MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko brisanje ovog virusa

Pomoc oko brisanje ovog virusa

Napisano na dan: 21.8.2008
2

Pomoc oko brisanje ovog virusa
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Avg 2008 16:00
Idi na vrh
offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

15:42:32 2008-08-23
mbam-log-08-23-2008 (15-42-32).txt

Scan type: Quick Scan
Objects scanned: 40856
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Evo rezultata vidim nije mi nista naslo od virusa al izbrisao sam Avast prije instaliranja ovog programa imal to kakve veze a Avast mi je ih pronasao dok je bio ,jer nisam znao smijemli instalirat ovaj program pored avasta

Dopuna: 23 Avg 2008 15:59

Evo i OTScanIt

Dopuna: 23 Avg 2008 16:00

[Link mogu videti samo ulogovani korisnici]



Poslao: 23 Avg 2008 16:58
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Drivers to delete:
sysrest.sys

Files to delete:
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
c:\documents and settings\nedzad\local settings\temp\72372.exe
c:\documents and settings\nedzad\local settings\temp\wjeeoeqj.dll


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.



Poslao: 23 Avg 2008 17:34
Idi na vrh
offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Logfile of The Avenger Version 2.0, (c) by Swandog46
[Link mogu videti samo ulogovani korisnici]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\sysrest.sys" not found!
Deletion of driver "sysrest.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\sysrest.sys" not found!
Deletion of file "C:\WINDOWS\system32\sysrest.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\sysrest32.exe" not found!
Deletion of file "C:\WINDOWS\system32\sysrest32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\nedzad\local settings\temp\72372.exe" not found!
Deletion of file "c:\documents and settings\nedzad\local settings\temp\72372.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\nedzad\local settings\temp\wjeeoeqj.dll" not found!
Deletion of file "c:\documents and settings\nedzad\local settings\temp\wjeeoeqj.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Dopuna: 23 Avg 2008 17:34

Slucajno sam pronasao ove fajlove u lokaciji :C:\QooBox\Quarantine\C\WINDOWS\system32 a fajlovi : lphcl2dj0eebe.exe.vir i sysrest32.exe.vir mozda su ovo bili virusi jer se sjecam da ih je avast pronalazio s ovim imenom a ,sad kad sam ga instalirao i skenirao ova dva fajla nije nista u njima pronasao .Da li mi vi mozete reci kako odjednom nestase i i sta cu uraditi sa ova dva fajla ?

Poslao: 23 Avg 2008 17:43
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ne diraj nista u tom folderu, tu je backup svega sto ti dr_Bora kaze ovde da uradis (za slucaj da nesto krene naopako). Reci ce ti dr_Bora na kraju sta s tim fajlovima treba uraditi.

Poslao: 23 Avg 2008 18:11
Idi na vrh
offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Ok.Samo sam pitao , a ta dva fajla je prije avast pronalazio kao viruse pa zato pitam.Wink

Poslao: 23 Avg 2008 19:08
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pa, file-ovi su očigledno obrisani.


Jesi li instalirao antivirus ponovo? Postoji li sada neki problem?

Poslao: 23 Avg 2008 19:51
Idi na vrh
offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Jesam instalirao avast i sad ih ne pronalazi , i sta cu s ovim fajlovim u C:\QooBox\Quarantine\C\WINDOWS\system32 a fajlovi su :lphcl2dj0eebe.exe.vir i sysrest32.exe.vir. Hvala ti brate na strpljenju i pomoci neznam kako da ti zahvalim

Poslao: 23 Avg 2008 20:08
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Sledeći postupak će sve to da obriše:


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Poslao: 23 Avg 2008 20:44
Idi na vrh
offline
  • Pridružio: 25 Nov 2007
  • Poruke: 296

Izgleda da mi je dosao novi virus Smitfraud jer mi na pozadini desktopa pise da mi je comp zarazen spyware-vima.

Dopuna: 23 Avg 2008 20:36

a prije toga mi je doslo da instaliram antivirus windows xp

Dopuna: 23 Avg 2008 20:44

a na Avastu opis virusa kaze Win32 :Trojan-gen

Poslao: 23 Avg 2008 21:01
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zanimljivo...

Izvrši skeniranje programom MalwareBytes Anti-Malware i ukloni sve što bude pronađeno (detaljno uputstvo je dato ranije u temi).

Postavi ovde logfile odrađenog skeniranja i nakon svega i svež HijackThis logfile.

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc oko brisanje ovog virusa

Ko je trenutno na forumu
 

Ukupno su 1766 korisnika na forumu :: 232 registrovanih, 16 sakrivenih i 1518 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 252., 33 bren, 4. Ozrenska, A.R.Chafee.Jr., Abebe Bikila, advokat84, Ageofloneliness, Aleksandar Šljivar, Andrija 1993, Andrija357, ArchaBasha, Ares12356, Armadillo, ArmyBoss, AS, Aska, Asparagus, Asteker, Avalon015, babaroga, bambulic, Bbbggg1979, bbrasnjo3, Beardonitch, Belisarius, Bobrock1, Bojke549, Bombona, Bozjidar87, Boža pub, brkan1, brundo65, Burovnyak, cenejac111, cikadeda, CrazyDiablo, Crazzer, Czrweni, dankisha, darkdruid72, Darko8, Deki Duga Devetka, Denaya, DENIRO, Dimitrije Paunovic, Diplomac, dj.teodorovicreg, Djole3621, djonsule, djordje92sm, djurdjija, dnevnasoba, doktor1964, Dorcolac, Draganeli, draganl, dragoljub11987, Dragon Order, DuškoMraz, dzada, Dzoni2412, EXIT78, Feller, Fliper, gaga23, Gall, Gargantua, GeoM, Giskard, gobrad, goflja76, GreenMan, GveX, halkin gol, Hans Gajger, Hemi, HogarStrashni, HrcAk47, hyla, ikan, ISOF, istina, ivan979, IvanMiletic, Ivica1102, Jager715510, Jaksa loznica, Jeremiah, Jomini, Kajzer_Soze, Kalu128338, kolle.the.kid, Koridor, Kozi-RS, Krin, krkalon, Kruger, Krusarac, Lazarus, leopard83, Leteća Krofna, LG, LjubisaR, loon123, Lotus, m0nstrum_, macak44, MaCS, MadMike, Magarac, maksi007, mane123, marewfc, Marko Marković, marko.markovic, MaRtInsrbija1993, MaschinenPistole, matejman, mean_machine, medaTT, metallac777, Mickey91, mikelija, Miki 24pbr, Miki01, miki69, milimoj, Milos ZA, Milos1389, milutin134, mir juzni, Mitraljeta, Miškić, mm1811, mmelezovic, moldway, mushroom, Naum T, nebidrag, Neutral-M, neutrino, nikolabb, nisamBot, novator, oblivion, Ognjen D., omen, orfanel, Panter, Parker, Petar888, Phaeton, Pilence, pirke96, Player035, pobeda, Polifon, prikolica, Primus17, PrincipL, probisic, procesor, proka89, promajauglavi, Promising0, PuškeiPlavuše, pzoca, rambod, Ray1973, read-only, Rebel Frank, Resad76, Ripanjac, RJ, RS28, S.Palestinac, S94, sap, sasa87, savuni, sekretar, Snorks, Solunac na steroidima, Sonic, spektorsky, srecko81, Stanoje-glavas, svnedelja, synergia, Szigetwar, Tandrkalo, tecataki, Tila Painen, Titan, tm, tomo2, Topaz9, trademark1982, TRZH92, urosbg, Utd4ce, vaci, Vaske8990, vathra, Vatreni Zmaj, Veless, Velizar Laro, veljkovicdani, vensla, vespa nikola, Vica1958, vija, vlad4, Vlada1389, vladaa012, Vlado82, Voice1, Vojvoda81, Wepp, wizzardone, wolverined4, Wrangler, xAlex2, zeka013, zemljanin, zil10, zivojin32, ZlatniRez, zlaya011, Žrnov, šumar bk2, 1324