win32/Fynloski.AA trojan

Retardinjo · 19.4.2012, 12:44

Zdravo,

treba mi mala pomoc.
Antivirus ga je detektovao ali ne moze da ga skine.
Predpostavljam da moram da ga odstranim manuelno, samo mi treba objashnjenje kako

Puno pozdrava i hvala unapred

Basa Mrkalj · 19.4.2012, 14:09

Preuzmi program DDS na desktop http://download.bleepingcomputer.com/sUBs/dds.scr
Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt na http://pastebin.com/

Klikni Submit pa kopiraj link sa izvestajem u poruci

Retardinjo · 19.4.2012, 14:49

Uradio

http://pastebin.com/BE0h3aWk

Hvala na pomoci

Basa Mrkalj · 19.4.2012, 15:19

C:\Users\Mata\AppData\Roaming\feederico.exe

Posalji ovaj fajl na https://www.virustotal.com/

Okaci link sa izvestajem ovde.

Retardinjo · 19.4.2012, 16:43

https://www.virustotal.com/file/cdde...is/1334846513/

Uradio

Basa Mrkalj · 19.4.2012, 17:08

Preuzmi na desktop http://oldtimer.geekstogo.com/OTM.exe

U levi prozor programa ispod Paste Instructions for Items to be Moved) kopiraj:

Kod:

:files
C:\Users\Mata\AppData\Roaming\dclogs
C:\Users\Mata\AppData\Roaming\feederico.exe

:commands
[purity]
[emptytemp]
[Reboot]

Klikni MoveIt

Prihvati restart i kopiraj mi log.

Ujedno javi da li Nod jos uvek prijavljuje.

Retardinjo · 19.4.2012, 17:16

Ok uradio sam kako si mi rekao

All processes killed
========== FILES ==========
C:\Users\Mata\AppData\Roaming\dclogs folder moved successfully.
C:\Users\Mata\AppData\Roaming\feederico.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mata
->Temp folder emptied: 17497384511 bytes
->Temporary Internet Files folder emptied: 66939715 bytes
->Java cache emptied: 17363670 bytes
->FireFox cache emptied: 377030356 bytes
->Google Chrome cache emptied: 390582259 bytes
->Flash cache emptied: 198097 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29403023 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 311790 bytes
RecycleBin emptied: 9450202577 bytes

Total Files Cleaned = 26,541.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 04192012_171431

Files moved on Reboot...
C:\Users\Mata\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully.
C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\1\7D\68774d01 moved successfully.
C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

Sada cu da vidim josh da li Nod prijavljuje neshto
Edit:
Nishta, 0 infected files, mislim da je to to.
Basa hvala puno na pomoci

Basa Mrkalj · 19.4.2012, 18:23

Pokreni OTM i klikni CleanUp.

Retardinjo · 19.4.2012, 18:59

Uradio i reboot-ovao

Basa Mrkalj · 19.4.2012, 19:09

OK, pozz.

borisgut · 2.5.2012, 22:23

Skini Malwarebytes Anti-Malware i skeniraj racunar,i log postavi ovde.

19.4.2012, 12:44	#1
Retardinjo Član Član od: 9.8.2009. Poruke: 177 Zahvalnice: 161 Zahvaljeno 173 puta na 38 poruka	win32/Fynloski.AA trojan Zdravo, treba mi mala pomoc. Antivirus ga je detektovao ali ne moze da ga skine. Predpostavljam da moram da ga odstranim manuelno, samo mi treba objashnjenje kako Puno pozdrava i hvala unapred

19.4.2012, 14:09	#2
Basa Mrkalj V.I.P. Zaštita Član od: 18.5.2008. Lokacija: Prokuplje Poruke: 1.505 Zahvalnice: 5 Zahvaljeno 425 puta na 385 poruka	Re: win32/Fynloski.AA trojan Preuzmi program DDS na desktop http://download.bleepingcomputer.com/sUBs/dds.scr Dvoklikom pokreni DDS Sacekaj malo, izbacice ti dva loga Kopiraj mi log DDS.txt na http://pastebin.com/ Klikni Submit pa kopiraj link sa izvestajem u poruci

19.4.2012, 14:49	#3
Retardinjo Član Član od: 9.8.2009. Poruke: 177 Zahvalnice: 161 Zahvaljeno 173 puta na 38 poruka	Re: win32/Fynloski.AA trojan Uradio http://pastebin.com/BE0h3aWk Hvala na pomoci

19.4.2012, 15:19	#4
Basa Mrkalj V.I.P. Zaštita Član od: 18.5.2008. Lokacija: Prokuplje Poruke: 1.505 Zahvalnice: 5 Zahvaljeno 425 puta na 385 poruka	Re: win32/Fynloski.AA trojan C:\Users\Mata\AppData\Roaming\feederico.exe Posalji ovaj fajl na https://www.virustotal.com/ Okaci link sa izvestajem ovde.

19.4.2012, 16:43	#5
Retardinjo Član Član od: 9.8.2009. Poruke: 177 Zahvalnice: 161 Zahvaljeno 173 puta na 38 poruka	Re: win32/Fynloski.AA trojan https://www.virustotal.com/file/cdde...is/1334846513/ Uradio

*Sledeći korisnik se zahvaljuje korisniku Basa Mrkalj* na korisnoj poruci:**
Retardinjo (19.4.2012)

19.4.2012, 17:08	#6
Basa Mrkalj V.I.P. Zaštita Član od: 18.5.2008. Lokacija: Prokuplje Poruke: 1.505 Zahvalnice: 5 Zahvaljeno 425 puta na 385 poruka	Re: win32/Fynloski.AA trojan Preuzmi na desktop http://oldtimer.geekstogo.com/OTM.exe U levi prozor programa ispod Paste Instructions for Items to be Moved) kopiraj: Kod: :files C:\Users\Mata\AppData\Roaming\dclogs C:\Users\Mata\AppData\Roaming\feederico.exe :commands [purity] [emptytemp] [Reboot] Klikni MoveIt Prihvati restart i kopiraj mi log. Ujedno javi da li Nod jos uvek prijavljuje.

19.4.2012, 17:16	#7
Retardinjo Član Član od: 9.8.2009. Poruke: 177 Zahvalnice: 161 Zahvaljeno 173 puta na 38 poruka	Re: win32/Fynloski.AA trojan Ok uradio sam kako si mi rekao All processes killed ========== FILES ========== C:\Users\Mata\AppData\Roaming\dclogs folder moved successfully. C:\Users\Mata\AppData\Roaming\feederico.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mata ->Temp folder emptied: 17497384511 bytes ->Temporary Internet Files folder emptied: 66939715 bytes ->Java cache emptied: 17363670 bytes ->FireFox cache emptied: 377030356 bytes ->Google Chrome cache emptied: 390582259 bytes ->Flash cache emptied: 198097 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29403023 bytes %systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 311790 bytes RecycleBin emptied: 9450202577 bytes Total Files Cleaned = 26,541.00 mb OTM by OldTimer - Version 3.1.19.0 log created on 04192012_171431 Files moved on Reboot... C:\Users\Mata\AppData\Local\Temp\FXSAPIDebugLogFil e.txt moved successfully. C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\1\7D\68774d01 moved successfully. C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_001_ moved successfully. C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_002_ moved successfully. C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_003_ moved successfully. C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\Mata\AppData\Local\Mozilla\Firefox\Profil es\po3jrqic.default\urlclassifier3.sqlite moved successfully. Registry entries deleted on Reboot... Sada cu da vidim josh da li Nod prijavljuje neshto Edit: Nishta, 0 infected files, mislim da je to to. Basa hvala puno na pomoci Poslednja ispravka: Retardinjo (19.4.2012 u 18:21)

19.4.2012, 18:23	#8
Basa Mrkalj V.I.P. Zaštita Član od: 18.5.2008. Lokacija: Prokuplje Poruke: 1.505 Zahvalnice: 5 Zahvaljeno 425 puta na 385 poruka	Re: win32/Fynloski.AA trojan Pokreni OTM i klikni CleanUp.

19.4.2012, 18:59	#9
Retardinjo Član Član od: 9.8.2009. Poruke: 177 Zahvalnice: 161 Zahvaljeno 173 puta na 38 poruka	Re: win32/Fynloski.AA trojan Uradio i reboot-ovao

19.4.2012, 19:09	#10
Basa Mrkalj V.I.P. Zaštita Član od: 18.5.2008. Lokacija: Prokuplje Poruke: 1.505 Zahvalnice: 5 Zahvaljeno 425 puta na 385 poruka	Re: win32/Fynloski.AA trojan OK, pozz.

2.5.2012, 22:23	#11
borisgut Veteran Član od: 22.3.2009. Poruke: 508 Zahvalnice: 119 Zahvaljeno 107 puta na 85 poruka	Re: win32/Fynloski.AA trojan Skini Malwarebytes Anti-Malware i skeniraj racunar,i log postavi ovde.

Slične teme
tema	temu započeo	forum	Odgovora	Poslednja poruka
AVG Internet Security + Trojan hunter 5	Saša-77	Zaštita	7	14.10.2011 14:07
Trojan Downloader	jingles	Zaštita	5	21.7.2009 8:47
Win32 Inject Trojan	krofnica84	Zaštita	3	13.11.2008 8:41
Varijacija na temu: Trojan Agent	glitch	Zaštita	4	10.9.2008 17:52
Anti Trojan i ...	CorvetteC5	Zaštita	1	9.2.2008 22:32