Kako se rešiti: W32.Myzor.FK@yf?

1

Kako se rešiti: W32.Myzor.FK@yf?

offline
  • Pridružio: 09 Nov 2006
  • Poruke: 10

kako da se rešim ovoga?
Pokusao sam sa Nortonom, Spy sveeper-om, Spybot-Search & destroy...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini sto si cekao, bio sam odsutan.
Ukoliko jos nisi resio problem, kazi mi sledece:
1. Sta kaze Norton kada mu zadas da otkloni napast?
2. Postavi mi log programa HijackThis. Imas link ka uputstvu u izdvojenoj temi u ovom forumu.

offline
  • Pridružio: 09 Nov 2006
  • Poruke: 10

Pozdrav!!!!!
Nisam jos uspeo da resim problem :-(
Evo ovako Norton ne prijavljuje nista......
Ali kad pokrenem IE izbacuje stranicu da je racunar zarazen sa tim virusom i daje reklame za Malware wipe i ostale programe...

Logfile of HijackThis v1.99.1
Scan saved at 11:51:19, on 16.11.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINNT\system32\ctfmon.exe
c:\Program Files\PestPatrol\CookiePatrol.exe
c:\Program Files\PestPatrol\PPMemCheck.exe
c:\Program Files\PestPatrol\PPControl.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\smosorinski\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = posta/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = posta
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyns.jp.ptt.rs:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\iVideoCodec\isaddon.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\iVideoCodec\iesplugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {36F861A8-AB06-45DD-88FC-7999A9E871D9} (ActiveXPregledi Control) - kgweb:88/aplikacije/statistika/ptt/Nis/ActiveXPreglediProj.cab
O16 - DPF: {53DA550E-0721-4BF7-99CB-7D70F6C95C29} (AXStatistikaUnos Control) - kgweb:88/aplikacije/statistika/ptt/Nis/AXStatistikaUnosProj.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ns.zig.nsinfo.rs/ActiveX/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....1899610234
O16 - DPF: {6677D8CF-3D8C-4C40-8C04-9DFFA9E921DF} (PoslovniPartnerActiveFormX Control) - icas4/poslovnipartner/CAB/PoslovniPartnerPR.cab
O16 - DPF: {796D631F-49EE-4181-A29C-F43C385C6EEF} (RacunariNewActiveFormX Control) - as3/racunari/Cab/RacunariNewProjectClient.cab
O16 - DPF: {7F65EAAF-BD16-4E77-8DA5-F0FEE2940649} (IzvPosteActiveFormX Control) - as3/poste/ocx/IzvPosteProject.cab
O16 - DPF: {8A07A6B7-CA41-4C44-A783-CB3BA5F25B15} (ActiveFormsmsproba Control) - nsit:88/smsserver/ActiveFormsmsprobaProj1.cab
O16 - DPF: {A10984E5-9941-4B8F-BEDC-211BD56BE9A9} (UgovoriActiveFormX Control) - icas4/ugovorisakupcima/Cab/UgovoriProjectClient.cab
O16 - DPF: {A50EF118-1DBC-46B9-A5E7-80651F089718} (Prihod_Izvestaji Control) - kgweb:88/Aplikacije/prihod/izvestaji/Prihod_IzvestajiProj.cab
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {BE94DC63-2EB0-4E85-8565-8106A68DAC70} (PodaciORadnikuActiveFormX Control) - icas3/podacioradniku/CAB/PodaciORadnikuProject.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E3DEEC47-14E1-4FAC-B344-72B80C86AF5F} (Izvestaji Control) - kgweb:88/aplikacije/statistika/ptt/izvestaji/IzvestajiProj1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jp.ptt.rs
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5751995-247E-47D0-B187-E1EBC2890096}: NameServer = 10.26.3.12,10.200.5.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jp.ptt.rs
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jp.ptt.rs
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

U pitanju je Zlob trojanac.
Probaj da problem uklonis koriscenjem AVG Antispyware (bivsi Ewido):
http://www.ewido.net/en/download/

Skini taj program, proskeniraj i nakon ciscenja koje taj program bude obavio, postavi svez HijackThis log.
Pre nego sto napravis sledeci log, promeni ime programa iz HijackThis.exe u recimo H2.exe, pa tek onda napravi log. Ime foldera u kome se program nalazi takodje promeni da ne asocira na HijackThis.

offline
  • Pridružio: 09 Nov 2006
  • Poruke: 10

Uspeo sam da resim problem....... :-)
HVALA PUNO!!!!!!!

offline
  • Dusan  Male
  • SuperModerator
  • Supermoderator opštih foruma
  • Pridružio: 26 Jul 2006
  • Poruke: 11118

@DraganZR

bilo bi lepo, kad si već ovde tražio pomoć, da nam napišeš kako je problem rešen, jer će to još nekom pomoći da reši isti ili sličan problem...

offline
  • Pridružio: 09 Nov 2006
  • Poruke: 10

Ej, IZVINI!!!!!!!
Skroz sam zaboravio na to......
Pa, postupio sam po uputstvu koje mi je dao bobby......znaci:

U pitanju je bio Zlob trojanac
Problem sam resio koriscenjem AVG Antispyware (bivsi Ewido):
ewido.net/en/download/


Skinuo sam taj program, proskenirao racunar i nakon ciscenja koje taj program obavio, postavio sam svez HijackThis log.
Pre nego sto sam napravio sledeci log, promenio sam ime programa iz HijackThis.exe u H2.exe (ili moze i bilo koje drugo ime), pa tek onda napravio log. Ime foldera u kome se program nalazi takodje sam promenio da ne asocira na HijackThis.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Da sumiramo:
- infekciju si navukao laznim codecima za video reprodukciju
- nisi nam postavio ovde log HJT-a nakon ciscenja, da se uverimo da je sada sve OK

offline
  • Pridružio: 09 Nov 2006
  • Poruke: 10

Logfile of HijackThis v1.99.1
Scan saved at 12:24:18, on 20.11.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MapInfo\Professional\Mapinfow.exe
C:\IT\ITClient\Teritorija\TeritorijaEXEPrClient.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\install\hi2\Hi2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = posta/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = posta
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyns.jp.ptt.rs:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {36F861A8-AB06-45DD-88FC-7999A9E871D9} (ActiveXPregledi Control) - kgweb:88/aplikacije/statistika/ptt/Nis/ActiveXPreglediProj.cab
O16 - DPF: {53DA550E-0721-4BF7-99CB-7D70F6C95C29} (AXStatistikaUnos Control) - kgweb:88/aplikacije/statistika/ptt/Nis/AXStatistikaUnosProj.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - ns.zig.nsinfo.rs/ActiveX/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....1899610234
O16 - DPF: {6677D8CF-3D8C-4C40-8C04-9DFFA9E921DF} (PoslovniPartnerActiveFormX Control) - icas4/poslovnipartner/CAB/PoslovniPartnerPR.cab
O16 - DPF: {796D631F-49EE-4181-A29C-F43C385C6EEF} (RacunariNewActiveFormX Control) - as3/racunari/Cab/RacunariNewProjectClient.cab
O16 - DPF: {7F65EAAF-BD16-4E77-8DA5-F0FEE2940649} (IzvPosteActiveFormX Control) - as3/poste/ocx/IzvPosteProject.cab
O16 - DPF: {8A07A6B7-CA41-4C44-A783-CB3BA5F25B15} (ActiveFormsmsproba Control) - nsit:88/smsserver/ActiveFormsmsprobaProj1.cab
O16 - DPF: {A10984E5-9941-4B8F-BEDC-211BD56BE9A9} (UgovoriActiveFormX Control) - icas4/ugovorisakupcima/Cab/UgovoriProjectClient.cab
O16 - DPF: {A50EF118-1DBC-46B9-A5E7-80651F089718} (Prihod_Izvestaji Control) - kgweb:88/Aplikacije/prihod/izvestaji/Prihod_IzvestajiProj.cab
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {BE94DC63-2EB0-4E85-8565-8106A68DAC70} (PodaciORadnikuActiveFormX Control) - icas3/podacioradniku/CAB/PodaciORadnikuProject.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E3DEEC47-14E1-4FAC-B344-72B80C86AF5F} (Izvestaji Control) - kgweb:88/aplikacije/statistika/ptt/izvestaji/IzvestajiProj1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jp.ptt.rs
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5751995-247E-47D0-B187-E1EBC2890096}: NameServer = 10.26.3.12,10.200.5.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jp.ptt.rs
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jp.ptt.rs
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ostaje nam samo jedna stvar koju treba da proverimo.
Potrazi kod tebe na disku fajl mobsync.exe (moze se desiti da ima i vise primeraka).
Legitimni mobsync.exe sluzi za sinhronizovanje offline stranica, ukoliko koristis tu opciju u Internet Exploreru.
Nazalost, isto ime fajla koristi i jedan bot.
Da bi smo se uverili da je tvoj sistem cist, svaku kopiju fajla mobsync.exe proveri na sledecem sajtu:
http://www.virustotal.com/en/indexf.html

U gornjem delu sajta ces videti dugme Browse - klikni na njega.
Sa svog sistema odaberi fajl mobsync.exe.
Klikni na dugme send koje se nalazi desno od dugmeta browse.
Sacekaj da se fajl uploaduje, i nakon toga sacekaj rezultate.
U zavisnosti od opterecenja ovog sajta, skeniranje moze da potraje od 2-3 minuta pa navise.
Nakon skeniranja, pojavljuje se tabela sa rezultatima.
Ukoliko je bilo koji od rezultata obelezen crvenom bojom, zamolio bih te da iskopiras tabelu ovde, i da zapamtis koji si primerak fajla mobsync.exe skenirao (ukoliko ih ima vise).

Ko je trenutno na forumu
 

Ukupno su 428 korisnika na forumu :: 14 registrovanih, 1 sakriven i 413 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ArmyBoss, celik, cezar 35, Djole, DucicM, Duh sa sekirom, Duško, kovinacc, mihajlot2013, milan47, Toni, vathra, voja64, W123