malware (cvasds0.dll) ili ko zna šta ?

2

malware (cvasds0.dll) ili ko zna šta ?

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11/27/2009 9:47:46 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {f25626e0-d87d-11de-af58-806d6172696f}
D: {f25626e1-d87d-11de-af58-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for f25626e0-d87d-11de-af58-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for f25626e1-d87d-11de-af58-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11/27/2009 9:47:59 AM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda8e-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=9g86.exe
shell\open\Command=9g86.exe
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
F:\9g86.exe -r-hs 114987
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 6d0cda8e-dacb-11de-9177-0016d421df6b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 11/27/2009 9:48:57 AM

Scanning for connected USB mass storage...
----------------------------------------
G: {b87229fd-d882-11de-916b-0016d421df6b}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for b87229fd-d882-11de-916b-0016d421df6b
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 11/27/2009 9:51:48 AM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda8f-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=i9bwjpqc.exe
shell\open\Command=i9bwjpqc.exe
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 6d0cda8f-dacb-11de-9177-0016d421df6b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 11/27/2009 9:54:56 AM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda90-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 6d0cda90-dacb-11de-9177-0016d421df6b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 11/27/2009 9:55:45 AM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda91-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 6d0cda91-dacb-11de-9177-0016d421df6b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 11/27/2009 9:58:44 AM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ok, iskljuci AV i pokreni USBNoRisk, klikni na tab Script i iskopiraj sledeci tekst:

{6d0cda8e-dacb-11de-9177-0016d421df6b}
f_delete: %DRIVE%9g86.exe
delete_blocked:

{6d0cda8f-dacb-11de-9177-0016d421df6b}
f_delete: %DRIVE%i9bwjpqc.exe
delete_blocked:


Kad prikljucis prvi stick klikni na Run Script, zatim prikljucuj ostale.
Kad zavrsi, postavi nam log fajl.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11/27/2009 1:09:05 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {f25626e0-d87d-11de-af58-806d6172696f}
D: {f25626e1-d87d-11de-af58-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for f25626e0-d87d-11de-af58-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for f25626e1-d87d-11de-af58-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11/27/2009 1:09:34 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda8e-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=9g86.exe
shell\open\Command=9g86.exe
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
F:\9g86.exe -r-hs 114987
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 6d0cda8e-dacb-11de-9177-0016d421df6b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
6d0cda8e-dacb-11de-9177-0016d421df6b
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
f_delete:
file "F:\9g86.exe" deleted successfully
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: F:\autorun.inf.blocked > Done!
----------------------------------------

========================================
Scan finished!
========================================


Processing script
----------------------------------------
6d0cda8e-dacb-11de-9177-0016d421df6b
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
f_delete: F:\9g86.exe > File does not exist!
----------------------------------------
Deleting blocked files:
----------------------------------------
None
----------------------------------------


Processing script
----------------------------------------
6d0cda8e-dacb-11de-9177-0016d421df6b
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
f_delete: F:\9g86.exe > File does not exist!
----------------------------------------
Deleting blocked files:
----------------------------------------
None
----------------------------------------

========================================
Removed F:
========================================


New device connected at 11/27/2009 1:10:44 PM

Scanning for connected USB mass storage...
----------------------------------------
G: {b87229fd-d882-11de-916b-0016d421df6b}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for b87229fd-d882-11de-916b-0016d421df6b
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

Processing script
----------------------------------------
========================================
Scan finished!
========================================

========================================
Removed G:
========================================


New device connected at 11/27/2009 1:12:00 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda8f-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[AutoRun]
open=i9bwjpqc.exe
shell\open\Command=i9bwjpqc.exe
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 6d0cda8f-dacb-11de-9177-0016d421df6b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
========================================
Scan finished!
========================================

========================================
Removed F:
========================================


New device connected at 11/27/2009 1:13:43 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda90-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 6d0cda90-dacb-11de-9177-0016d421df6b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
========================================
Scan finished!
========================================

========================================
Removed F:
========================================


New device connected at 11/27/2009 1:14:45 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {6d0cda91-dacb-11de-9177-0016d421df6b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 6d0cda91-dacb-11de-9177-0016d421df6b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
========================================
Scan finished!
========================================

========================================
Removed F:
========================================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ti bi bilo sve.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 08 Jul 2007
  • Poruke: 2024

Uninstall - done!

Nadam se da neću u skorije vrijeme biti ponovo 'pacijent' ovdje, ali dobro je znati da imamo sjajnu ambulantu.
Hvala najljepša! Very Happy

Ko je trenutno na forumu
 

Ukupno su 533 korisnika na forumu :: 16 registrovanih, 4 sakrivenih i 513 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, Bloody, ikan, kovinacc, Marko Marković, mnn2, neleinstruktor, perko91, RecA, Simon simonović, Snorks, tomigun, VES 11119, vlvl, voja64, W123