Странни вируси...

[alex95sv]

От няколко дни имам проблеми с едни и същи вируси, та реших да задам въпрос на вас има ли начин да ги издиря откъде идват, коя програма ги прави или нещо такова. Вирусите винаги са в Windows\System32 И са под имената x.exe , fo.exe И от 2 дни винаги при по дълъг престой на компютъра се крашва Generic host procces ... или нещо такова... Моята антивирусна е Avira AntiVir Personal - Free Antivirus версия 8.2.0.337 . Ако можете да помогнете с някоя друга програма за търсене на вируси или нещо подобно моля пишете!

Предварително ви благодаря!

След като го засече анти-вирусната ще ви дам скрийншот .

Edit - Качих скрийншота и вече имам нов вирус - at.exe

[Night_Raven]

Препоръчвам ти да сканираш системата си със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

 

Бих ти препоръчал и да разкараш боклука FlexType, но това е леко встрани от темата.

[alex95sv]

Препоръчвам ти да сканираш системата си със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

 

Бих ти препоръчал и да разкараш боклука FlexType, но това е леко встрани от темата.

Сканирах с Malwarebytes' Anti-Malware и ето доклада от сканирането

Malwarebytes' Anti-Malware 1.33
Версия на базата от данни: 1682
Windows 5.1.2600 Service Pack 2

1/23/2009 14:32:36
mbam-log-2009-01-23 (14-32-36).txt

Тип сканиране: Бързо сканиране
Сканирани обекти: 64335
Изминало време: 5 minute(s), 55 second(s)

Заразени процеси в паметта: 0
Заразени модули в паметта: 0
Заразени ключове в регистратурата: 5
Заразени стойности в регистратурата: 0
Заразени информационни обекти в регистратурата: 1
Заразени папки: 0
Заразени файлове: 2

Заразени процеси в паметта:
(Нямаше открити заплахи)

Заразени модули в паметта:
(Нямаше открити заплахи)

Заразени ключове в регистратурата:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msddll (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msddll (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msddll (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:
(Нямаше открити заплахи)

Заразени информационни обекти в регистратурата:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Заразени папки:
(Нямаше открити заплахи)

Заразени файлове:
E:\WINDOWS\system\msddll.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[B-boy/StyLe/]

TrendMicro Sysclean

 

http://www.trendmicro.com/global/en/images/header-logo.gif

 

Изтегли следните 3-части:

 

[*]Sysclean Package

[*]Virus Pattern Files - Official Pattern Release

[*]Spyware Pattern Files - Detection and Cleanup (Trend Micro Anti-Spyware) – Ssapiptn.Da5

 

Направи папка на дял C:\ (или на десктопа) с име TrendMicro

Копирай там и 3-те изтеглени файлове.

Разархивирай файловете lpt789.zip и ssapiptn727.zip.

Стартирай sysclean.com => увери се, че следните отметки са поставени:

 

http://img293.imageshack.us/img293/6662/74939363qc7.jpg

 

Избери бутона SCAN.

След края на проверката, отвори отново папката C:\TrendMicro и копирай съдържанието на лог файла в следващия си пост.sysclean.log

 

След това, изпълни инструкциите от тази тема и публикувай логовете в следващия си пост. Тук ще видиш и правилните настройки (според мен) за антивирусната си програма.Направи ги, направи update на дефинициите и пусни пълна проверка на компютъра.

 

http://forums.softvisia.com/index.php?s=&a...ost&p=63648

 

Това е упорита гадина, която се маха НАПЪЛНО само и единствено с помощта на допълнителни инструменти.

Цял месец се боря с нея в различни теми и на лични съобщения.

Следните инструменти не се препоръчват за ежедневна употреба, но в случая имам нужда от тяхната информация.

Ще имам възможност да анализирам логовете чак след 24.00 ч. тъй като съм на работа в момента.

Ако някой реши да ме замести по-рано нямам нищо против...

[alex95sv]

Ето го лог файла който поиска B-boy/StyLe/ . Дано да успееш да ми помогнеш

 

/--------------------------------------------------------------\
|				  Trend Micro System Cleaner				  |
|			Copyright 2006-2007, Trend Micro, Inc.			|
|				   http://www.antivirus.com				   |
\--------------------------------------------------------------/


2009-01-23, 15:20:46,   Auto-clean mode specified.
2009-01-23, 15:20:46,   Initialized Rootkit Driver version 2.2.0.1004.
2009-01-23, 15:20:46,   Running scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\TSC.BIN"...
2009-01-23, 15:21:14,   Scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\TSC.BIN" has finished running.
2009-01-23, 15:21:14,   TSC Log:

яюD a m a g e   C l e a n u p   E n g i n e   ( D C E )	 6 . 0 ( B u i l d   1 0 6 4 ) 


W i n d o w s   X P ( B u i l d   2 6 0 0 :   S e r v i c e   P a c k   2 ) 




S t a r t   t i m e   :   ?5BJ:  /=C0@8  2 3   2 0 0 9   1 5 : 2 0 : 4 8 





L o a d   D a m a g e   C l e a n u p   T e m p l a t e   ( D C T )   " E : \ D o c u m e n t s   a n d   S e t t i n g s \ S a s h o \ D e s k t o p \ T r e n d   M i c r o \ T M R D C T . p t n "   ( v e r s i o n   )   [ f a i l ] 


L o a d   D a m a g e   C l e a n u p   T e m p l a t e   ( D C T )   " E : \ D o c u m e n t s   a n d   S e t t i n g s \ S a s h o \ D e s k t o p \ T r e n d   M i c r o \ t s c . p t n "   ( v e r s i o n   1 0 0 8 )   [ s u c c e s s ] 





C o m p l e t e   t i m e   :   ?5BJ:  /=C0@8  2 3   2 0 0 9   1 5 : 2 1 : 1 4 


E x e c u t e   p a t t e r n   c o u n t ( 3 0 3 3 ) ,   V i r u s   f o u n d   c o u n t ( 0 ) ,   V i r u s   c l e a n   c o u n t ( 0 ) ,   C l e a n   f a i l e d   c o u n t ( 0 ) 





2009-01-23, 15:21:14,   Running scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN"...
2009-01-23, 15:29:00,   Scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN" has finished running.
2009-01-23, 15:29:00,   VSCANTM Log:

2009-01-23, 15:29:00,   Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 15:21:14
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

88648 files have been read.
88648 files have been checked.
88647 files have been scanned.
96992 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 15:29:00	7 minutes 45 seconds (465.03 seconds) has elapsed.(5.246 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 15:29:00,   Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 15:21:14
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

88648 files have been read.
88648 files have been checked.
88647 files have been scanned.
96992 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 15:29:00	7 minutes 45 seconds (465.03 seconds) has elapsed.(5.246 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 15:29:00,   Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 15:21:14
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

88648 files have been read.
88648 files have been checked.
88647 files have been scanned.
96992 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 15:29:00	7 minutes 45 seconds (465.03 seconds) has elapsed.(5.246 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 15:29:00,   Running scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN"...
2009-01-23, 16:20:21,   Scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN" has finished running.
2009-01-23, 16:20:21,   VSCANTM Log:

2009-01-23, 16:20:21,   Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 15:29:00
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

146899 files have been read.
146899 files have been checked.
146761 files have been scanned.
281107 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 16:20:20	51 minutes 19 seconds (3079.41 seconds) has elapsed.(20.963 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 16:20:21,   Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 15:29:00
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

146899 files have been read.
146899 files have been checked.
146761 files have been scanned.
281107 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 16:20:20	51 minutes 19 seconds (3079.41 seconds) has elapsed.(20.963 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 16:20:21,   Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 15:29:00
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

146899 files have been read.
146899 files have been checked.
146761 files have been scanned.
281107 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 16:20:20	51 minutes 19 seconds (3079.41 seconds) has elapsed.(20.963 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 16:20:21,   Running scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN"...
2009-01-23, 17:07:58,   Scanner "E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN" has finished running.
2009-01-23, 17:07:58,   VSCANTM Log:

2009-01-23, 17:07:58,   Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 16:20:21
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR E:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UWOR6HDY\p[1].txt [BKDR_RBOT.PA]
E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UWOR6HDY\p[2].txt [BKDR_RBOT.PA]
E:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WNELQOJN\p[1].txt [BKDR_RBOT.PA]
E:\Documents and Settings\Sasho\My Documents\my documents 2\WebcamMax 4.0.8.0\Patch-Fawkes\WebcamMax.v4.0.8.0.patch-Fawkes.exe [TROJ_ZEROML.JA]
E:\Documents and Settings\Sasho\My Documents\my documents 2\WebcamMax.v4.0.8.0.Incl.CR.rar (1/542 Viruses Found)
E:\Program Files\WebcamMax\WebcamMax.v4.0.8.0.patch-Fawkes.exe [TROJ_ZEROML.JA]
102497 files have been read.
102497 files have been checked.
102444 files have been scanned.
358221 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 17:07:55	47 minutes 33 seconds (2853.06 seconds) has elapsed.(27.836 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 17:07:58,   Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 16:20:21
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR E:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

102497 files have been read.
102497 files have been checked.
102444 files have been scanned.
358221 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 17:07:55	47 minutes 33 seconds (2853.06 seconds) has elapsed.(27.836 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 17:07:58,   Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 1/23/2009 16:20:21
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 789 (359118/359118 Patterns) (2009/01/23) (578900)

Command Line: E:\Documents and Settings\Sasho\Desktop\Trend Micro\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR E:\*.* /P=E:\Documents and Settings\Sasho\Desktop\Trend Micro\lpt$vpn.789 

102497 files have been read.
102497 files have been checked.
102444 files have been scanned.
358221 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At: 1/23/2009 17:07:55	47 minutes 33 seconds (2853.06 seconds) has elapsed.(27.836 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-01-23, 17:07:58,   Running SSAPI scanner ""...
2009-01-23, 17:48:51,   SSAPI Log:

SSAPI Scanner Version: 1.0.1003
SSAPI Engine Version: 5.2.1032
SSAPI Pattern Version: 7.27
SSAPI Anti-Rootkit Version: 2.2.0.1004

Spyware Scan Started: 01/23/2009 17:08:01


SSAPI requires the system to reboot.
Detected Items:
[CLEAN SUCCESS][Cookie_2o7] Internet Explorer Cache\2o7.net,Cookie:sasho@2o7.net/,E:\Documents and Settings\Sasho\Cookies\sasho@2o7[2].txt
[CLEAN SUCCESS][Cookie_YieldManager] Internet Explorer Cache\ad.yieldmanager.com,Cookie:sasho@ad.yieldmanager.com/,E:\Documents and Settings\Sasho\Cookies\sasho@ad.yieldmanager[2].txt
[CLEAN SUCCESS][Cookie_Apmebf] Internet Explorer Cache\apmebf.com,Cookie:sasho@apmebf.com/,E:\Documents and Settings\Sasho\Cookies\sasho@apmebf[1].txt
[CLEAN SUCCESS][Cookie_Ask] Internet Explorer Cache\ask.com,Cookie:sasho@ask.com/,E:\Documents and Settings\Sasho\Cookies\sasho@ask[2].txt
[CLEAN SUCCESS][Cookie_Atdmt] Internet Explorer Cache\atdmt.com,Cookie:sasho@atdmt.com/,E:\Documents and Settings\Sasho\Cookies\sasho@atdmt[2].txt
[CLEAN SUCCESS][Cookie_DoubleClick] Internet Explorer Cache\doubleclick.net,Cookie:sasho@doubleclick.net/,E:\Documents and Settings\Sasho\Cookies\sasho@doubleclick[1].txt
[CLEAN SUCCESS][Cookie_Hitbox] Internet Explorer Cache\hitbox.com,Cookie:sasho@hitbox.com/,E:\Documents and Settings\Sasho\Cookies\sasho@hitbox[2].txt
[CLEAN SUCCESS][Cookie_Mediaplex] Internet Explorer Cache\mediaplex.com,Cookie:sasho@mediaplex.com/,E:\Documents and Settings\Sasho\Cookies\sasho@mediaplex[1].txt
[CLEAN SUCCESS][Cookie_SpecificClick] Internet Explorer Cache\specificclick.net,Cookie:sasho@specificclick.net/,E:\Documents and Settings\Sasho\Cookies\sasho@specificclick[2].txt
[CLEAN SUCCESS][Adware_Hotbar] C:\AC web ultimate repack\Server\htdocs\Torrent\images\smilies\beer.gif,C:\ACWEBU~1\Server\htdocs\Torrent\images\smilies\beer.gif,23
Detected: 10 items.
Cleaned Success: 10 items.
Clean Failed: 0 items.

Spyware Scan Ended: 01/23/2009 17:48:51
Scan Complete. Time=2451.938477.

[B-boy/StyLe/]

Остава само да провериш с Авира с новите настройки и да дадеш логовете от Smitfraudfix, Combofix, SDFix...

 

Не видях лога и от програмата, която ти препоръча Night_Raven => SUPERAntispyware

[alex95sv]

Сега ще сканирам и ще постна тук . А трябваше ли да направя каквото е описано в тази тема?

[alex95sv]

Eto report ot 1-q file v tazi http://forums.softvisia.com/index.php?s=&a...ost&p=63648 tema

(Mnogo sujelqvam 4e pi6a na latinica, molq za izvinenie, no sum na SafeMode i ne moga da pi6a na kirilica)

SmitFraudFix v2.391

 

Scan done at 19:33:38.98, ЇҐІєЄ 01/23/2009

Run from E:\Documents and Settings\Sasho\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1

85.217.219.179

85.217.208.1

66.98.148.65 auto.search.msn.com

66.98.148.65 auto.search.msn.es

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

 

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport

DNS Server Search Order: 85.217.209.1

DNS Server Search Order: 85.217.192.1

DNS Server Search Order: 212.73.140.66

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D9D47EB4-3310-488C-AC1F-93AF19B71577}: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CS1\Services\Tcpip\..\{D9D47EB4-3310-488C-AC1F-93AF19B71577}: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CS2\Services\Tcpip\..\{D9D47EB4-3310-488C-AC1F-93AF19B71577}: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CS3\Services\Tcpip\..\{D9D47EB4-3310-488C-AC1F-93AF19B71577}: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.217.209.1 85.217.192.1 212.73.140.66

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[B-boy/StyLe/]

Останаха ти само => Combofix, SDFix + SUPERAntispyware + настройките на Авира...

 

Не се безпокой след това ще ги почистим и тях...

 

Засега при теб положението не е толкова страшно...

[Pe6o]

http://img217.imageshack.us/img217/2236/saforum7pa6.jpg

 

VY 73!

[alex95sv]

Добре, ще направя всичко както сте казали. Ей абе тук вие сте най-добрите хора , много помагате за всичко докато в останалите форуми просто ми казват "Ти даже и едно вирусче ли не можеш да махнеш" ... Но явно не е "вирусче" . А да знаете, заради него ли се крашват хостовете (Generic hosts) ? И B-boy/StyLe/ откъде да намеря логовете от SUPERAntispyware ? Сканирах но ...

[B-boy/StyLe/]

Добре, ще направя всичко както сте казали. Ей абе тук вие сте най-добрите хора , много помагате за всичко докато в останалите форуми просто ми казват "Ти даже и едно вирусче ли не можеш да махнеш" ... Но явно не е "вирусче" . А да знаете, заради него ли се крашват хостовете (Generic hosts) ? И B-boy/StyLe/ откъде да намеря логовете от SUPERAntispyware ? Сканирах но ...

 

Ами логовете за SUPERAnyispyware се намират в менюто => Preferences => Statistics /Logs => View Log => Копираш съдържанието му

 

По въпроса с крашването...е възможно да се дължи на много неща. Препоръчително е да изтеглиш всички актуализации за Операционната Система, използвания софтуер и драйверите.

 

Можеш да пробваш да спреш някои услуги с този инструмент Windows Worms Doors Cleaner 1.4.1 (трябва всички отметки да станат в зелен цвят).

 

[alex95sv]

Намерих лога! Благодаря за хелпа

Ето го и въпросния лог от SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2009 at 07:15 PM

Application Version : 4.25.1012

Core Rules Database Version : 3723
Trace Rules Database Version: 1697

Scan type	   : Complete Scan
Total Scan Time : 00:43:11

Memory items scanned	  : 752
Memory threats detected   : 0
Registry items scanned	: 7685
Registry threats detected : 2
File items scanned		: 26196
File threats detected	 : 19

Adware.Tracking Cookie
E:\Documents and Settings\Sasho\Cookies\sasho@ads.pno[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@planetout.122.2o7[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@statcounter[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@rambler[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@8teenboy[2].txt
E:\Documents and Settings\Sasho\Cookies\sasho@msnaccountservices.112.2o7[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@www.thrixxx[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@ehg-warnerbrothers.hitbox[2].txt
E:\Documents and Settings\Sasho\Cookies\sasho@yadro[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@list[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@adbrite[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@ads.ibox[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@ad.investor[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@imrworldwide[2].txt
E:\Documents and Settings\Sasho\Cookies\sasho@ads.pointroll[2].txt
E:\Documents and Settings\Sasho\Cookies\sasho@questionmarket[1].txt
E:\Documents and Settings\Sasho\Cookies\sasho@tommydxxx[1].txt

Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs

Trojan.Unclassified/Loader-Suspicious
D:\DIABLO II 1.10\PLUGIN\LOADER.EXE
D:\DIABLO II 1.12\PLUGIN\LOADER.EXE

 

И програмата която ти ми даде Windows Worms Doors Cleaner 1.4.1 Показа това след като направих другите зелени (Всички са зелени без едно което е жълто)

Прикачвам ерора който ми даде

[B-boy/StyLe/]

Лично аз не виждам място за пристеснение в намереното от SUPERAntispyware.

 

Съобщението на Windows Worms Doors Cleaner би трябвало да изчезне след рестарт на машината.

 

Между другото има нови дефиниции за SUPERAntispyware...Обнови приложението и направи още една проверка:

 

Core Rules Database Version : 3724

Trace Rules Database Version: 1698

 

За Malwarebytes' Anti-malware също:

 

Malwarebytes' Anti-Malware 1.33

Версия на базата от данни: 1685

 

Вече можеш да изтриеш папката на Trend Micro.

[alex95sv]

А да попитам когато ще включвам SmitfraudFix преди това ли да вляза в сейф моде или то ще рестартира компютъра ми? Защото малко се притеснявам нали пише (Safe Mode)

*edit Сега сканирам с новите настройки на авира и с ъпдейтната SUPERAntiSpyware Ще прикрепя файловете към този или към следващия си пост, защото бутона за Редактиране изчезва.

SUPERAntiSpyware_Scan_Log___01_24_2009___14_07_58.rar