Virus - paznja!

1

Virus - paznja!

offline
  • Pridružio: 19 Jan 2008
  • Poruke: 42

Molim pomoc, sta da radim:
stalno mi iskace kad upalim IE neki sajt sa predlogom da daunlodujem antivirus. Sigurno je neki virus u pitanju, molim pogledajte link> http://antiviruspcsuite.com/data/index.php?5e02590.....07540454

A evo sta mi izbacuje haxfix:
HAXFIX logfile - by Marckie

version 5.00.0
2008-05-11 10:30:45.64
running from D:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
no matching services found

checking for matching safeboot services
no matching safeboot services found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking iexplore.exe
iexplore.exe is not infected


--- Checking for other Goldun and Haxdoor files ---
no other Haxdoor or Goldun files found


--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-11 10:31:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000b0

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Piše li negde u uputstvu za otvaranje teme da treba ovde da postaviš HaxFix logfile?

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 19 Jan 2008
  • Poruke: 42

Evo sta je hijackthese izbacio: Logfile of HijackThis v1.99.1
Scan saved at 17:17, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\WINDOWS\system32\wfxsnt40.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Documents and Settings\kole\Desktop\New Folder\TTTTA.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2BF731FB-2013-4745-93E1-EBB0832B0B29} - D:\WINDOWS\system32\clusap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {EB95B62B-9729-4880-A351-01AF1899D78F} - D:\WINDOWS\system32\clusap.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Controller.LNK = D:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi program OTMoveIt2 na Desktop.

Dvoklikom pokreni OTMoveIt2.exe

U (levi) prozor programa (ispod Paste List of Files/Folders to Move) iskopiraj sve što se nalazi unutar Kod polja:

D:\WINDOWS\system32\clusap.dll


Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.




Takođe, postaviti i svež HijackThis logfile.

offline
  • Pridružio: 19 Jan 2008
  • Poruke: 42

evo sta kaze move it: D:\WINDOWS\system32\clusap.dll unregistered successfully.
D:\WINDOWS\system32\clusap.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05112008_184305

a evo sta kaze hijackthese:
Logfile of HijackThis v1.99.1
Scan saved at 18:44, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\kole\Local Settings\Temporary Internet Files\Content.IE5\DFZFLPKE\OTMoveIt2[1].exe
D:\Documents and Settings\kole\Desktop\New Folder\TTTTA.exe

O2 - BHO: (no name) - {1775A22D-08B2-4624-8C04-5E0E5F4274CB} - D:\WINDOWS\system32\clusap.dll (file missing)
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zar je to kompletan HijackThis log?


Pokreni HijackThis, skeniraj i čekiraj sledeću liniju:

O2 - BHO: (no name) - {1775A22D-08B2-4624-8C04-5E0E5F4274CB} - D:\WINDOWS\system32\clusap.dll (file missing)

Klikni Fix checked.



Restartuj kompjuter, postavi novi HT log i reci mi kakvo je sada stanje.

offline
  • Pridružio: 19 Jan 2008
  • Poruke: 42

To sto si mi trazio nikako ne mogu da nadjem. Opet sam pustio hijackthese i evo sad rezultata:

Logfile of HijackThis v1.99.1
Scan saved at 20:44, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\ESET\nod32kui.exe
D:\Documents and Settings\kole\Desktop\New Folder\TTTTA.exe

O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovaj log je i dalje izuzetno čudan.

Jesi li možda radio nešto sa programom HijackThis sem onoga što je pisalo u uputstvima?


Citat:stalno mi iskace kad upalim IE neki sajt sa predlogom da daunlodujem antivirus.

Da li se ovo još uvek događa?

offline
  • Pridružio: 19 Jan 2008
  • Poruke: 42

Vise se ne dogadja, sad IE radi normalno, nista ne iskace.

Zasto mislis da je log "cudan", sta je cudno?

Dopuna: 12 Maj 2008 1:26

Cek, jedino sto sam radio sa hijacthese je da sam chekirao sve prozorcice gde pise fix checked, evo sta sad izbacuje:

Logfile of HijackThis v1.99.1
Scan saved at 01:24, on 2008-05-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Documents and Settings\kole\Desktop\New Folder\TTTTA.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\cavemlsp.dll
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

U logu nedostaju legitimne linije.

Uputstvo je glasilo:

Citat:Pokreni HijackThis, skeniraj i čekiraj sledeću liniju:

O2 - BHO: (no name) - {1775A22D-08B2-4624-8C04-5E0E5F4274CB} - D:\WINDOWS\system32\clusap.dll (file missing)

Klikni Fix checked.


Znači, samo jednu liniju je trebalo obeležiti i ukloniti.


Pokreni HijackThis, klikni View the list of backups.

Povećaj taj prozor na maksimum i onda napravi screenshot.

Ako ti treba uputstvo za pravljenje screenshota-a:
http://www.mycity.rs/Windows/Pravljenje-screenshota.html

Postavi taj screenshot u idućoj poruci.

Ko je trenutno na forumu
 

Ukupno su 385 korisnika na forumu :: 10 registrovanih, 1 sakriven i 374 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., esx66, Mendonca, repac, suton, uruk, Vlada78, zziko, 1107