Virus Sa Fejsa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 12 Jan 2012 15:02

Uradi sam tasks datoteku kada pokušam da otvorim piše "pregeled nije dostupan" a pre toga mi se pojavilo samo na kratko obaveštenje "nemate dozvolu za pristup datoteci"

Dopuna: 12 Jan 2012 15:12

Kako da dobijem dozvolu za pristup Tasks datoteci?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde, probaj ovako:


Preuzmi CatchMe i program sačuvaj na Desktop.

Dvoklikom pokreni catchme.exe i pređi na Script tab (jezičak).
U (beli) prozor programa iskopiraj sledeći kod :

files:
C:\Windows\tasks\At1.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At20.job


Klikni na taster Run.

Kada se pojavi poruka sa obaveštenjem, kliknuti OK.


Po završetku procesa, na Desktopu će se nalaziti file catchme.zip.
Uploaduj ga preko sledeće forme: [Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 12 Jan 2012 17:20

Kada dvoklikom pokrenem catchame.exe otvori mi se sledeće:
[Link mogu videti samo ulogovani korisnici]
i nema nikakav Script tab niti taster Run

Dopuna: 12 Jan 2012 20:26

...kao da ne može da se pokrene kako treba.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Klikni na dugme Start i unutar polja za pretragu ukucaj: CMD.

Klikni desnim tasterom miša na cmd.exe i odaberi opciju Run As Administrator.

VIDI SLIKU:




U prozoru u koji se otvori unesi sledeće dve komande:

copy C:\Windows\tasks\At1.job C:\at1.job

... i pritisni taster Enter. Vidi sliku:




...i ovu komandu :

copy C:\Windows\tasks\At15.job C:\at15.job

Nakon toga, prikači datoteke at1.job i at15.job, koje se nalaze unutar C diska, po uputstvu koje sam ti već dao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Nadam se da je sad ok.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dobro si uradio.


Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

:files
C:\Users\Deki\AppData\Local\Temp\DFDWizb.exe
C:\Windows\tasks\At*.job
   
:Commands
[purity]
[emptytemp]
[Reboot]


Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

All processes killed
========== FILES ==========
File\Folder C:\Users\Deki\AppData\Local\Temp\DFDWizb.exe not found.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Deki
->Temp folder emptied: 335008 bytes
->Temporary Internet Files folder emptied: 98625 bytes
->Java cache emptied: 659841 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 189566454 bytes
->Flash cache emptied: 470 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11914 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01132012_074830

Files\Folders moved on Reboot...
C:\Users\Deki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Na kratko sam bio zagubio gore navedenu datoteku (bolje reći nisam se odmah snašao da je potražim u OTL datoteci - kliknuo sam na X navedene datoteke na radnoj površini) pa sam ponovio postupak po uputstvu sa OTL u nadi da ću tako dobiti zagubljenu datoteku medjutim dobio sam datoteku sa drugačijim sadržajem)
što se iz priloženog da videti:

All processes killed
========== FILES ==========
File\Folder C:\Users\Deki\AppData\Local\Temp\DFDWizb.exe not found.
File\Folder C:\Windows\tasks\At*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Deki
->Temp folder emptied: 67494 bytes
->Temporary Internet Files folder emptied: 33440 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7238487 bytes
->Flash cache emptied: 343 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01132012_075633

Files\Folders moved on Reboot...
C:\Users\Deki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Brine me da li sam sa pomenutim postupkom nešto zeznuo!?
Molim te obavesti me što pre o ovome.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stanje je uredno. Tvoj računar je čist, po pitanju malicioznih programa.



Ponovo pokreni OTL i klikni na opciju CleanUp.


Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici]

Vise o MCShield-u mozes saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici]


Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
[Link mogu videti samo ulogovani korisnici]



Hvala što veruješ AMF Timu.

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Hvala AMF Timu a posebno Tebi.