|
Zaštita Virusi, anti-virus programi, firewall... |
|
Alatke vezane za temu | Vrste prikaza |
2.7.2011, 12:27 | #1 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Backdoor.IRCBot
Ne pomaze malwarebytes, ova gamad se sve vise i vise razmnozavaju...poslije svakog skeniranja broj im se udvostruci ! OS je XP sp3 !
evo logovi ako ko moze pomoci: Memory Processes Infected: c:\WINDOWS\aadrive32.exe (Backdoor.IRCBot) -> 940 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Microsoft Driver Setup (Backdoor.IRCBot) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\Microsoft Driver Setup (Backdoor.IRCBot) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Tnaww (Worm.AutoRun.Gen) -> Value: Tnaww -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\12CFG214-K641-12SF-N85P (Trojan.SpyEyes) -> Value: 12CFG214-K641-12SF-N85P -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Adware.Agent) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe) Good: () -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quarantined and deleted successfully. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Delete on reboot. Files Infected: c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Adware.Agent) -> Delete on reboot. c:\documents and settings\administrator\application data\dbnonr.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\61KVYZE1\d[1].exe (Adware.Agent) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\Q12NCPUP\d[1].exe (Adware.Agent) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\U9KFQRKD\d[1].exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\06.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\22.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\25.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\42.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\56.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\62.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\70.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\73.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\78.exe (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\aadrive32.exe (Backdoor.IRCBot) -> Delete on reboot. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Worm.AutoRun.Gen) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully. c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully. |
2.7.2011, 12:45 | #2 |
Deo inventara foruma
|
Re: Backdoor.IRCBot
Pozdrav!
Preuzmi sUBSov DDS sa sledece adrese http://www.techsupportforum.com/sectools/sUBs/dds pokreni ga. Zatim idi na www.pastebin.com i na njega nalepi DDS.txt log. Zati mi taj link okaci ovde na forum. |
2.7.2011, 17:42 | #3 |
Član
Član od: 8.5.2010.
Lokacija: Srbija, Nis
Poruke: 499
Zahvalnice: 22
Zahvaljeno 32 puta na 28 poruka
|
Re: Backdoor.IRCBot
Kad sve to ocistis sta ce da ti ostane od sistema?
Moja preporuka format all particije i instalacija novog windows-a. Poslednja ispravka: nighthawk (3.7.2011 u 9:30) Razlog: suvišan citat |
2.7.2011, 17:46 | #4 |
V.I.P. Zaštita
Član od: 30.9.2007.
Lokacija: Hypnos Control Room, Tokyo Metropolitan Government Building
Poruke: 5.914
Zahvalnice: 1.181
Zahvaljeno 1.320 puta na 1.094 poruka
|
Re: Backdoor.IRCBot
^ Oataće sistem u normalnom stanju. Format C: nije potreban uopšte.
|
2.7.2011, 19:30 | #5 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Problem je sto se ne moze izbrisati, *ebena neka gamad....
|
2.7.2011, 19:53 | #6 |
V.I.P. Zaštita
Član od: 30.9.2007.
Lokacija: Hypnos Control Room, Tokyo Metropolitan Government Building
Poruke: 5.914
Zahvalnice: 1.181
Zahvaljeno 1.320 puta na 1.094 poruka
|
Re: Backdoor.IRCBot
Mislim da su ti i USB diskovi zaraženi pa se suzdrži od ubacivanja istih u komp.
|
2.7.2011, 20:28 | #7 |
Deo inventara foruma
|
Re: Backdoor.IRCBot
izvini pogresan link
http://download.bleepingcomputer.com/sUBs/dds.scr ovo preuzmi i okaci mi na pastebin. I nemoj da prikljucujes USB uredjaje dok te ne ocistimo |
2.7.2011, 21:43 | #8 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
odmah cu...
|
2.7.2011, 21:46 | #9 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
|
2.7.2011, 22:25 | #10 |
Deo inventara foruma
|
Re: Backdoor.IRCBot
Vidim da nemas instaliran anti virusni softver no..
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer tokom pokretanja na svaki odgovor odgovori sa yes ili I agree Posle zavrsetka Combofix ce ti izbaciti izvestaj koji mi o5 kopiraj na www.pastebin.com i taj pastebinov link mi nalepi ovde. |
Sledeći korisnik se zahvaljuje korisniku NIx Car na korisnoj poruci: | ||
rocknrolla (3.7.2011) |
3.7.2011, 8:59 | #11 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Pokusao sa ComboFix-om i nakon skeniranja se restartovao i izbacio mi plavi ekran smrti !!!
I opet nista |
3.7.2011, 9:18 | #12 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Uspio iz drugog puta ali ne pomaze... i dalje je pun *ranja, evo log:
http://pastebin.com/9QZ2NzGM Poslednja ispravka: rocknrolla (3.7.2011 u 9:42) |
3.7.2011, 10:08 | #13 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Sad je cist...Poslije ComboFix-a, Malwarebytes je uspjesno odradio posao, hvala velika
|
3.7.2011, 11:37 | #14 |
Deo inventara foruma
|
Re: Backdoor.IRCBot
Ako vec mislis da ti je racunar cist onda uradi sledece:Potrebno je izbrisati combofix. Idi na Start-run i kucaj sledece:
Combofix /Uninstall (razmak izmedju combofix i /uninstall postoji!) Sacekaj da se proces deinstalacije zavrsi. |
Sledeći korisnik se zahvaljuje korisniku NIx Car na korisnoj poruci: | ||
rocknrolla (3.7.2011) |
3.7.2011, 12:00 | #15 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Uradjeno... Thanks
|
3.7.2011, 12:01 | #16 | |
Veteran
Član od: 3.10.2010.
Poruke: 618
Zahvalnice: 25
Zahvaljeno 112 puta na 90 poruka
|
Re: Backdoor.IRCBot
Citat:
HitmanPro: http://hitman-pro.en.softonic.com/download SUPERantispyware free: http://www.superantispyware.com/down...NTISPYWAREFREE Da budes 99% siguran da si "cist" |
|
Sledeći korisnik se zahvaljuje korisniku acafacaa na korisnoj poruci: | ||
rocknrolla (3.7.2011) |
3.7.2011, 12:07 | #17 | |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Citat:
Hvala na predlogu... |
|
3.7.2011, 14:16 | #18 |
Član
Član od: 3.8.2008.
Poruke: 206
Zahvalnice: 17
Zahvaljeno 52 puta na 46 poruka
|
Re: Backdoor.IRCBot
Nema potrebe za dodatnim skenerima.
Posto je NIx Car dao deisntalaciju znaci da aktivne infekcije nema,a nema je. Ovi programi jedino sto mogu naci jeste neki junk file ili da detektuju neki FP Naravno,dodatni skeneri ne mogu da skode,cak naprotiv... |
Sledeći korisnik se zahvaljuje korisniku magna86 na korisnoj poruci: | ||
NIx Car (3.7.2011) |
4.7.2011, 12:17 | #19 |
Član
Član od: 17.5.2011.
Lokacija: Podgorica
Poruke: 385
Zahvalnice: 233
Zahvaljeno 9 puta na 9 poruka
|
Re: Backdoor.IRCBot
Opet su se vratili a nista nisam radio, nisam prikopcavao USB, nisam krstario net-om...
pogledajte log: http://pastebin.com/geN3jqs6 |
4.7.2011, 15:57 | #20 |
Član
Član od: 3.8.2008.
Poruke: 206
Zahvalnice: 17
Zahvaljeno 52 puta na 46 poruka
|
Re: Backdoor.IRCBot
>> Napravi novu sistem restore tacku:
http://bertk.mvps.org/html/createrp.html >> MCShied mora biti aktivan. >> Preuzmi OTM sa ovog linka na Desktop http://oldtimer.geekstogo.com/OTM.exe U levi prozor programa ispod Paste Instructions for Items to be Moved kopiraj ovo. Kod:
:processes killallprocesses :reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dbnonr"=- "Spooler SubSystem App"=- :files c:\documents and settings\administrator\application data\Dbnonr.exe c:\documents and settings\administrator\application data\spoolsv.exe :Commands [purity] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] |
Bookmarks sajtovi |
|
|