MyCity » Ambulanta -> Arhiva Ambulante » Win32/Autoit.FL ...worm?

Win32/Autoit.FL ...worm?

Napisano na dan: 8.6.2009
3

Win32/Autoit.FL ...worm?
Pagination Prethodna strana

Idi na vrh

Poslao: 09 Jun 2009 22:52
Idi na vrh
offline
  • maqdam 
  • Novi MyCity građanin
  • Pridružio: 08 Jun 2009
  • Poruke: 12

Cao.

Da, na kraju sam to morala da uradim.. vratila sam ga 2 dana unazad.
Manje zlo.

Sad je sve ok, tj. nisam primetila da fali nesto od driver-a, nadam se da me nece ponovo ovako iznenaditi.

Flash sam formatirala, neke "sigurne" file-ove sam spasila...

Otprilike, to je sve...

Poslao: 09 Jun 2009 22:56
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Imas izvinjenje s nase strane zbog ove neprijatnosti.
Greska je bila u programu ComboFix koji je koriscen. Greska je ispravljena u novoj verziji koja ce biti dostupna za par sati.
Prijavili smo autoru ovaj tvoj ovde slucaj, i zahvaljujuci fajlovima koje si nam poslala, i zahvaljujuci jos jednom slucaju sa foruma (gde smo coveku takodje zeznuli sistem) uspeli smo da lokalizujemo gresku koja ispoljava iskljucivo kada je racunar zarazen ovom infekcijom koja je bila i kod tebe.

Ja bih te samo zamolio da jos jednom proskeniras fleshke USBNoRiskom i da nam ovde postavis log, za svaki slucaj.

Poslao: 10 Jun 2009 02:20
Idi na vrh
offline
  • maqdam 
  • Novi MyCity građanin
  • Pridružio: 08 Jun 2009
  • Poruke: 12

Napisano: 10 Jun 2009 2:18

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 10.6.2009 2:16:42

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {02d1c26b-c2ce-11dc-9ad4-806d6172696f}
E: {02d1c26c-c2ce-11dc-9ad4-806d6172696f}
C: {02d1c26e-c2ce-11dc-9ad4-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 02d1c26e-c2ce-11dc-9ad4-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 02d1c26b-c2ce-11dc-9ad4-806d6172696f
----------------------------------------
Desktop.ini found at D:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 02d1c26c-c2ce-11dc-9ad4-806d6172696f
----------------------------------------
Desktop.ini found at E:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 10.6.2009 2:16:54

Scanning for connected USB mass storage...
----------------------------------------
H: {e7ac10d1-996d-11dd-9ae0-00110963c2cd}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for e7ac10d1-996d-11dd-9ae0-00110963c2cd
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

Mimics found on drive H:
========================================

Dopuna: 10 Jun 2009 2:20

A o kakvoj se to infekciji radi? Zarazen racunar ili samo flash... ili oboje?

Evo loga...

Poslao: 10 Jun 2009 05:28
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Sada cemo da vidimo da li je zarazen i racunar ili samo flash.

Predji na karticu Script u USBNoRisku i tamo iskopiraj sledeci skript:
{e7ac10d1-996d-11dd-9ae0-00110963c2cd}
delete_mimics:
folder_list: %DRIVE%

Vrati se na karticu Monitor.
Nakon toga prikljuci na komp taj flash i sacekaj da USBNoRisk automatski obavi skeniranje i ciscenje.

Kada to odradis, snimi ponovo log i iskopiraj mi ga ovde.

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Autoit.FL ...worm?

Ko je trenutno na forumu
 

Ukupno su 1146 korisnika na forumu :: 37 registrovanih, 9 sakrivenih i 1100 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, 9k38, A.R.Chafee.Jr., AK - 230, Apok, babaroga, bojanM84, Buzdovan, darios, Denaya, Dimitrise93, djboj, doktor123, flash12, ikan, Istman, Karla, kikisp, Krvava Devetka, ksyyaj, kunktator, kybonacci, Marko Marković, mercedesamg, Mercury, milenko crazy north, Milometer, mnn2, nenad81, procesor, robertino, Sale.S, Srle993, Stoilkovic, Tvrtko I, virked, W123