Izdvojeno iz druge teme (3)

Izdvojeno iz druge teme (3)

offline
  • milnem  Male
  • Novi MyCity građanin
  • Pridružio: 24 Dec 2008
  • Poruke: 23
  • Gde živiš: Novi Sad

Postovani dr. Boro i ostali dr, NOD32 je pronašao variant of Win32/Kryptik.CV trojan, i win32/autorun.ABH worm piše da ih je izbrisao. u karantinu vidim datum i vreme i piše obrisano.
bez obzira na to laptop mi svako malo prvo "zaledi" otvoreni "prozor" a nekolko trenutaka kasnije ni strelica miša se više ne može pokrenuti. tada mi samo restart preostaje.posle prvog takvoga slučaja sam nekolika puta pokušao skenirati comp sa NOD-om. I tada kao i pre skeniranja u nekom trenu se sve "zaledi" na opisan nacin... od Noda nema učinka ni izveštaja, restart jedino preostaje... šta mi je činiti?
ps. instalirao sam potom Malwarebytes' Anti-Malware 1.31, koji pronašao još virusa i po izveštaju ih sve uklonio :

Malwarebytes' Anti-Malware 1.31
Verzija baze podataka: 1456
Windows 5.1.2600 Service Pack 2

21-Dec-08 16:42:36
mbam-log-2008-12-21 (16-42-36).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 50071
Proteklo vreme: 7 minute(s), 2 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 1
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 22
Inficirane fascikle: 9
Inficirane datoteke: 16

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kddhr.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.

Inficirane fascikle:
D:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044 (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Inficirane datoteke:
D:\WINDOWS\system32\kddhr.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
D:\Program Files\Instant Access\Center\NoCreditCard.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\DesktopIcons\NoCreditCard.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\instant access.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\drazen\Start Menu\NoCreditCard.lnk (Dialer) -> Quarantined and deleted successfully.
D:\Documents and Settings\drazen\DesktopKax5Eo_cfdg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-6B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-973.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

ali i posle ovoga situacija je ista, zaledjivanje svako malo, bilo da sam na netu ili da NOD-om krećem proverit situaciju. izveštaj iz NOD-a ne vidim a iz karantina ne umem kopirati. neće da nudi copy. pozdrav

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

24 Dec 2008 13:01 bobby Zaključavanje topica Razlog: Ovaj topic je dupliran  
Ko je trenutno na forumu
 

Ukupno su 955 korisnika na forumu :: 69 registrovanih, 13 sakrivenih i 873 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, airsuba, amaterSRB, Apok, aramis s, arsa, babaroga, Bane san, bigbear, bojank, CheefCoach, cikadeda, comi_pfc, crnitrn, Darko8, dejina811, Doca, dolinalima, Dr Brumble, draganca, dragon986, Dukelander, Dzoni70, goxin, Grana, havoc995, HDMI, Helket, Imperator41, ivan979, Jester, JOntra, Klecaviks, KlinkaPalacinka, kovinacc, ljuba, Malizian-50, Marko Marković, mercedesamg, milosrdni94, miodrag, Mirage 2000N, moldway, moonshine, Mr. Majevica, nebkv, nemkea71, nenad81, Oluj2.1, ozzy, pein, peruni, Recce, riva, rovac, ruseskij, segax1, shaja1, Sirius, Steeeefan, Tas011, Toni, VaRvArI 85, VJ, Vlada1389, vladancekicsrb, vlvl, zixmix, Zmaj001