Tikovnica na laptopu podivljala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

argus ::

Imas na flashu fajl AutoRun.exe

Uploaduj ga preko ovog linka mycity.rs/ambulanta-upload.php

Da li si nekada kreirao neki autorun meni na tom flashu

Jel mozes malo preciznije objasniti ovo sa ovim AutoRun fajlom?
Nije mi baš jasno na šta misliš i gdje...kakav flash?
Izvini ako sam dosadan..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi dosadan
Taj USB flash drive koji sad citimo (stick), je zarazen. na njemu imas fajl Autorun.exe, znaci njega treba da posaljes na upload da ga proverimo. Da li sam sada precizniji?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve jasno...
Napravljeno...

Taj Autorun.exe je od instalacije of Officea 2003 ...ta instalacija se nalazi na stiku

Inače nisam ja tu nikad radio nikakve autoran menije...






USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11.6.2010 12:11:31

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {dc2f4e56-5318-11df-b60e-806d6172696f}
C: {dc2f4e58-5318-11df-b60e-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for dc2f4e58-5318-11df-b60e-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for dc2f4e56-5318-11df-b60e-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
----------------------------------------
;kaXywQYUGXtWQZFKUXdQDHkQNRbBSDPSiPSEbXSHjSsHRheDBANUUfrhzfTbq
[AuTOrUn
;gCdsNMBXHmaPDIHjoyrtKEAWRaJgJX
open=atplvh.exe
;vmxyTrslRUpBRnzHTslyEOKUrmtEyrpNeVAeneAaePAmLJesAxdahUjikKFXtloLUmVtrHvvQMCPT
shell\open\Command=atplvh.exe
;WxNnztBuyvhFyoxIVtMVLoHcpcjEyurFZaYTkKzRmIMG
shell\open\Default=1
;45F27A231FB5BAE1D91A01280841BEDD8FF80F9CB727D2C7BFC81571
;FVoHMEJDZ
;fWrkrMqkPSQYYsMOdNPunZVwwMVCFIazyfEWrqLiCAXofGtMxcroQFJrPqvaOH
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 11.6.2010 12:12:42

Scanning for connected USB mass storage...
----------------------------------------
F: {c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
;QoVHakcXV
[AutoRun]
;qtcjyLhYZFtlmusfaCgjokHpWSBlRDvQsqFHnwaOZvSwgmwLR
open=dmfguh.exe
;ilDkltnhqfqxIUimPQDUEiWElmMbavvUCJQJlSWIgSaZaUh
shell\open\Command=dmfguh.exe
;oUehGCGQLlKDRcGChguMhEvPUMVTpLchhqiAonUJJnPcYqrtQhssyWftBzEjzRMXgwNO
shell\open\Default=1
;45F27A231FB5BAE1D91D005A0B3CBEA98F820F9CB727D2C7BFC81571
;JEWmfBZcLDRaUmZOUbsLFkPjsiVRaipoqsrPARoCvFaiNlVT
shell\explore\Command=dmfguh.exe
;AEKwSpyZciSbhsWaJRmWJeP
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for c6c07b2a-5c45-11df-b7f0-001a4b6afc58
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


Processing script
----------------------------------------
c6c07b2a-5c45-11df-b7f0-001a4b6afc58
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 14
f_delete: F:\dmfguh.exe > File does not exist!
f_delete:
file "F:\Extras.exe" deleted successfully
f_delete:
file "F:\OFFICE~1.EXE" deleted successfully
f_delete:
file "F:\OFFICE~2.EXE" deleted successfully
f_delete:
file "F:\OFFICE~3.EXE" deleted successfully
f_delete:
file "F:\OFFICE~4.EXE" deleted successfully
f_delete:
file "F:\OF9CB6~1.EXE" deleted successfully
f_delete: F:\FrontPage.exe > File does not exist!
f_delete: F:\Professional.exe > File does not exist!
f_delete: F:\Project.exe > File does not exist!
f_delete: F:\Visio.exe > File does not exist!
f_delete: F:\OneNote.exe > File does not exist!
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: F:\autorun.inf.blocked > Done!
----------------------------------------

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imas jos jedan fajl koji nismo uspeli da obrisemo. Ponovi jos jednom proceduru sa ovom skriptom i postavi mi log fajl.

{c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
f_delete: %DRIVE%dmfguh.exe
delete_blocked:

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga...

Inače samo da ti kažem, tipkovnica i danas radi normalno...





USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11.6.2010 15:27:41

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {dc2f4e56-5318-11df-b60e-806d6172696f}
C: {dc2f4e58-5318-11df-b60e-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for dc2f4e58-5318-11df-b60e-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for dc2f4e56-5318-11df-b60e-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
----------------------------------------
;kaXywQYUGXtWQZFKUXdQDHkQNRbBSDPSiPSEbXSHjSsHRheDBANUUfrhzfTbq
[AuTOrUn
;gCdsNMBXHmaPDIHjoyrtKEAWRaJgJX
open=atplvh.exe
;vmxyTrslRUpBRnzHTslyEOKUrmtEyrpNeVAeneAaePAmLJesAxdahUjikKFXtloLUmVtrHvvQMCPT
shell\open\Command=atplvh.exe
;WxNnztBuyvhFyoxIVtMVLoHcpcjEyurFZaYTkKzRmIMG
shell\open\Default=1
;45F27A231FB5BAE1D91A01280841BEDD8FF80F9CB727D2C7BFC81571
;FVoHMEJDZ
;fWrkrMqkPSQYYsMOdNPunZVwwMVCFIazyfEWrqLiCAXofGtMxcroQFJrPqvaOH
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 11.6.2010 15:27:59

Scanning for connected USB mass storage...
----------------------------------------
F: {c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for c6c07b2a-5c45-11df-b7f0-001a4b6afc58
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


Processing script
----------------------------------------

c6c07b2a-5c45-11df-b7f0-001a4b6afc58
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 2
f_delete: F:\dmfguh.exe > File does not exist!
----------------------------------------
Deleting blocked files:
----------------------------------------
None
----------------------------------------

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je stanje sada?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo baš sam isprobao tipkovnicu i radi u redu, bez ikakvih zastoja ili brkanja slova...da ne ureknem

Jel bi mi mogao malo pojasniti šta si to našao, kakva vrsta malicioznog softvera?Naravno, ako ti nije gnjavaža...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Inficirao si racunar preko sticka, worm je u pitanju. Da ti se to nebi desavalo ubuduce, preporucujem da instaliras ovaj softver http://amf.mycity.rs/programs/mc/mcshield/
Vise o njemu mozes procitati ovde http://www.mycity.rs/Antispyware-programi/MCShield.html

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Jun 2010 23:29

Druže, hvala ti na posvečenom vremenu za moj problem...
Puno si pomogao i olakšao mi život, usput sam ponešto i naučio...

Volio bi da ti mogu piće platiti u kafani, zaslužio si barem to...

Živio i zdrav bio!!!

Dopuna: 12 Jun 2010 21:39

Hej, još samo jedno pitanje. Jel na kraju onaj Autorun.exe file bio zaražen sa tim virusom?
Unaprijed hvala.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Autorun.exe - legitiman.