Recycler virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Microsoft folder je bio prazan i uspeo sam ga obrisati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Reci mi, kakvo je sada stanje racunara?


Korak 1

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{6c68e86a-3886-11de-9665-0013d3f02825}
folder_list:%DRIVE%
no_sh:

- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.




goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Firefoxu i jos nekim programima Kaspersky je obrisao odredjene delove tako da su postali neupotrebljivi. Instalirao sam ponovo firefox i sada radi. IE je skroz nestao. Audio programi rade kao i Nero, jedino sto primecujem da je odziv programa mozda malo sporiji (da li zbog AV programa). Da li trebam pregledati nesto konkretno?


USBNoRisk 2.6 (08 September 2010) by bobby

Started at 11/24/2010 8:57:13 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {aa90afc3-388f-11de-97c2-806d6172696f}
D: {aa90afc4-388f-11de-97c2-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for aa90afc3-388f-11de-97c2-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for aa90afc4-388f-11de-97c2-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11/24/2010 8:57:27 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {6c68e86a-3886-11de-9665-0013d3f02825}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
No mountpoint found for 6c68e86a-3886-11de-9665-0013d3f02825
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


Processing script
----------------------------------------
6c68e86a-3886-11de-9665-0013d3f02825
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 2
----------------------------------------
Folder list for F:\:
----------------------------------------

dra--   0   F:\RECYCLER   F:\RECYCLER

----------------------------------------
Unhide superhidden for F:\
----------------------------------------
----------------------------------------

• 1Ovo se svidja korisniku: diarno
  
  Registruj se da bi pohvalio/la poruku!

Tvoj operativni sistem je "preziveo" otklanjanje komplikovane infekcije (file-infector) (vrsta iz porodice Ramnit-a)

Obicno je najsigurniji nacin uklanjanja ovakve infekcije reinstaliranje OS-a (format C + momentalno instaliranje AV-a nakon toga i skeniranje preostalih particija) ili skeniranje hard diska nekim azuriranim AV-om (koji ima ovu infekciju u definicijama) na drugom racunaru, mada i tada OS moze biti ostecen.

Takav rad OS-a nije cudan, nakon ovakve dezinfekcije, s'obzirom da su najverovatnije neki sistemski fajlovi osteceni. Ukoliko neki programi ne rade, jednostavno ih reinstaliraj (deinstaliras pa ponovo instaliras).




Sto se tice tvog USB memorijskog uredjaja ...

- Ukljuci prikaz skrivenih foldera i fajlova: [Link mogu videti samo ulogovani korisnici]

- Obrisi folder pod imenom:

RECYCLER

Tvoj USB memorijski uredjaj je sada cist.



--------------------------------------
Korak 1

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.




Korak 2

Potrebno je da resetujes (iskljucis pa ponovo ukljucis) System Restore.
Isprati uputstvo sa sledeceg link-a: [Link mogu videti samo ulogovani korisnici]




---------------------------------------


Programe koje smo koristili mozes izbrisati sa racunara (pozeljno je da ostavis MCShield) a Kaspersky Virus Removal Tool 2010 mozes slobodno deinstalirati.




Ukoliko imas problema u radu operativnog sistema, preporucujem ti da otvoris temu u Windows potforumu i potrazis resenje: [Link mogu videti samo ulogovani korisnici]





Hvala sto verujes AMF Timu



Pozdrav,
goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prikljucio sam usb stick i vec su mi bili omoguceni u folder view-u prikaz skrivenih fajlova i foldera. Nema znaka recycler folderu sto je predpostavljam dobro i da ga vise nema?

Uradio sam system restore i deinstalaciju Combofix-a.

Gorane tebi i tvojim kolegama zahvaljujem na ovakvoj velikoj predusretljivosti i pomoci, hvala!

Hermann G.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trebalo bi da je folder tu. Ponovi jos jednom sledeci korak ...


Link koji sam ti vec dao: [Link mogu videti samo ulogovani korisnici]
Citat:Windows XP

1. Klikni Start taster (u levom donjem uglu).
2. Izaberi My Computer.
3. Selektuj Tools meni i klikni na Folder Options.
4. Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders.
5. Skini kvačicu sa Hide file extensions for known types.
6. Skini kvačicu sa Hide protected operating system files (recommended).
7. Klikni YES.
8. Klikni OK.

Sada proveri da li na USB mem. uredjaju postoji folder RECYCLER. Ukoliko postoji, obrisi ga.



-------------------------------

Nema na cemu



Pozdrav,
goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iz nekog razloga na racunaru koji je imao virus uopste se ne vidi recycler folder, pa sam ga prikljucio na drugi racunar gde ga je prepoznao MCShield je odreagovao kao i Avast. Cinilo mi se da sam uspeo da izbrisem recycler folder, medjutim on se odmah nanovo pojavio! Ovo su logovi>

11/25/2010 4:56:04 PM > Scanning drive G: (KINGSTON ~4 GB, FAT32 flash drive )...


>>> G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini - Malware > Deleted. (10.11.25. 16.56 Desktop.ini.792959; MD5: 7457a5df1ff47c957acf1fa000d7d9ad)

> G:\RECYCLER
> G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

>>> G:\recycler - Malware.Folder > Deleted. (10.11.25. 16.56 recycler.638423)


=> Malicious files : 1/1 deleted.
=> Malicious folders : 1/1 deleted.
--------------------------------------------------------------------------
avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Thursday, November 25, 2010 12:43:29 PM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Thursday, November 25, 2010 4:22:47 PM
*

11/25/2010 4:23:21 PM C:\Documents and Settings\Hermann\Application Data\MCShield\Quarantine\10.11.25. 16.23 S-1-5-21-1482476501-1644491937-682003330-1013.925060\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
File was successfully moved to chest...
11/25/2010 4:26:29 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
11/25/2010 4:26:31 PM G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
While moving file to chest, error occurred: The system cannot find the file specified
During the file delete, error occurred: The system cannot find the file specified
File was successfully moved to chest...
11/25/2010 4:26:32 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
File was successfully moved to chest...
11/25/2010 4:26:43 PM G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
File was successfully moved to chest...
11/25/2010 4:26:43 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
File was successfully moved to chest...
11/25/2010 4:26:53 PM G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
File was successfully moved to chest...
11/25/2010 4:26:53 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
File was successfully moved to chest...
11/25/2010 4:27:03 PM G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
File was successfully moved to chest...
11/25/2010 4:27:03 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
File was successfully moved to chest...
11/25/2010 4:27:14 PM G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
File was successfully moved to chest...
11/25/2010 4:27:14 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
File was successfully moved to chest...
11/25/2010 4:27:24 PM G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe [L] Win32:Agent-AABV [Trj] (0)
File was successfully moved to chest...
11/25/2010 4:27:24 PM G:\autorun.inf [L] BV:AutoRun-G [Wrm] (0)
File was successfully moved to chest...

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Prelazimo na taj drugi racunar ...

Za pocetak postavi potrebne log-ove (Uputstvo).




goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 25 Nov 2010 22:59

Ok krecemo u novu akciju.

Znaci da ponovim info iz poruke tebi, ovaj drugi racunar je bio bez zastite, tek sam danas instalirao MCShield i Avast. Kada sam konektovao usb stick MCShield je prepoznao i obrisao recycler folder dok se Avast non-stop oglasivao sa prepoznatim pretnjama. Recycler folder se ponovo pojavio na sticku, potom sam ga izbrisao, ali se on ponovo pojavio dok se avast non-stop oglasavao.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Hermann at 19:34:40.34 on Thu 11/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1161 [GMT 1:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\OpenDrive\OpenDrive_Tray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hermann\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\MAFWTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [OpenDrive Tray] c:\program files\opendrive\OpenDrive_Tray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bancaintesabeograd.com\online
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: Antiwpa - antiwpa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hermann\applic~1\mozilla\firefox\profiles\wg8xgtio.default\
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-25 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-25 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-25 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-25 40384]
S3 BCMIDI;BCMIDI;c:\windows\system32\drivers\bcmidi2.sys [2010-2-9 22432]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\drivers\mafw.sys [2010-1-18 192392]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2010-5-18 23288]

=============== Created Last 30 ================

2010-11-25 11:42:03 -------- d-----w- c:\docume~1\hermann\locals~1\applic~1\Google
2010-11-25 11:41:43 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 11:41:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-25 10:37:03 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-25 10:37:03 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-25 10:36:25 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-25 10:35:49 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-25 10:35:49 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-25 10:35:49 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-25 10:35:49 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-25 10:35:39 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-25 10:35:39 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-25 10:35:39 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-25 10:35:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-25 10:35:38 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-25 10:35:38 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-25 10:35:34 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-25 10:29:15 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-11-25 10:29:01 -------- d-----w- c:\windows\system32\PreInstall
2010-11-25 10:28:59 -------- d--h--w- c:\windows\$hf_mig$
2010-11-25 10:26:38 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-25 10:26:37 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-25 10:26:37 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-25 10:26:37 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-25 10:26:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-25 10:07:32 -------- d-----w- c:\program files\MCShield
2010-11-25 10:07:32 -------- d-----w- c:\docume~1\hermann\applic~1\MCShield
2010-11-12 15:27:57 -------- d-----w- c:\docume~1\hermann\locals~1\applic~1\xrecode2
2010-11-12 15:27:54 -------- d-----w- c:\program files\xrecode II
2010-11-12 11:43:47 -------- d-sh--w- c:\documents and settings\hermann\IECompatCache
2010-11-12 11:40:45 -------- d-----w- c:\docume~1\hermann\applic~1\AskToolbar
2010-11-12 11:40:33 -------- d-----w- c:\docume~1\hermann\locals~1\applic~1\AskToolbar
2010-11-10 21:29:30 -------- d-----w- c:\docume~1\hermann\locals~1\applic~1\Temp
2010-11-10 21:28:49 -------- d-----w- c:\docume~1\hermann\locals~1\applic~1\OpenDrive
2010-11-10 21:22:38 -------- d-----w- c:\program files\OpenDrive

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-28 18:02:14 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-08-28 18:02:13 406528 ----a-w- c:\windows\system32\ReWire.dll

============= FINISH: 19:35:17.26 ===============


[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Dopuna: 25 Nov 2010 23:03

Sada kada sam zavrsio sa skeniranjem ponovo sam ukljucio MCShiled i avast i prepoznali su opet uljeza. MCShield je izbacio sledecu poruku

11/25/2010 11:01:05 PM > Scanning drive C: (no label ~49 GB, NTFS HDD )...


> C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
> C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (MD5: 49a0b72713b9fbb618b3f9402b41b7d8-)

>>> C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Malware.Folder > Deletion failed.


=> Malicious folders : 0/1 deleted.



11/25/2010 11:01:07 PM > Scanning drive D: (no label ~63 GB, NTFS HDD )...



=> The drive seems clean.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1
Izvadi USB memorijski uredjaj pre ovog koraka ...

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Folders to delete:
c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}

Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.





Korak 2

- Nakon restarta racunara, prikljuci USB memorijski uredjaj i sacekaj da MCShield izvrsi skeniranje;
- Kada skeniranje bude zavrseno, Start -> All Programs -> MCShield -> Logs -> Last scan;
- Sadrzaj log-a koji ti se bude otvorio u Notepad-u prekopiraj mi u sledecoj poruci (pozeljno je da iskoristis opciju Prikaci fajl).



--------------------------------------------


Ukoliko ne koristis Ask Toolbar, preporucujem ti da ga deinstaliras.





goran9888 (AMF Tim)