Вирус пратен по Скайп

lubricant · Януари 9, 2009

Проблема е следният: докато си чатим с една приятелка в ICQ, получавам от нея някакъв файл NAKED-girl (ако някой реши да го види на своя отговорност, качих го тук) по Скайпа. Реших, че е някаква простотия и го приех, но в последствие видях, че тя е офлайн и изобщо не ми е пращала нищо. Отварям файла и изведнъж Скайпа се побърка, започна да разпраща файла на всички от листата ми с контакти, както и аз започнах да получавам от всички и други разновидности като Naked Mom, Naked Dad и т.н, (все всички голи). Преинсталирах скайпа, дори пробвах и с по-стара версия, но всичко се повтаря. Като отворих и браузъра имах и инсталиран add-on от Скайп, който деинсталирах. За сега махнах Скайпа, сканирах с NOD32, но няма нищо засечено. С какво да сканирам и как да отстраня проблема?

VIS · Януари 9, 2009

Опитай сканиране с Malwarebytes' Anti-Malware.

Освен това:

Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.

Изтегли Autoruns, след това стартирай програмата и направи следното:

1) избери Options -> Hide Microsoft and Windows Entries;

2) кликни File -> Refresh;

3) кликни File -> Export...;

4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

lubricant · Януари 9, 2009

Malwarebytes' Anti-Malware 1.32

Database version: 1634

Windows 5.1.2600 Service Pack 3

09.1.2009 г. 15:26:24

mbam-log-2009-01-09 (15-26-14).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 159843

Time elapsed: 50 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows service help (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\SOFTWARE\Players\MV2Player v0.7 + SKins\Sound and AVI edit\Sound Forge\Keygen\Keygen_one.exe (Trojan.Downloader) -> No action taken.

D:\SOFTWARE\Players\MV2Player v0.7 + SKins\Sound and AVI edit\Sound Forge\Keygen\SF8_Retail.exe (Trojan.Downloader) -> No action taken.

D:\SOFTWARE\Players\MV2Player v0.7 + SKins\Sound and AVI edit\Sound Forge\Keygen\SF8_Trial.exe (Trojan.Downloader) -> No action taken.

C:\RECYCLER\S-1-5-21-3883590377-6664118452-932673112-2306\winservices.exe (Trojan.Agent) -> No action taken.

**************************

Logfile of HijackThis v1.99.1

Scan saved at 15:39:17, on 09.1.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\ICQ6\ICQ.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\DOWNLOADS\alabala.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/getflash

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

************************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe

+ C-Media Echo Control EchoCtrl MFC Application c:\program files\pci audio applications\bin\echoctrl.exe

+ C-Media Mixer Mixer C-Media Electronic Inc. (www.cmedia.com.tw) c:\windows\mixer.exe

+ DAEMON Tools-1033 Virtual DAEMON Manager DAEMON'S HOME c:\program files\d-tools\daemon.exe

+ egui Eset GUI ESET c:\program files\eset\eset nod32 antivirus\egui.exe

+ NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation c:\windows\system32\nvmctray.dll

+ nwiz NVIDIA nView Wizard, Version 111.32 NVIDIA Corporation c:\windows\system32\nwiz.exe

+ RemoteControl PowerDVD RC Service Cyberlink Corp. c:\program files\cyberlink\powerdvd\pdvdserv.exe

+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe

+ SunJavaUpdateSched Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe

+ WinampAgent File not found: C:\Program Files\Winamp\winampa.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup

+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe

+ Adobe Reader Synchronizer.lnk c:\program files\adobe\reader 8.0\reader\adobecollabsync.exe

C:\Documents and Settings\Antratzit\Start Menu\Programs\Startup

+ Rainlendar.lnk Rainlendar Rainy c:\program files\rainlendar\rainlendar.exe

+ Stardock ObjectDock.lnk ObjectDock Stardock c:\program files\stardock\objectdock\objectdock.exe

+ Yahoo! Widget Engine.lnk Yahoo! Widget Engine Yahoo! Inc. c:\program files\yahoo!\yahoo! widget engine\yahoowidgetengine.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ BitTorrent DNA DNA BitTorrent, Inc. c:\program files\dna\btdna.exe

+ ICQ ICQ Library ICQ, Inc. c:\program files\icq6\icq.exe

+ Skype Skype. Take a deep breath Skype Technologies S.A. c:\program files\skype\phone\skype.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ Eset Smart Security - Context Menu Shell Extension Shell Extension ESET c:\program files\eset\eset nod32 antivirus\shellext.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ cm_Main Shell extension for Folder Marker ArcticLine Software c:\program files\folder marker\shellext.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ Eset Smart Security - Context Menu Shell Extension Shell Extension ESET c:\program files\eset\eset nod32 antivirus\shellext.dll

+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

+ 00nView NVIDIA Desktop Explorer, Version 111.32 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ cm_Main Shell extension for Folder Marker ArcticLine Software c:\program files\folder marker\shellext.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 111.32 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 111.32 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Eset Smart Security - Context Menu Shell Extension Shell Extension ESET c:\program files\eset\eset nod32 antivirus\shellext.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 111.32 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

+ IeCatch5 Class jccatch Module FlashGet c:\program files\flashget\jccatch.dll

+ Java Plug-In 2 SSV Helper Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll

+ Java Plug-In SSV Helper Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\ssv.dll

+ JQSIEStartDetectorImpl Class Java Quick Starter binary Sun Microsystems, Inc. c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

+ Winamp Toolbar Loader Winamp IE Toolbar Dynamic Link Library AOL LLC. c:\program files\winamp toolbar\winamptb.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ Winamp Search Class Winamp IE Toolbar Dynamic Link Library AOL LLC. c:\program files\winamp toolbar\winamptb.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll

+ Winamp Toolbar Winamp IE Toolbar Dynamic Link Library AOL LLC. c:\program files\winamp toolbar\winamptb.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGet FlashGet FlashGet.com c:\program files\flashget\flashget.exe

+ ICQ6 ICQ Library ICQ, Inc. c:\program files\icq6\icq.exe

HKLM\System\CurrentControlSet\Services

+ ekrn Eset Service ESET c:\program files\eset\eset nod32 antivirus\ekrn.exe

+ JavaQuickStarterService Prefetches JRE files for faster startup of Java applets and applications Sun Microsystems, Inc. c:\program files\java\jre6\bin\jqs.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

HKLM\System\CurrentControlSet\Services

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ cmpci C-Media Audio WDM Driver C-Media Inc c:\windows\system32\drivers\cmaudio.sys

+ d347bus PnP BIOS Extension c:\windows\system32\drivers\d347bus.sys

+ d347prt SCSI miniport c:\windows\system32\drivers\d347prt.sys

+ eamon Eset file on-access scanner ESET c:\windows\system32\drivers\eamon.sys

+ easdrv Eset AntiStealth driver ESET c:\windows\system32\drivers\easdrv.sys

+ epfwtdir EPFW Filter Driver c:\windows\system32\drivers\epfwtdir.sys

+ ET5Drv Generic Port I/O Windows ® 2000 DDK provider c:\windows\system32\drivers\et5drv.sys

+ gdrv GIGABYTE Tools Windows ® 2000 DDK provider c:\windows\gdrv.sys

+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 169.21 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ pcouffin low level access layer for CD/DVD/BD devices VSO Software c:\windows\system32\drivers\pcouffin.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ RTLE8023xp Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtenicxp.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ SONYPVU1 Sony USB Lower Filter driver Sony Corporation c:\windows\system32\drivers\sonypvu1.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

*********************

Това са резултатите. С първата програма ми даде, че C:\RECYCLER\S-1-5-21-3883590377-6664118452-932673112-2306\winservices.exe (Trojan.Agent) не може да бъде изтрито (а то е най-съмнително). А сега?

rumenlalov · Януари 9, 2009

Опитай с SUPERAntiSpyware Free 4.24.1004 смятам че ще реши проблема.

yordanp · Януари 9, 2009

Здравейте! И аз имам подобен проблем, получих от една приятелка съобщение със линк реклама на някво приложение на скайп (Скайп строение 2.5) - http://skype.martinmarinov.info И нали съм си любопитен проверих за кво става въпрос та чак си изтеглих програмата :( В последствие разбрах, че тя не ми е изпращала нищо и този спам се изпращал верижно по мрежата, и изтрих изтегления файл. Въпросът е, как да разбера дали това е вирус и има ли изобщо някви вредни последствия върху скайпа ми? Напавих следните действия:

Сканирах със Malwarebytes' Anti-Malware -там нищо не ми засече;

Сканирах със SUPERAntiSpyware Free 4.24.1004 , ето лог файла;

Прикрепям лог файлове от HijackThis 1.99.1 и Autoruns

SUPERAntiSpyware Scan Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/09/2009 at 11:25 PM

Application Version : 4.23.1006

Core Rules Database Version : 3661
Trace Rules Database Version: 1641

Scan type : Complete Scan
Total Scan Time : 00:14:49

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 4866
Registry threats detected : 0
File items scanned : 14612
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Jordan\Cookies\jordan@tns-counter[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@rambler[1].txt

Logfile of HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 00:10:54, on 10.1.2009 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kana Launcher\Launcher.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\QIP.Online\qiponline.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\seba14mods\µtorrent 1.8.1 (build 12616) Leecher Pack\utorrent 1.8.1 (12616)_mult100_seeder.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\(8) INSTAL\New Folder\1 Gotovi\Antyvirus\Special\alabala\alabala.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Kana Launcher] C:\Program Files\Kana Launcher\Launcher.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [QIP.Online] C:\Program Files\QIP.Online\qiponline.exe auto_start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Digsys.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211125045855
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://193.68.124.87/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01BE598-CFF2-4A8E-ADB3-CFE940B64CF4}: NameServer = 192.92.129.1 193.68.3.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)

Autoruns

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AVP Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exe
C:\Documents and Settings\Jordan\Start Menu\Programs\Startup
+ Digsys.lnk c:\documents and settings\jordan\start menu\programs\startup\digsys.lnk
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ C:\Program Files\NetMeter\NetMeter.exe c:\program files\netmeter\netmeter.exe
+ Kana Launcher Program launcher Kana Solution c:\program files\kana launcher\launcher.exe
+ QIP.Online Social Network Messenger Russian Internet Solution c:\program files\qip.online\qiponline.exe
HKLM\SOFTWARE\Classes\Protocols\Handler
+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ SABShellExecuteHook Class ShellExecuteHook SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll
+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ MRACMenu c:\program files\mail.ru\agent\mra\dll\mramenu.dll
+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll
+ ImageResizer ImageResizer Shell Extension VSO Software c:\program files\vso\image resizer\rszshell.dll
+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll
+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll
+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ ACE ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll
+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ ALZip 4.0 Context Menu Shell Extension ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll
+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll
+ Web Anti-Virus statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\scieplgn.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Task Scheduler
+ CAAntiSpywareScan_Daily as Jordan at 00 48.job File not found: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe
+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe
+ AVP Provides protection against computer viruses and another dangerous software. Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
+ Bonjour Service ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762## Apple Computer, Inc. c:\program files\bonjour\mdnsresponder.exe
+ ITMRTSVC Service component for CA Pest Patrol Realtime Protection File not found: C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
+ O&O Defrag O&O Defragmentation Service O&O Software GmbH c:\windows\system32\oodag.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ AmdPPM AMD Processor Driver Advanced Micro Devices c:\windows\system32\drivers\amdppm.sys
+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys
+ Cap7134 cap7134 AVerMedia TECHNOLOGIES, Inc. c:\windows\system32\drivers\cap7134.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ CLEDX Team H2O CLEDX DevWhore Team H2O c:\windows\system32\drivers\cledx.sys
+ CnxEtP Conexant USB WDM Conexant c:\windows\system32\drivers\cnxetp.sys
+ CnxEtU Conexant USB WDM Conexant c:\windows\system32\drivers\cnxetu.sys
+ CnxTgN NDIS 5.0 WAN driver for PCI ADSL adapter Conexant Systems Inc. c:\windows\system32\drivers\cnxtgn.sys
+ ctsfm2k SoundFont® Manager (WDM) Creative Technology Ltd c:\windows\system32\drivers\ctsfm2k.sys
+ EL90X File not found: system32\DRIVERS\el90xnd5.sys
+ FileDisk FileDisk Virtual Disk Driver iolo technologies, LLC (based on original work by Bo Branten) c:\windows\system32\drivers\filedisk.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys
+ klif Klif Kaspersky Lab c:\windows\system32\drivers\klif.sys
+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys
+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys
+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys
+ ossrv Creative OS Services Driver (WDM) Creative Technology Ltd. c:\windows\system32\drivers\ctoss2k.sys
+ P17 File not found: system32\drivers\P17.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PCLEPCI PCLEPCI Pinnacle Systems GmbH c:\windows\system32\drivers\pclepci.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ pfc Padus® ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ PhTVTune WDM Video TV Tuner MiniDriver AVerMedia TECHNOLOGIES, Inc. c:\windows\system32\drivers\phtvtune.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ SASDIFSV SASDIFSV.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasdifsv.sys
+ SASENUM SASENUM.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasenum.sys
+ SASKUTIL SASKUTIL.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\saskutil.sys
+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ ssm_bus Samsung Mobile USB Device II 1.0 Driver MCCI c:\windows\system32\drivers\ssm_bus.sys
+ ssm_mdm Samsung Mobile USB Port II 1.0 Drivers MCCI c:\windows\system32\drivers\ssm_mdm.sys
+ STIrUsb NDIS 5.0 USB Infra-Red Driver SigmaTel, Inc. c:\windows\system32\drivers\irstusb.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ OODBS O&O BootTimeDefrag O&O Software GmbH c:\windows\system32\oodbs.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ !SASWinLogon SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll
+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll
+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider Apple Computer, Inc. c:\program files\bonjour\mdnsnsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ LIDIL Language Monitor LanguageMonitor Hewlett-Packard Company c:\windows\system32\hpzll3xu.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AutorunsDisabled\Authentication Packages
+ C:\WINDOWS\system32\yaywtTjK File not found: C:\WINDOWS\system32\yaywtTjK

did333 · Януари 9, 2009

Проблема е следният: докато си чатим с една приятелка в ICQ, получавам от нея някакъв файл NAKED-girl (ако някой реши да го види на своя отговорност, качих го тук) по Скайпа. Реших, че е някаква простотия и го приех, но в последствие видях, че тя е офлайн и изобщо не ми е пращала нищо. Отварям файла и изведнъж Скайпа се побърка, започна да разпраща файла на всички от листата ми с контакти, както и аз започнах да получавам от всички и други разновидности като Naked Mom, Naked Dad и т.н, (все всички голи). Преинсталирах скайпа, дори пробвах и с по-стара версия, но всичко се повтаря. Като отворих и браузъра имах и инсталиран add-on от Скайп, който деинсталирах. За сега махнах Скайпа, сканирах с NOD32, но няма нищо засечено. С какво да сканирам и как да отстраня проблема?

И аз имам абсолютно същия проблем с naked-dad обаче,някакъв ужас е. И какво вече няма да мога да използвам скайп ли :( явно тези дни е бумът на разпространение на този вирус.

Night_Raven · Януари 9, 2009

1. Това не е вирус. Знам, че всички са свикнали да наричат опасностите под общото наименование "вирус", но все пак не е правилно.

2. Да ви пита човек защо отваряте подобни файлове. Не искам да звуча обидно, но колко глупав трябва да е човек, за да отвори подобен изпълним файл?

3. Опитайте с ComboFix: потвърждавате с Yes в началото и изчаквате да се сканира, като отговаряте с Y (и Enter), ако бъдете запитани нещо. След това рестартирате системата.

yordanp · Януари 10, 2009

Стартирах инсталирането на ComboFix и веднага ми изпищя Касперския Вижте на картинката, вирус ли е това, да го прескоча ли?

lubricant · Януари 10, 2009

При мен нещата се оправиха, хиляди благодарности на @VIS за съдействието и помоща

2. Да ви пита човек защо отваряте подобни файлове. Не искам да звуча обидно, но колко глупав трябва да е човек, за да отвори подобен изпълним файл?

Винаги, котато получавам подобни файлове или линкове са били от непознати абонати, които откланям. Но когато ти се изпраща от някой от листата е много лесно да се приеме на доверие...

Night_Raven · Януари 10, 2009

Стартирах инсталирането на ComboFix и веднага ми изпищя Касперския Вижте на картинката, вирус ли е това, да го прескоча ли?

Не, не е вирус или каквато и да било заплаха. Изглежда подозрително по принцип и Kaspersky пищи като ощипана мома. Между другото, докато ComboFix си върши работата ще е добре да спреш всички други процеси, дори и антивирусната.

yordanp · Януари 10, 2009

Не, не е вирус или каквато и да било заплаха. Изглежда подозрително по принцип и Kaspersky пищи като ощипана мома. Между другото, докато ComboFix си върши работата ще е добре да спреш всички други процеси, дори и антивирусната.

Спрях касперски и сканирах, има ли нещо нередовно във лог файла?

log.txt

Night_Raven · Януари 10, 2009

Логът не е толкова важен в случая. Ти кажи дали проблемът е решен.

yordanp · Януари 10, 2009

Логът не е толкова важен в случая. Ти кажи дали проблемът е решен.

В момента нямам проблеми, помислих че логът би подсказал за евентуални нередности.

mathur · Януари 10, 2009

Привет ето това е моят резултат от отварянето на подобен файл;

Malwarebytes' Anti-Malware 1.32

Версия на базата от данни: 1618

Windows 5.1.2600 Service Pack 2

2009-01-10 17:56:16

mbam-log-2009-01-10 (17-56-16).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|)

Сканирани обекти: 76746

Изминало време: 13 minute(s), 33 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 1

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 10

Заразени процеси в паметта:

(Нямаше открити заплахи)

Заразени модули в паметта:

(Нямаше открити заплахи)

Заразени ключове в регистратурата:

(Нямаше открити заплахи)

Заразени стойности в регистратурата:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows service help (Trojan.Agent) -> Quarantined and deleted successfully.

Заразени информационни обекти в регистратурата:

(Нямаше открити заплахи)

Заразени папки:

(Нямаше открити заплахи)

Заразени файлове:

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sysdrv32.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP29\A0002531.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP29\A0003530.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP31\A0003762.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP35\A0003867.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP38\A0004055.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP38\A0004120.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP38\A0005119.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{94B3A16A-5D67-49B3-8964-427F32B4E82D}\RP54\A0015112.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-7365648071-2704009798-137313718-4587\winservices.exe (Trojan.Agent) -> Delete on reboot.

krasteva · Януари 10, 2009

аз имам същия проблем и искам да знам как точно да се избавя от това досано нещо. Изчетох какво точно пише по-горе, но не ми стана ясно дали действа. Предварително благодаря.

Вирус пратен по Скайп

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation