Da li mi neko moze pomoci? Na kompu imam Troj/Zapchos-CS virus koji je pronasao moj antispyware i posto nemam full verziju istog pise da moram da rucno izbrisem navedeni virus.Kada sam nasao gde se nalazi i pokusao da ga izbrisem pisalo je da ga koristi druga osoba ili proces mada ga nema u run processima.Na netu sam procitao da je mnogo opasan virus ali nema uputstva kako ga ukloniti.Da li iko zna kako da ga rucno izbrisem ili da mi preporuci neki anti-virus koji to radi? Napominjem da imam instaliran AVG 7.5,ad-aware,Anti-spyware,Spy Sweeper i Registry Mechanic i od navedenih samo poslednji moze da ga detektuje ali ne i da ga izbrise.Molim vas mozete li mi pomoci?

da li si probao hijackthis (http://www.download.com/HijackThis/3000-8022_4-10379544.html)?
ako ovo ne moze, format :(

Verovatno ne mozes da obrises fajlove stetocine jer su aktivni, tj. startovani.

Probaj da startujes racunar u safe modu, i u safe modu windowsa probaj da obrises zlonamerne fajlove.

Inace, na sledecem linku, pod Advanced ces naci koje fajlove i reg. kljuceve navedena stetocina pravi

http://www.sophos.com/security/analyses/trojzapchascs.html

Ja sam imao problema sa slicnim virusom koji ni u safe modu sa Adminstrator account-om nisam uspeo da obrisem

Probaj da ga obrises iz dos-a. Ili odnesi HDD na neki drugi racunar pa tamo izbrisi.

Pre toga isprati uputstva sa ovog (http://www.sophos.com/support/disinfection/trojan.html) sajta tj. link sto je pustio GoranKostic, i trebalo bi da se otarasis napasti

Evo ti ovo pa se malo iscimaj ako nece bas nista.
Troj/Zapchas-CS is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Zapchas-CS includes functionality to access the internet and communicate with a remote server via HTTP.

When Troj/Zapchas-CS is installed the following malicious files are created:

<Windows>\Fonts\Explored.exe
<Windows>\Fonts\chanflood.mrc
<Windows>\Fonts\whvlxd.dat
<Windows>\Fonts\whvlxd.exe
<Windows>\Fonts\kernel33.exe
<Windows>\Fonts\mirc.ini
<Windows>\Fonts\moo.dll
<Windows>\Fonts\portredirect.mrc

The file Explored.exe is detected as Troj/Flood-BC, the file kernel33.exe is detected as Troj/Flood-CK and the file whvlxd.exe is detected as Troj/Flood-K. The rest are detected as Troj/Zapchas-CS.

In addition the following non-malicious text files are created :

<Windows>\Fonts\clone.mrc
<Windows>\Fonts\commands.txt
<Windows>\Fonts\remote.ini
<Windows>\Fonts\script.ini
<Windows>\Fonts\winboot.bin
<Windows>\Fonts\winconf.mrc

These files may simply be deleted.

The following registry entry is created to run whvlxd.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WHVLXD
<Windows>\Fonts\WHVLXD.exe

The following registry entries are set or modified, so that Explored.exe is run when files with extensions of CHA and IRC are opened/launched:

HKCR\ChatFile\Shell\open\command
(default)
<Windows>\Fonts\Explored.exe" -noconnect

HKCR\irc\Shell\open\command
(default)
<Windows>\Fonts\Explored.exe" -noconnect

Registry entries are set as follows:

HKCR\ChatFile\DefaultIcon
(default)
<Windows>\Fonts\Explored.exe

HKCR\irc\DefaultIcon
(default)
<Windows>\Fonts\Explored.exe

Registry entries are created under:

HKCU\Software\Microsoft\Microsoft Agent
HKCU\Software\mIRC\DateUsed
HKCR\irc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\mIRC

Evo ti ovo pa se malo iscimaj ako nece bas nista.

a ako ne mogu rucno da se brisu fajlovi koristi ovo (http://killbox.net/)

Verovatno ne mozes da obrises fajlove stetocine jer su aktivni, tj. startovani.

Skini sa neta Unlocker (http://ccollomb.free.fr/unlocker/), et viola.

Hvala vam puno,bio sam na tom sajtu i skinuo Sophos Anti virus i mogu vam reci da sam veoma zadovoljan.Sam program je extra i odlicno radi.

Koliko je trial period kod Sophosa? koji je inache ubedljivo najskuplji AV.

Treial period kod sovosa je 30 dana.