Poštovani, od juče mi se u računaru pojavilo neko smeće u vidu Trojan Dailera.
NOD 32 svakih 20 minuta javlja ovakvo upozorenje:
1.  File is: c:/windows/temp/iddCD.tmp.exe (diffrent file every time)
    The program who made this is: c:/windows/temp/winCB.tmp.exe
    Threat: Win32/ Dialer.U trojan

a povremeno i ovo:
2.  File: www. content-loader.com/getexe/?wmid=bgates
    Threat: a variant of Win32/ Dialer.PZ trojan

Pokrenuo sam HiJackThis i on kaže ovo:

Logfile of HijackThis v1.99.1
Scan saved at 23:32:09, on 3.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE


O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{62C5F9A7-D859-4C2E-A0B1-D3E0EF866169}: NameServer = 82.208.208.10 82.208.208.5
O20 - Winlogon Notify: wintuh32 - C:\WINDOWS\SYSTEM32\wintuh32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Molim Vas da mi pomognete da rešim ovu muku. Hvala na strpljenju.

pa ajde pokushaj to da rucno obrishesh c:/windows/temp/iddCD.tmp.exe i c:/windows/temp/winCB.tmp.exe iz safe moda ili iz command prompt-a

O20 - Winlogon Notify: wintuh32 - C:\WINDOWS\SYSTEM32\wintuh32.dll     nesto mi mutan oval dll file 



1.  File is: c:/windows/temp/iddCD.tmp.exe (diffrent file every time)
    The program who made this is: c:/windows/temp/winCB.tmp.exe
    Threat: Win32/ Dialer.U trojan

a povremeno i ovo:
2.  File: www. content-loader.com/getexe/?wmid=bgates
    Threat: a variant of Win32/ Dialer.PZ trojan

obrisi rucno zarazeni fajl,samo preti putanju gde se nalazi....


i skloni nod,generalno je sranje od AV-a,imas top temu za AV-ove gore,procitaj,pogledaj

izgleda da si u pravu za taj dll koliko vidim sad. napravi za svaki slucaj kopiju tog dll-a

Viruscici kako je lijepo sto postoje.Mi sad nebi diskutovali ovdje... Naravno probaj neki bolji antivirus... ili ovo rucno, mada ces tesko ako je malo inteligentniji u sta vjerujem cim postoji ovaj .dll file koga ja nikad nisam imao...   

nemojda pravis kopiju incega,udri po tasteru "del"
ili iz cmd-a probaj ako ne bude hteo ovako "normalno"...

sad proverio po netu...100% taj dll je trojan BRISHI 

Prvo hvala vam sto ste se zainteresovali da mi pomognete.
Drugo, pokušavao sam da izbrisem sve iz Windows/temp, ali to nije resenje, posto se ponovo javlja isti problem.
Hocu da izbrisem onaj *.dll fajl, ali kako da mu pratim put. Pojasnite kako da ga definitivno uništim, molim vas, pa da zasucem rukave.

Rekao sam ti ja da neces moci rucno... Deinstaliraj NOD i skini ili pronadji neki bolji antivirus. Po meni je najbolji Kaspersky, ali se placa. Od besplatnih imas Avast Home... Instaliras...restartuje ti se komp i pri botovanju se podigne Avast koji ce opuhati sve zabusante... Onda samo redovno vrsi update... Budi siguran da ce on to sve lijepo ocistiti 

ovako skini http://ccollomb.free.fr/unlocker/ UNLOCKER

instaliraj ga...

idesh u C:\windows\system32 i trazish taj dll file

probaj da ga obrishesh...nece hteti...onda ce ti se aktivira UNLOCKER i onda klikni na unlock i onda ce ga obrisati.

to ti je jedna od mogucnosti...