Prijava na forum:
Ime:
Lozinka:
Prijavi me trajno:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:

ConQUIZtador
Trenutno vreme je: 24. Dec 2024, 03:21:56
nazadnapred
Korisnici koji su trenutno na forumu 0 članova i 0 gostiju pregledaju ovu temu.

 Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Idi dole
Stranice:
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Tema: trojan downloader win32.zlog  (Pročitano 582 puta)
26. Apr 2007, 13:35:03
Zodijak
Pol
Poruke 1
OS
Windows XP
Browser
Internet Explorer 6.0
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bni   File: C:\System Volume Information\_restore{0334FBA2-D40E-4E00-92ED-B6D4D18A98FA}\RP274\A0138030.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bov   File: C:\System Volume Information\_restore{0334FBA2-D40E-4E00-92ED-B6D4D18A98FA}\RP274\A0144877.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bni   File: C:\System Volume Information\_restore{0334FBA2-D40E-4E00-92ED-B6D4D18A98FA}\RP274\A0148486.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bov   File: C:\System Volume Information\_restore{0334FBA2-D40E-4E00-92ED-B6D4D18A98FA}\RP276\A0151687.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bni   File: C:\System Volume Information\_restore{0334FBA2-D40E-4E00-92ED-B6D4D18A98FA}\RP276\A0151690.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bov   File: C:\Program Files\Video Access ActiveX Object\iesuninst.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.bni   File: C:\Program Files\Video Access ActiveX Object\pmunst.exe

ovo je iz kasperskog...

a ovo je hijack report

Logfile of HijackThis v1.99.1
Scan saved at 13:24:28, on 26.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cfmu.eurocontrol.int/cfmu/public/subsite_homepage/homepage.html
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://192.168.10.40:7778/"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\z6426u5h.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\z6426u5h.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{80140B87-55A2-463A-A962-9559392E3D0C}: NameServer = 10.0.1.12
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

-----------------

shta da radim, pomoc....

kaspersky je navodno obrisao, ali, mislim da ce se opet vratiti cim restartujem racunar...

imace, virus je najvjerovatnoje pokupljen instalacijom video access active x objects... pojma nemam shta je to, samo znam da ga je nemoguce uninstalirati...

pomoc oko procedure???
 
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows XP
Browser
Opera 9.02
iskljuci system restore
restart u safe mode-u (F8)
pokreni opet HJT, nek izlista,fix-uj sledece:

O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -

Pokreni anti virus dok si u safe mode-u , obrisi sve sto nadje
Podigni win regularno
ocisty registry sa nekim registry alatom
pokreni HJT opet i odradi scan ponovo,ako se problem ponavlja, mozes ponovo okaciti log da nastavimo.ali samo ako si uradio prethodno napomenuto.

Mozes i da skines RogueRemover koji je free i ima "pik" na video activex objekte ... mada bi kaspersky trebalo da ga pojede.
Skeniraj sa spybot search&destroy, sve sto nadje obrishi ...

« Poslednja izmena: 26. Apr 2007, 16:59:30 od MunkaZe »
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Idi gore
Stranice:
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Trenutno vreme je: 24. Dec 2024, 03:21:56
nazadnapred
Prebaci se na:  

Poslednji odgovor u temi napisan je pre više od 6 meseci.  

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

web design

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Nova godina Beograd :: nova godina restorani :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Alfaprevod

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.

Copyright © 2002- "Burek.com", all rights reserved. Performance: 0.148 sec za 18 q. Powered by: SMF. © 2005, Simple Machines LLC.