Usb flash problem autorun.inf

1

Usb flash problem autorun.inf

offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

Napisano: 25 Jan 2010 17:17

Na flashu mi je bio vidljiv autorun.inf ,posle instaliranja i skeniranja programom usb drive antivirus 2.3 on je sklonio autorun.inf kao hidden,i kad god ga skenira on nalazi infekciju threads,medjutim kada otvorim free commanderom flash on mi pored autorun.inf prikazuje driver folder pa u njemu ikonicu recycle bin-a i u njoj jos neki fajl –¼‡‘Š•†‘Í€ŒŽ i desktop.ini ,kada ga ocisti ovako izgleda

Scan completed successfully
C:\ no threat found
D:\ no threat found
G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ cleaned
G:\Autorun.inf cleaned
G:\ cleaned completed.

symantec i super antyspyware ne nalaze nista. Nisam siguran da li je infekcija sada ,pre je bila jer mi je kada sam nakacio n96 mass memory bio pretvoren u exe ,svaki folder pa sam formatirao mob. ali to je druga prica,.... da li je neka infekcija i kako da je uklonim,sve sam pokusao uradi mi format normalno kada restartujem komp ali mi i dalje u hidden kada otvaram free commanderom stoje ti fajlovi

kapacitet je 7.44gb ,ti fajlovi zauzimaju 140kb ,da li je to normalno


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 25 Jan 2010 17:21

e jbg. tek sada videh da je upustvo izmenjeno...sorry

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uploaduj C:\WINDOWS\rndll.exe

Preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

ja mislim da sam oslepeo,ne vidim ga nigde





ili iz win32 rndll.exe

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Arrow Izvadi sve memorijske usb uredjaje.


Arrow Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:

:processes
C:\WINDOWS\rndll.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Firevall Administrating"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Taskman"=-

:files
C:\WINDOWS\rndll.exe
c:\windows\system32\Npad.exe
c:\documents and settings\ratko\application data\uyugq.exe
C:\123ds.exe

:commands
[emptytemp]


Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

All processes killed
Error: Unable to interpret <processes> in the current context!
Error: Unable to interpret <C:\WINDOWS\rndll.exe> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Firevall Administrating not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\npad_ql deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Taskman not found.
========== FILES ==========
File/Folder C:\WINDOWS\rndll.exe not found.
c:\windows\system32\Npad.exe moved successfully.
File/Folder c:\documents and settings\ratko\application data\uyugq.exe not found.
File/Folder C:\123ds.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Ratko
->Temp folder emptied: 17944616 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2765919 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 3348 bytes

Total Files Cleaned = 22.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01252010_193335

Files moved on Reboot...

Registry entries deleted on Reboot...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Napisano: 25 Jan 2010 20:00

Pusti ponovo DDS i postavi DDS.txt file


Zatim, preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Dopuna: 25 Jan 2010 20:01

Pusti ponovo DDS i postavi DDS.txt file


Zatim, preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

Napisano: 25 Jan 2010 20:23

e skrljo mi se sistem bio ,sve sam podigao ponovo,formatirao sam sve i podigao novi sistem,dakle sad ostaje samo taj usb za proveru samo njega imam nista drugo

Dopuna: 25 Jan 2010 20:53

uh napokon sam ga ocistio,sad je kao suza ,hvala puno diarno

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

A log od usbnorisk-a.?

offline
  • Blue  Male
  • Elitni građanin
  • Pridružio: 06 Avg 2003
  • Poruke: 2214

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 1/25/2010 9:48:29 PM

Searching for connected USB Mass storage...
----------------------------------------
G: {6c39f9a2-09df-11df-91ff-806d6172696f}
========================================

Searching for other storage...
----------------------------------------
D: {6c39f9a4-09df-11df-91ff-806d6172696f}
C: {6c39f9a6-09df-11df-91ff-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on G:
No Autorun.inf files found on G:
Sanitized mountpoint for 6c39f9a2-09df-11df-91ff-806d6172696f
No Desktop.ini files found on G:
No mimics found on drive G:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6c39f9a6-09df-11df-91ff-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6c39f9a4-09df-11df-91ff-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

To je samo inicijalni sken, tj sken particija... meni treba ono posle kad ubacujes usb uredjaje... No ako ti smatras da je problem resen mozemo privoditi kraju, al cisto da znas infekcija je dosla sa usb-a.

Ko je trenutno na forumu
 

Ukupno su 756 korisnika na forumu :: 40 registrovanih, 9 sakrivenih i 707 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amstel, aramis s, Belac91, branko7, calvi, chester_perry, dankisha, darkstar101, hatman, ILGromovnik, jaeger, Joja2, Klecaviks, krkalon, lazaritos, lord sir giga, maiden6657, moldway, mushroom, mustangkg, Nebo_M, ofbeyond, ognjencakic, randja26, Regrut Boskica, RJ, royst33, saputnik plavetnila, segax1, stegonosa, suponik, Toni, virked, vladom6, vobo, voja64, VP3987, zajcev1, 1107