Problem!

1

Problem!

offline
  • Pridružio: 26 Avg 2005
  • Poruke: 160

Kada mi se ukljuci racunar i ono pojave mi se ikonice moram da cekam nekih 30-tak sejundi da bih mogao normalno da krenem sa radom, dakle sve nesto koci (npr. kada kliknem refresh cekam 1-2 sekunde dok osvezi) Da li je to zbog nekog virusa?

Inace racunar sam uzeo nedavno i odlicno je radio dok se nisam povezao na internet!

Zaboravio sam da kazem da imam SpywareDoctor-a i sa njime kada pretrazujem uvek mi se pojavi infekcija, uklonim je i ona se ponovo pojavi!



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Pridružio: 15 Dec 2005
  • Poruke: 64
  • Gde živiš: Lazarevac

Bas bez veze,
Koristi Registry First Aid i CCleaner,...verovatno ti se r. baza malo zaludela! Stavi screenshot te infekcije da vidim o cemu je rec.



offline
  • Pridružio: 26 Avg 2005
  • Poruke: 160

Koristim Registry First Aid

offline
  • Pridružio: 15 Dec 2005
  • Poruke: 64
  • Gde živiš: Lazarevac

Mozes li da stavis taj screenshut...

offline
  • Pridružio: 26 Avg 2005
  • Poruke: 160

Ma postavio bih ja ali mislim da nema svrhe, a i konekcija mi je jako losa, nista mi se ne pojavljuje na ekranu, samo (u prvih skoro 60 sekundu - bas sam izracunao) nesto koci i ja odem refresh i onda cekam 1-2 sekunde da osvezi, a kad prodje 60 sekundi od podizanja sistema onda je sve OK. Za tih prvih 60 sekundi mogu ja da radim nije da blokira a li samo malo koci kao kod refresha i sporije se pokrecu programi.

Mislim da je u pitanju neki virus posto mi u Spyware Doctoru stalno u izvestaju pokazuje sledece:

 <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="40" bgcolor="#F4F4F4">
<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td width="280"><b>Spyware Doctor Activity Report<br>
              Generated on
              28.12.2005 13:53:22</b></td>
<td valign="bottom"><table><tr><td><a href="http://www.pctools.com/spyware-doctor/">Spyware Doctor Homepage</a></td><td width="30"></td><td><a href="http://www.pctools.com/">PC Tools Homepage</a></td><td width="30"></td>
<td><a href="http://www.pctools.com/support/faq.php?guide=site">Technical Support</a></td><td width="30"></td></tr></table></td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="80">
<table width="100%" border="0" cellspacing="0" cellpadding="10">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td>Scans (basic information only):</td>
</tr>
<tr>
<td height="1" bgcolor="#8888CC"></td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="40" bgcolor="#F4F4F4" valign="top"><b>Scan Results:</b><br><table width="100%" border="0" cellspacing="4" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="20%">scan start:</td>
<td width="80%">28.12.2005 13:53:48</td>
</tr>
<tr>
<td width="20%">scan stop:</td>
<td width="80%">28.12.2005 13:54:12</td>
</tr>
<tr>
<td width="20%">scanned items:</td>
<td width="80%">7199</td>
</tr>
<tr>
<td width="20%">found items:</td>
<td width="80%">12</td>
</tr>
<tr>
<td width="20%">found and ignored:</td>
<td width="80%">0</td>
</tr>
<tr>
<td width="20%">tools used:</td>
<td width="80%"><toolslist>General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner</toolslist></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr height="10">
<td width="1%"></td>
<td width="27%"></td>
<td width="60%"></td>
<td width="12%"></td>
</tr>
<tr>
<td width="1%"></td>
<td width="27%"><b>Infection Name</b></td>
<td width="60%"><b>Location</b></td>
<td width="12%"><b>Risk</b></td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(6) 127.0.0.1 ca.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(18) 127.0.0.1 f-secure.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(19) 127.0.0.1 f-secure.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(36) 127.0.0.1 kaspersky.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(41) 127.0.0.1 mcafee.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(44) 127.0.0.1 my-etrust.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(45) 127.0.0.1 nai.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(46) 127.0.0.1 networkassociates.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(53) 127.0.0.1 sophos.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(56) 127.0.0.1 symantec.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(57) 127.0.0.1 trendmicro.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(62) 127.0.0.1 viruslist.com</td>
<td width="12%">High</td>
</tr>
<tr height="10" valign="top">
<td width="1%"></td>
<td width="27%"></td>
<td width="60%"></td>
<td width="12%"></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="40" bgcolor="#F4F4F4" valign="top"><b>Scan Results:</b><br><table width="100%" border="0" cellspacing="4" cellpadding="0">
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="20%">scan start:</td>
<td width="80%">28.12.2005 13:56:16</td>
</tr>
<tr>
<td width="20%">scan stop:</td>
<td width="80%">28.12.2005 13:59:31</td>
</tr>
<tr>
<td width="20%">scanned items:</td>
<td width="80%">32580</td>
</tr>
<tr>
<td width="20%">found items:</td>
<td width="80%">13</td>
</tr>
<tr>
<td width="20%">found and ignored:</td>
<td width="80%">0</td>
</tr>
<tr>
<td width="20%">tools used:</td>
<td width="80%"><toolslist>General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner</toolslist></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr height="10">
<td width="1%"></td>
<td width="27%"></td>
<td width="60%"></td>
<td width="12%"></td>
</tr>
<tr>
<td width="1%"></td>
<td width="27%"><b>Infection Name</b></td>
<td width="60%"><b>Location</b></td>
<td width="12%"><b>Risk</b></td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(6) 127.0.0.1 ca.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(18) 127.0.0.1 f-secure.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(19) 127.0.0.1 f-secure.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(36) 127.0.0.1 kaspersky.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(41) 127.0.0.1 mcafee.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(44) 127.0.0.1 my-etrust.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(45) 127.0.0.1 nai.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(46) 127.0.0.1 networkassociates.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(53) 127.0.0.1 sophos.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(56) 127.0.0.1 symantec.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(57) 127.0.0.1 trendmicro.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Possible Website Hijack</td>
<td width="60%">(62) 127.0.0.1 viruslist.com</td>
<td width="12%">High</td>
</tr>
<tr valign="top">
<td width="1%"></td>
<td width="27%">Trojan.Downloader.Small.BDZ</td>
<td width="60%">C:\WINDOWS\svchost.exe</td>
<td width="12%">High</td>
</tr>
<tr height="10" valign="top">
<td width="1%"></td>
<td width="27%"></td>
<td width="60%"></td>
<td width="12%"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<p>Other Sections:</p>
</td>
</tr>
<tr>
<td height="1" bgcolor="#8888CC"></td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td>
<p></p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="1" bgcolor="#CCCCCC"></td>
</tr>
<tr>
<td height="26">
<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td width="300">Copyright © 2003-2005. Distributed by PC Tools.</td>
<td><a href="http://www.pctools.com/legal.php">Legal Notice</a></td>
</tr>
</table>
</td>
</tr>
</table>
<table><tr height="2048"><td></td></tr></table>
<table><tr height="2048"><td></td></tr></table><a name="sigs"></a><table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td>sigs</td>
</tr>
<tr>
<td height="1" bgcolor="#8888CC"></td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td height="1" bgcolor="#8888CC"></td>
</tr>
<tr>
<td><a href="#main">Click to go back</a></td>
</tr>
</table>
<table><tr height="2048"><td></td></tr></table>



Ubaci ovaj kod pa vidi o cemu s radi ...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Procitaj:
http://www.mycity.rs/phpbb/viewtopic.php?t=28463
http://www.mycity.rs/phpbb/viewtopic.php?t=28431
To je sto se tice redirekcija koje imas u host fajlu.
Sto se tice samog trojanca, jesi li pokusao sa skeniranjem iz SafeModa?

offline
  • Pridružio: 26 Avg 2005
  • Poruke: 160

Evo postavio sam HTML kod gore pa pogledajte o cemu se radi

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovo sto sam ti napisao u prethodnom postu nisam pisao napamet, vec citajuci taj kod.
Imas par redirekcija da ne mozes da pristupis pojedinim sajtovima AV kompanija, kao i jedan trojan.downloader koji se nakacio na svchost.
Ona dva linka sto sam ti dao su o redirekcijama, a trojanca skloni iz SafeModa.

offline
  • Pridružio: 26 Avg 2005
  • Poruke: 160

@bobby

Pokusao sam da sklonim trojanca iz SafeModa ali nemoze!

Prvo mi kaze da je izbrisan, a ja kad restaujem racunar i ponovo pogledam kad ono opet ima!!!

I jos sto se tice trojanca ... kada odem da ga odstranim pise mi da ce se odstraniti prilikom sledeceg pokretanja racunara i tako uvek, ali nema efekta.


A sto se tice ovih redirekcija, pogledao sam one linkove sto si mi rekao, ali nisam bas shvatio. Otvorio sam c:\Windows\System 32\drivers\etc\hosts i pojavili su mi se sajtovi kojima nemogu da pristupim. E, mozda sam malo "glup" ali stvarno neznam sta da radim ... da li da brisem odatle nesto ili ...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Taj trojanac (ili neki drugi program), su tako editovali host fajl da ni jedan AV program ne moze da uradi update, uradio je redirekciju da traze update sa tvog kompa, tvoj kom je taj sa adresom 127.0.0.1
Obrisi liniju u kojoj je adresa sajta tvog AV programa preusmerena na 127.0.0.1. Takodje mozes i ostale redirekcije koje upucuju na 127.0.0.1 da obrises.
Host fajl moze da bude i totalno prazan ako ti ne trebaju redirekcije.

Nisi rekao koji AV program koristis, SpywareDoctor nije AV program.

Ko je trenutno na forumu
 

Ukupno su 1224 korisnika na forumu :: 50 registrovanih, 9 sakrivenih i 1165 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., Acivi, babaroga, Bobrock1, bojankrstc, Brana01, cifra, comi_pfc, dankisha, DENIRO, Dimitrije Paunovic, Dimitrise93, Djokkinen, Doca, doktor1964, Fabius, Georgius, hooraay, hyla, ILGromovnik, kobaja77, krkalon, kunktator, Kure126-7, KUZMAR, Kvazar, kybonacci, Lieutenant, ljubacv, Metanoja, milenko crazy north, MiroslavD, mkukoleca, Motocar, nemkea71, nenooo, pein, raptorsi, ruma, sabros, Sančo, sap, Smajser, srbijaiznadsvega, stalja, suton, tmanda323, voja64, Zi0mek