Promjena ekstenzije na USB sticku (shortcut umjesto folder)

Promjena ekstenzije na USB sticku (shortcut umjesto folder)

offline
  • ljekar
  • Pridružio: 08 Jul 2012
  • Poruke: 18
  • Gde živiš: Sarajevo

Dakle neki od virusa (nadjeno ih sinoc vise tokom skeniranja) mi je promjenio sve direktorije na USB u shortcut file-ove.

Interesuje me da li ima sanse da pristupim podacima u njima?
Isao sam opcijom show hidden folders, ne vidi ih PC nikako, samo ove shortcute od 2kb.

Antivirus je AVG, koji sam jucer skenirao, pobrisao je viruse ali ne sjecam se koji su bili.

Sada imam brontok A.10 worm i upravo sam skinuo neku verziju celanbrontok 2.0 iako mi on nece sigurno vratiti ekstenzije fajlova. Takodje mi prijavljuje win32Criptor worm.



Hvala!!

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6074

Pozdrav,
Isprati ovo uputstvo:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Postavi izvestaje u ovisnosti koji operativni sistem koristis ( 32bit sistem ili 64bit sistem ) i neko od clanova AMF tima ce iste i pregledati.

offline
  • ljekar
  • Pridružio: 08 Jul 2012
  • Poruke: 18
  • Gde živiš: Sarajevo

Napisano: 21 Jul 2012 9:28

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by User at 9:21:12 on 2012-07-21
.
============== Running Processes ===============
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FIT\BIS\HIS.UI.Windows.Starter.exe
C:\Program Files\SPSSInc\SPSS16\spss.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ba/
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\asOutExt.dll"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: Interfaces\{D7EDD4C8-C347-4CB4-B696-E29A83444DC8} : NameServer = 195.222.32.10,195.222.32.20
TCP: Interfaces\{D94DAAAA-689F-4A33-A132-DB02A9720E15} : DhcpNameServer = 217.75.192.10 217.75.192.11
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\k7kqm4e8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? MozillaMaintenance;Mozilla Maintenance Service
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
.
=============== Created Last 30 ================
.
2012-07-08 16:26:27 -------- d-----w- c:\documents and settings\user\.spss
2012-07-08 16:21:24 -------- d-----w- c:\documents and settings\all users\application data\SafeNet Sentinel
2012-07-08 16:20:06 -------- d-----w- c:\program files\common files\SPSS
2012-07-08 16:20:06 -------- d-----w- c:\documents and settings\all users\application data\SPSS
2012-07-08 16:20:04 -------- d-----w- c:\program files\SPSSInc
2012-07-05 23:45:36 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-05 23:45:36 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-08 16:19:55 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-07-08 13:13:29 73 ----a-w- c:\windows\system32\ssprs.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-09 08:28:12 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-06-09 08:28:12 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-06-09 08:28:12 1025 ----a-w- c:\windows\system32\clauth1.dll
.
============= FINISH: 9:25:37,28 ===============





mycity.rs/must-login.png

Dopuna: 21 Jul 2012 9:33

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 21 Jul 2012 9:55

PROBLEM RIJESEN!!
Hvala svima koji su se trudili da pomognu, na kraju je youtube sve rijesio. Ako smijem postati link??
Pa da i ja budem od koristi nekome:

smadav.net/

Download i scan, za 1min USB je vracen u prvobitno stanje.

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5397
  • Gde živiš: Beograd

Arrow Logovi su čisti, na računaru nemaš malware-a.



Arrow Koristiš staru verziju Avasta (Avast 5), predlažem ti da instaliraš noviju.



Arrow Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Ivance95 (AMF Tim)

offline
  • ljekar
  • Pridružio: 08 Jul 2012
  • Poruke: 18
  • Gde živiš: Sarajevo

hvala vam svima na odgovorima!

nazalost na poslu je oko 20 racunara, svaki ima poseban antivirus, i svuda ima problema. trebala bi mi godina da napisem sve probleme ali cu se potruditi da "sredim" bar ova 3-4 na kojima radim i da probleme identifikujem i pojasnim kako je i predvidjeno pravilima Ambulante.

izvinjenje ako je bilo proceduralnih gresaka pri stavljanju posta i problema, drugi put ce ici step-by-step!

LP

Ko je trenutno na forumu
 

Ukupno su 473 korisnika na forumu :: 15 registrovanih, 2 sakrivenih i 456 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 5.56, A.R.Chafee.Jr., djurdjija, galijot, ikan, LUDI, pacika, samsung2, shaja1, sremac, Trpe Grozni, V.P., W123, zlaya011, zveki63