virus.Win32.sality.bh

virus.Win32.sality.bh

offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Od juce imam mnogo problema sa ovim virusom. Blokira mi sve .exe fajlove i prosirio se sa lokalnog diska c: i na druga dva D: i E:
Kaspersky ga registruje ali ne moze da ga ocisti. Molim vas za pomoc.

Ovo je kaspersky detektovao:




DDS (Ver_10-12-12.02) - NTFSx86
Run by mladen at 18:39:46,79 on pet 11.02.2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1172 [GMT 1:00]

AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\MCShield\MCShieldTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\mladen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [TWCU] "c:\program files\tp-link\tp-link 54m wireless client utility\TWCU.exe" -nogui
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avgls9\avgtray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TCP: {BEF57DFE-307A-491A-9C80-C4459A3B25CB} = 81.93.64.9,81.93.64.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mladen\applic~1\mozilla\firefox\profiles\9ud74eeg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - component: c:\program files\avg\avgls9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avgls9\Firefox
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

============= SERVICES / DRIVERS ===============

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [2010-8-31 29056]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-9-4 902432]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-1 475736]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-9-4 2326920]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-9-4 159168]
R3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\drivers\ALILAN.SYS [2010-8-31 29184]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 25088]
R3 WebCamDriver;WebCam driver;c:\windows\system32\drivers\WebCam.sys [2011-2-10 63488]

=============== Created Last 30 ================

2011-02-10 20:46:20 -------- d-----w- c:\program files\oDesk
2011-02-10 20:45:39 -------- d-----w- c:\docume~1\mladen\locals~1\applic~1\oDesk
2011-02-10 20:35:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-02-10 18:51:46 28672 ----a-w- c:\windows\system32\DrvInstall.dll
2011-02-10 18:51:45 63488 ----a-w- c:\windows\system32\WebCam.sys
2011-02-10 18:51:45 63488 ----a-w- c:\windows\system32\drivers\WebCam.sys
2011-02-10 18:51:45 59904 ----a-w- c:\windows\system32\DynamicInterpolation.ax
2011-02-10 18:51:45 30720 ----a-w- c:\windows\system32\WebCam.ax
2011-02-10 18:51:45 -------- d-----w- c:\program files\VideoCap
2011-02-10 18:49:56 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-02-10 18:49:55 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-02-10 18:49:53 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-02-10 18:49:53 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-02-10 18:49:51 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-02-10 18:49:51 20992 ----a-w- c:\windows\system32\dshowext.ax

==================== Find3M ====================


============= FINISH: 18:41:07,40 ===============

mycity.rs/must-login.png



mycity.rs/must-login.png



mycity.rs/must-login.png



mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav jomlla!








Arrow


Da li si uz pomoc Acronis-a ili mozda System Restore-a radio backup/vracao sistem u ranije stanje?
Na koje si sve nacine pokusao da uklonis malware?





Arrow


Iskljuci, pa ponovo ukljuci System Restore prateci Uputstvo sa ovog link-a:
http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html




Arrow Postupak ponoviti za svaku particiju (sem sistemske (C))



My Computer -> desni klik na particiju sa oznakom D -> Properties;

U kartici General klik na Disk Cleanup;

Nakon toga u novom prozoru klik na karticu More Options;

U sekciji System Restore klik na Clean Up -> Yes.








Ima li jos uvek detekcija KIS-a?










goran9888 (AMF Tim)

offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Posto nisam mogao nikako da pokrenem neke programe onda sam sistem vratio u ranije stanje pomocu Acronisa. Pokusao sam ovaj virus da uklonim sa Sality killer nekakvim programom koji sam skinuo sa sajta Kasperskog i koji je tamo naveden kao moguce rjesenje mog problema.

Od sinoc vise ne mogu da upalim racunar nikako tako da nisam uspjeo da pokusam nista oko SR kako si mi rekao. Da li je moguce da ne mogu da ga upalim zbog virusa ili ce prije biti da se usput javio jos neki problem?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Da bi nam sto vise olaksao, ti moras biti sto konkretniji i moras sto detaljnije objasnjavati probleme. Mogao si jos u prvoj poruci napisati sta si sve radio ne bi li uklonio infekciju.




Konkretnije nam opisi to "ne mogu da upalim racunar". Pokrene se OS i stigne dokle? Izbaci neku gresku? Koja greska je u pitanju?







goran9888 (AMF Tim)

offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Napisano: 13 Feb 2011 18:20

To znaci sledece: upalim racunar i on ne daje nikakav signal na monitor samo lampica treperi kao i da nisam upalio racunar uopste. Veceras sam pokusao da zamjenim maticnu plocu posto sa starom nisam dobijao nikakav signal ni na tastaturi ni misu i bilo je uspjesno. Posle sam ponovo vratio moju staru plocu i uspjeo sam i sa njom da pokrenem sve s tim sto mi se prvo pojavio ekran BIOSA i poruka cini mi se nesto da je pisalo kao SYSTEM INTRUDED, TAMPERED. Slucajno sam pritisnuo na tastaturu pa nisam stigao da prepisem poruku u kompletu.

Dopuna: 13 Feb 2011 18:42

I zaboravio sam jos reci system restore mi je vec od prije nekoliko mjeseci iskljucen.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

I ...


Ja iz tvoje poruke i dalje ne znam sta se dogadja sa racunarom. Ne znam kako da ti objasnim, ali moras biti maksimalno detaljan.


To obavestenje koje dobijas te obavestava da je neko (u ovom slucaju ti) skinuo poklopac i pristupio komponentama. Inace, u podesavanjima BIOS-a najverovatnije postoji opcija za iskljucivanje te mogucnosti.

Za resenje tog problema obrati se u odgovarajuci potforum.




Ovde resavamo samo probleme sa malware-om ...

Jel si podigao Windows? Koje sada probleme imas vezano za malware?







goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 661 korisnika na forumu :: 36 registrovanih, 6 sakrivenih i 619 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Arhiv, awathorn, boolero, BraneS, BRATORIII, Cirkon, djo97, dule clio, havoc995, helen1, kolateralnasteta, kunktator, kybonacci, MarKhan, Marko Marković, mercedesamg, Mihajlo, mikrimaus, Miskohd, nikolapetkovic, nuke92, pacika, renoje2, sabros, shone34, spektorsky, srecko81, srgjan, UncleSAM, Vladimir Simovic, vobo, VP3987, wizzardone, zixmix, zlaya011, Čivi