moved successfully.
C:\Documents and Settings\Default User\NEWB5E.tmp.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\NEWB5E.tmp.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\18vwc9qb.dll => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Execute2App.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Kies2RemoveAll.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\ONAIRSetup4.0.0.905.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\SpOrder.dll => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\vlc-2.0.7-win32.exe => Moved successfully.
"C:\WINDOWS" => ":nlsPreferences " ADS not found.
C:\Documents and Settings\All Users\Application Data\Temp => ":D1B5B4F1 " ADS removed successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


==== End of Fixlog ====

Korak 2.

Failed.

Pokrenut Combofix, izvršena instalacija Recovery Console, nešto više od 10 minuta je trajala. Računar se restartovao 2 puta, svaki put uz blue screen. Nakon pokretanja, nema izvještaja o skeniranju. Tada sam ga i ja 2 puta restartovao, međutim izvještaj ne dolazi. Takođe izvještaja nema ni na C ni na D particiji.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow ComboFix nece da radi, zato sto imas modifikovanu verziju Windows-a. Inace, u prilozenim izvestajima nema tragova malware-a, koji ukazuju na problem sa Chrome-om. No izvrsicemo jos jednu proveru:



Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 46

Poštovani,

u nastavku je MBAM izvještaj:

Malwarebytes Anti-Malware 1.75.0.1300
malwarebytes.org

Database version: v2013.10.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
WINXPSP3 :: PC-E1A9268535A6 [administrator]

10.10.2013 18:57:27
mbam-log-2013-10-10 (18-57-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262912
Time elapsed: 29 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
D:\My Documents\Downloads\ADBE_CS5_MasterKeygen.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Flash_Menu_Factory_1.1.rar (Trojan.Agent.gen) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Flash_Menu_Factory_1.1Patch.rar (Trojan.Agent.gen) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Wondershare_QuizCreator_4.0.1+Patch_AZD.rar ((zabranjeno)Tool.Agent) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Real Hide IP v4.2.9.2.rar (PUP.Riskware.Patcher) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\CS5MasterKeygen.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\WINDOWS\AutoKMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kao sto rekoh, racunar je cist,.

Kakvo je sada stanje sa Facebook-om?

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 46

Isto. I dalje prikazuje upozorenje. Pogasio sam sve dodatke (u slučaju da je do njih).


offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Ne znam kako da ti pomognem, tvoj sistem je cist, tako da to ne pravi problem. Vidi da li ti je se neko drugi logovao na nalog, mozda je kod njega problem. Ili sacekaj jos koji dan, obicno taj lock naloga traje 7 dana.




Arrow Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.

offline
  • Pridružio: 11 Jul 2012
  • Poruke: 46

Nije mogao niko drugi s obzirom da sam uključio prepoznavanje browsera, slanje koda na telefon i trusted contacts.

Hvala na iscrpnoj pomoći.

Svako dobro,
pozdrav.

Ko je trenutno na forumu
 

Ukupno su 1219 korisnika na forumu :: 88 registrovanih, 8 sakrivenih i 1123 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksandarbl, AleksSE, Andrija357, awathorn, b_z_b, Batinas, Belac91, Bobrock1, bojcistv, Brada i Gibanica, BraneS, Bubili, cemix, CheefCoach, DucicM, Duh sa sekirom, Ehinacea, FileFinder, Frunze, geo.dule, goran.vvv, hyla, ivan1973, ivan979, joca83, JOntra, Još malo pa deda, kairos, Komentator, komkom, Kristian_KG, Kruger, kybonacci, larisadanilenko, Lazarus, Libertas, ljuba, Lord Nem, Marko Milakov, mb1213, mercedesamg, Miki01, Milan A. Nikolic, mile1983, mileJNA, MiroslavD, Miskohd, mnn2, mrav pesadinac, nemkea71, nevjerna beba, novator, operniki, opt1, Paor, Plava bluza, Pohovani_00, prle122, procesor, Rakenica, raskoljnikov, raso76, repac, S2M, sakota79, sasabanjac, Simon simonović, slonic_tonic, srbijaiznadsvega, Srki94, Srle993, ssekir75, Stuka76, tanakadzo, taz1cl, Trpe Grozni, tubular, upitnik, vathra, Visionary, vladas87, vladom6, vladulns, wizzardone, Zadonbas, Zimbabwe, zlatkoa987