Već duže vreme mi povremeno,odnosno veći deo dana ne rade samo ova dva sajta,facebook i youtube,izlazi mi ona poruka da su sajtovi nedostupni.Da li je to neki virus ili šta je u pitanju,šta mi je činiti? Hvala unapred

Koji browser?
Da li se i u drugima ponasa isto?
Probaj da ugasis firewall, pa vidi sta se desava.

Mozda je i hosts file izmenjen...

U svakom  je isto,malo malo pa ne rade duže vreme odnosno ne može da se konektuje na ta dva sajta.Evo probah to da ugasim Zone alarm i ne vredi... 

Hajde preuzmi ovaj programcic:
http://www.bleepingcomputer.com/download/anti-virus/dds

Tu imas opis programa i download link. Sacuvaj ga na Desktop i pokreni ga dvoklikom.

Kada program zavrsi analizu izbacice dva loga. DDS.txt i Attach.txt
Oba loga sacuvaj na Desktop,a potom ih okaci uz sledecu poruku kao attacment (pregled poruke >> dodatne opcije >> Choose File [prikaci file]  )

Aha,evo ih

Cisto te obavestim da trenutno nisam u mogucnosti da ti pregledam log. Mozda kasnije veceras ako ne,sutra.
Cisto da znas...

Ok,hvala ti.

Ovako...vidim sta bi moglo da pravi problem. Ali pre uklanjanje tog problema hteo bih dodatnu analizu tvog sistema.


1.)  Prezumi program koji se zove HelpAsst_mebroot_fix i sacuvaj ga na Desktop.
Download link:
www.noahdfear.net/downloads/HelpAsst/HelpAsst_mebroot_fix.exe

• Privremeno zatvori/zaustavi sve aktivne programe.
  
• Dvoklikom pokreni alat i prati uputstva koja ti bude izbacivao.
  ( Obicno ti izbacuje "pritisni bilo koji taster za nastavak radnje" [press any key to continue...] )
  
  
• Ako alat bude detektovao tragove mbr infekcije dozvoli mu da pokrene ( tj. odradi ) mbr-f.
  
• Kompjuter ce se restartovati.
  
  
• Posle restarta pricekaj nekih 5 minuta ne dirajuci nista. Potom radis sledece:
  
  Start >> Run
  
  Kod:
  helpasst -mbrt
  Enter
  
  note: Primeti razmak izmedju "helpasst" i "-mbrt"
  
  
• Kada alat bude zavrsio,otvorice notepad sa logom. Sadrzaj tog loga kopiraj u temu.
  
  
  2.)  Prezumi program OTL sa donjeg linka na Desktop:
  
  http://oldtimer.geekstogo.com/OTL.exe
  
  
  • Dvoklikom pokreni OTL i klikni Run Scan;
    
  • po zavrsetku skeniranja, logovi ce biti automatski sacuvan na Desktop-u kao OTL.Txt
    
    
  • Prikaci OTL.txt izvestaj uz poruku bas kao sto si okacio DDS.txt log.
    

C:\Documents and Settings\Milos\Desktop\HelpAsst_mebroot_fix.exe
Wed 11/09/2011 at 10:09:55.12

HelpAssistant account Inactive

 ~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

 ~~ Checking firewall ports ~~

  backing up DomainProfile\GloballyOpenPorts\List registry key
  closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"2664:TCP"=-
"3828:TCP"=-
"2070:TCP"=-
"7086:TCP"=-
"3006:TCP"=-
"9928:TCP"=-
"5989:TCP"=-
"1851:TCP"=-
"4617:TCP"=-
"9085:TCP"=-
"5179:TCP"=-
"3851:TCP"=-
"5385:TCP"=-
"7788:TCP"=-
"8146:TCP"=-
"6008:TCP"=-
"7771:TCP"=-
"4726:TCP"=-
"2307:TCP"=-
"2897:TCP"=-
"9490:TCP"=-
"2647:TCP"=-

  backing up StandardProfile\GloballyOpenPorts\List registry key
  closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"2664:TCP"=-
"3828:TCP"=-
"2070:TCP"=-
"7086:TCP"=-
"3006:TCP"=-
"9928:TCP"=-
"5989:TCP"=-
"1851:TCP"=-
"4617:TCP"=-
"9085:TCP"=-
"5179:TCP"=-
"3851:TCP"=-
"5385:TCP"=-
"7788:TCP"=-
"8146:TCP"=-
"6008:TCP"=-
"7771:TCP"=-
"4726:TCP"=-
"2307:TCP"=-
"2897:TCP"=-
"9490:TCP"=-
"2647:TCP"=-

 ~~ Checking profile list ~~

No HelpAssistant profile in registry

 ~~ Checking mbr ~~

 mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Wed 11/09/2011 at 10:18:00.84

Account active               No
Local Group Memberships     

 ~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spbe.sys >>UNKNOWN [0x89E04938]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !

 ~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
   ServiceDll   REG_EXPAND_SZ     %SystemRoot%\System32\termsrv.dll

 ~~ Checking profile list ~~

No HelpAssistant profile in registry

 ~~ Checking for HelpAssistant directories ~~

none found

 ~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


 ~~ EOF ~~

Ovako,zadnji logovi su pokazali tragove aktivnog rootkita. Infekcija je dosla preko USB-a.
- Ne prikacinji USB dok ne zavrsimo ciscenje. To cemo na kraju.


1.)

Iz control Panela deinstaliraj:
Temp File Cleaner DB Toolbar
VShareToolBar
i ako zelis
uTorrentBar Toolbar


2.)

Ponovo pokreni program OTL i u beli okvir prozora gde pise Custom Scans/Fixes iskopiraj sledeci tekst:




Klikni taster Run Fix;


Log koji dobijes iskopiraj ovde u poruci.


3.) Odradi skeniranje sa TDSSKiller-om. Proceduru rada sam opisao ovde. Odradi kao sto je napisano i prikaci mi njegov log uz poruku.
http://forum.burek.com/virus-t559155.msg10013531.html#msg10013531


4.)
Javi stanje.