Problem: SHeur2

2

Problem: SHeur2

offline
  • Pridružio: 11 Jan 2010
  • Poruke: 10

Postoji problem, folder SLATKO, ne moze da se izbrise. Sad

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Postoji jos jedan problem... Ti iskljucujes Fotoaparat pre nego sto se skripta izvrsi


Znaci

4db7e3a6-ba8a-11de-a095-001485dee0db}
delete_blocked:
f_delete:%DRIVE%SLATKO\torta.exe
folder_list:%DRIVE%


pa pritisnes Script.... i ne vadis fotoaparat dok mi ne kopiras ovde log...Nemoj se brinuti... Ne mozes se vise zaraziti drzanjem fotoaparata prikljucenog za komp.

offline
  • Pridružio: 11 Jan 2010
  • Poruke: 10

E, dakle, tu je problem. On se iskljucivao sam, nesto je bilo do kontakta. Mislim da sam sad uspela da sredim. Izvinjavam se na kasnijem odgovoru.

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 1/12/2010 11:15:00 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {177a200d-fdee-11dd-a8fc-806d6172696f}
C: {177a200f-fdee-11dd-a8fc-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 1/12/2010 11:15:34 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {4db7e3a6-ba8a-11de-a095-001485dee0db}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ
[autorun
;kÜE?ñ<ýI,ýµ%ì\?
;ø???Ø$?Þm$??r?ù?Ê??^?|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås
open=SLATKO/torta.exe
;ñ?v?$Vt?úý
;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst?
icon=%SystemRoot%\system32\SHELL32.dll,4
;QåRta??v?:ñts+/ÒÊ?ñ?µ
action=Open folder to view files using Windows Explorer
;?åÚ?r?Â?Äú?dM
shell\\open\\command=SLATKO/torta.exe
;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W??
shell\\explore\\command=SLATKO/torta.exe
;ÀìmJdO?dm?ðñ????
useautoplay=1
;ø???Ø$?Þm$??r?=K.??<nà÷
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db
----------------------------------------

----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive F:
========================================


Processing script
----------------------------------------
4db7e3a6-ba8a-11de-a095-001485dee0db
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
dra-- F:\SLATKO > unhidden
--a-- F:\SLATKO\Desktop.ini > unhidden
-ra-- F:\SLATKO\torta.exe > unhidden
f_delete:
delete file error: F:\SLATKO/torta.exe, The filename, directory name, or volume label syntax is incorrect.
----------------------------------------
Folder list for F:\:
----------------------------------------

d----   0   F:\DCIM   F:\DCIM
dra--   0   F:\SLATKO   F:\SLATKO
--a--   667   F:\AUTORU~1.BLO   F:\autorun.inf.blocked

----------------------------------------

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Unela si pogresnu skriptu... ne ponavljam skripte ja bezveze

kopiraj ovu

4db7e3a6-ba8a-11de-a095-001485dee0db}
delete_blocked:
f_delete:%DRIVE%SLATKO\torta.exe
folder_list:%DRIVE%

offline
  • Pridružio: 11 Jan 2010
  • Poruke: 10

Da li treba ovoliko da trake procesuiranje skripte koju sam konacno ispravno unela? Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Koliko dugo... Tebi je sada racunar cist... Problem je samo taj jedan folder na fotoaparatu... U sustini i taj malware onesposobljen od samostalnog pokretanja pri ubacivanju fotoaparata u komp..problem je samo da neko ne otvori taj folder i ne pokrene maliciozni fajl...Zato ovo ovoliko dugo traje... pa jel zavrsilo...ima li kakvog loga?

offline
  • Pridružio: 11 Jan 2010
  • Poruke: 10

Sve vreme (skoro jedan sat), pise "processing script", no, obrisala sam "SLATKO" na fotoaparatu.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok ..to bi bilo to... Izvini sto je ovoliko trajalo... Malo dosadnija verzija usb crva..

offline
  • Pridružio: 11 Jan 2010
  • Poruke: 10

Ja se tebi izvinjavam na nemarnosti. Veliko hvala za ovoliki trud!

Ko je trenutno na forumu
 

Ukupno su 797 korisnika na forumu :: 10 registrovanih, 4 sakrivenih i 783 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bobrock1, cikadeda, DPera, dragoljub11987, HrcAk47, Karla, Kenanjoz, Krvava Devetka, nemkea71, zlaya011