Prikaži potpunu verziju : virusi i spyware-i
MilanZemun90
17.5.2007, 0:25
Da li mi neko moze pomoci? Na kompu imam Troj/Zapchos-CS virus koji je pronasao moj antispyware i posto nemam full verziju istog pise da moram da rucno izbrisem navedeni virus.Kada sam nasao gde se nalazi i pokusao da ga izbrisem pisalo je da ga koristi druga osoba ili proces mada ga nema u run processima.Na netu sam procitao da je mnogo opasan virus ali nema uputstva kako ga ukloniti.Da li iko zna kako da ga rucno izbrisem ili da mi preporuci neki anti-virus koji to radi? Napominjem da imam instaliran AVG 7.5,ad-aware,Anti-spyware,Spy Sweeper i Registry Mechanic i od navedenih samo poslednji moze da ga detektuje ali ne i da ga izbrise.Molim vas mozete li mi pomoci?
da li si probao hijackthis (http://www.download.com/HijackThis/3000-8022_4-10379544.html)?
ako ovo ne moze, format :(
GoranKostic
17.5.2007, 0:38
Verovatno ne mozes da obrises fajlove stetocine jer su aktivni, tj. startovani.
Probaj da startujes racunar u safe modu, i u safe modu windowsa probaj da obrises zlonamerne fajlove.
Inace, na sledecem linku, pod Advanced ces naci koje fajlove i reg. kljuceve navedena stetocina pravi
http://www.sophos.com/security/analyses/trojzapchascs.html
Predrag Stankovic
17.5.2007, 0:46
Ja sam imao problema sa slicnim virusom koji ni u safe modu sa Adminstrator account-om nisam uspeo da obrisem
Probaj da ga obrises iz dos-a. Ili odnesi HDD na neki drugi racunar pa tamo izbrisi.
Predrag Stankovic
17.5.2007, 0:56
Pre toga isprati uputstva sa ovog (http://www.sophos.com/support/disinfection/trojan.html) sajta tj. link sto je pustio GoranKostic, i trebalo bi da se otarasis napasti
Evo ti ovo pa se malo iscimaj ako nece bas nista.
Troj/Zapchas-CS is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Zapchas-CS includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zapchas-CS is installed the following malicious files are created:
<Windows>\Fonts\Explored.exe
<Windows>\Fonts\chanflood.mrc
<Windows>\Fonts\whvlxd.dat
<Windows>\Fonts\whvlxd.exe
<Windows>\Fonts\kernel33.exe
<Windows>\Fonts\mirc.ini
<Windows>\Fonts\moo.dll
<Windows>\Fonts\portredirect.mrc
The file Explored.exe is detected as Troj/Flood-BC, the file kernel33.exe is detected as Troj/Flood-CK and the file whvlxd.exe is detected as Troj/Flood-K. The rest are detected as Troj/Zapchas-CS.
In addition the following non-malicious text files are created :
<Windows>\Fonts\clone.mrc
<Windows>\Fonts\commands.txt
<Windows>\Fonts\remote.ini
<Windows>\Fonts\script.ini
<Windows>\Fonts\winboot.bin
<Windows>\Fonts\winconf.mrc
These files may simply be deleted.
The following registry entry is created to run whvlxd.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WHVLXD
<Windows>\Fonts\WHVLXD.exe
The following registry entries are set or modified, so that Explored.exe is run when files with extensions of CHA and IRC are opened/launched:
HKCR\ChatFile\Shell\open\command
(default)
<Windows>\Fonts\Explored.exe" -noconnect
HKCR\irc\Shell\open\command
(default)
<Windows>\Fonts\Explored.exe" -noconnect
Registry entries are set as follows:
HKCR\ChatFile\DefaultIcon
(default)
<Windows>\Fonts\Explored.exe
HKCR\irc\DefaultIcon
(default)
<Windows>\Fonts\Explored.exe
Registry entries are created under:
HKCU\Software\Microsoft\Microsoft Agent
HKCU\Software\mIRC\DateUsed
HKCR\irc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\mIRC
Evo ti ovo pa se malo iscimaj ako nece bas nista.
a ako ne mogu rucno da se brisu fajlovi koristi ovo (http://killbox.net/)
Verovatno ne mozes da obrises fajlove stetocine jer su aktivni, tj. startovani.
Skini sa neta Unlocker (http://ccollomb.free.fr/unlocker/), et viola.
MilanZemun90
18.5.2007, 0:08
Hvala vam puno,bio sam na tom sajtu i skinuo Sophos Anti virus i mogu vam reci da sam veoma zadovoljan.Sam program je extra i odlicno radi.
Predrag Stankovic
18.5.2007, 0:33
Koliko je trial period kod Sophosa? koji je inache ubedljivo najskuplji AV.
Treial period kod sovosa je 30 dana.
vBulletin® v3.8.7, Copyright ©2000-2024, vBulletin Solutions, Inc.