MyCity » Ambulanta -> Arhiva Ambulante » Virus na usb flashu

Virus na usb flashu

Napisano na dan: 29.3.2010
2

Virus na usb flashu
Pagination Prethodna strana

Idi na vrh

Poslao: 06 Apr 2010 11:05
Idi na vrh
offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Napisano: 30 Mar 2010 15:29

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 30/03/2010 15:23:17

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0d16991c-912c-11dd-a6dd-806d6172696f}
D: {0d16991d-912c-11dd-a6dd-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0d16991c-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0d16991d-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 30/03/2010 15:25:13

Scanning for connected USB mass storage...
----------------------------------------
H: {5bc868a4-aa83-11dd-bf80-0022156347f2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------


New device connected at 30/03/2010 15:26:59

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file H:\autorun.inf

Content of H:\autorun.inf
----------------------------------------
[AutoRun]
open=mb9x.exe
shell\open\Command=mb9x.exe
----------------------------------------

Files referenced from H:\autorun.inf
----------------------------------------
H:\mb9x.exe -r-hs 108530
----------------------------------------

Sanitized mountpoint for 5bc868a4-aa83-11dd-bf80-0022156347f2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive H:
========================================

File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file H:\autorun.inf

Content of H:\autorun.inf
----------------------------------------
[AutoRun]
open=mb9x.exe
shell\open\Command=mb9x.exe
----------------------------------------

Files referenced from H:\autorun.inf
----------------------------------------
H:\mb9x.exe -r-hs 108530
----------------------------------------

No mountpoint found for 5bc868a4-aa83-11dd-bf80-0022156347f2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive H:
========================================


Processing script
----------------------------------------
5bc868a4-aa83-11dd-bf80-0022156347f2
Drive letter for GUID: H:
SectionStart = 0
SectionEnd = 3
Opet sam imao problem,svaki put kada ubacim usb prijavi mi sledeće
The disk cannot be writen to bacause it is writeprotected.Please remove the write protection fromthe volume in drive H:.

Dopuna: 31 Mar 2010 19:46

@diarno
Čekam dalja upustva.

Dopuna: 06 Apr 2010 11:05

Prošlo je dugo vremena,a ja još nisam dobio potpuni odgovor,znam bili su praznici,rekoh ovim putem samo da osvežim temu,onako kako piše u uputstvu o ovom delu foruma.Hvala.



Poslao: 07 Apr 2010 01:38
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jedno pitanje? Na tom fleshu nemas bitne podatke, kolko vidim?

Ako sledeca procedura ne uspe, zasto ga jednostavno ne bi formatirao.

Takodje, ima li on zastitu za pisanje(write-protected)

Btw, nisam imao net + bio sam van grada par dana.

Ajmo jos ovo :

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
:files
H:\mb9x.exe
H:\SLATKO
H:\sybutb.exe

Klikni MoveIt!
Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?

kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.



Poslao: 07 Apr 2010 17:23
Idi na vrh
offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Napisano: 07 Apr 2010 17:11

File/Folder H:\mb9x.exe not found.
File/Folder H:\SLATKO not found.
File/Folder H:\sybutb.exe not found.

OTM by OldTimer - Version 3.1.10.1 log created on 04072010_171101

Samo jedno pitanje,zar nisam trebao prvo da ubasim flash usb,
Drugo na flashu nemam ništa bitno
I treće pokušao sam sa formatiranjem ali mi ne daje da ga formatiram

Dopuna: 07 Apr 2010 17:21

Ajde ovako,sad sam ponovio postupak ali sa ubačenim usb flashom,odmah mi je avast izbacio poruku da imam virus,pokušao sam da ga obrišem avastom ali nije hteo,pokušao sam formatiranje ali opet ništa kaže write-protected,onada sam pratio tvoje upustvo,stim što sam na kraju kliknuo na clean up,tražio je restart i to sam i uradio sada nema OTM-a na desktopu,opet sam ubacio usb i opet ista priča,prijavljuje virus,nemam pojma šta da radim.

Dopuna: 07 Apr 2010 17:23

Probao sam sada tvoj postupak ali sa ubačenim flashom i došlo je do blokade.

Poslao: 07 Apr 2010 22:12
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Iskljuci Avast, PRE NEGO STO ubacis flesh. Logicno je da treba to da uradis zar ne?

Ubacis fles.

Pokrenes program i skriptu.

Jos jednom pitam? Jel ima zastitu protiv pisanja taj usb.Sa strane, na njemu, bilo gde.

Poslao: 07 Apr 2010 22:44
Idi na vrh
offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Ne razumem te baš najbolje ali na flashu ima neko dugmence,nemam pojma zašta je,evo loga.
========== FILES ==========
H:\mb9x.exe moved successfully.
File/Folder H:\SLATKO not found.
File/Folder H:\sybutb.exe not found.

OTM by OldTimer - Version 3.1.10.1 log created on 04072010_224514

MyCity » Ambulanta -> Arhiva Ambulante » Virus na usb flashu

Ko je trenutno na forumu
 

Ukupno su 1580 korisnika na forumu :: 71 registrovanih, 5 sakrivenih i 1504 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 4. Ozrenska, A.R.Chafee.Jr., Alexandar-1973, Apok, AudioTehnica, Ba4e, bbogdan, Betty25, Bojke549, Bokiboks, bokisha253, Boris90, Bozjidar87, CCCP, crazydkure, Ctrl x, darkkran, dekan.m, draganl, dragisa dragisa, DrNeoCortex, dule10savic, Dungorth, DzigiNS, Gitzherai, goxin, goxsys, GveX, istokzapad, Jeremiah, JOntra, JosipRi, kaisarevic1, Khaless, komsija1, Kruger, Kružić, Kubovac, KUZMAR, Leonov, leptirleptir, madza, Malahit, mercedesamg, metallac777, Metanoja, MILO-VAN, Milos ZA, mnn2, moldway, neutrino, Orc, pein, Peruta, Povratak1912, precan, Prečanin30, proka89, raketaš, Ray1973, Resad76, Sevatar, silikon, Siti2, Srky Boy, stingD, VBoss, XBMC, Zeljo980, Zoran1959