virus :: Pc Klinika ~ Doktori za vas kompjuter

Toolbar

Pravilnik foruma

Burek marketing

Najčešća pitanja

Posetite Burek Prodavnicu

Zatvori

BUREK marketing

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: virus (Moderatori: enaB, chelavi1)

Trenutno vreme je: 27. Apr 2024, 14:57:28

Korisnici koji su trenutno na forumu 0 članova i 1 gost pregledaju ovu temu.

Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu!

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Stranice:

2 3

Tema: virus (Pročitano 5746 puta)

sijuksss

05. Okt 2011, 17:52:53

Ucesnik diskusija

Zodijak
Pol
Poruke	53

Mozilla Firefox 7.0

Molim za malu i brzu pomoc kako da najlakse i sto brze obrisem ovaj virus ...Win32/Agent.SDG.Gen trojan in MBR sector of 1. physical drive ( NALAZI SE U BOOT SECTORU )eset smart security ne moze da ga obrise. OS XP PRO SP3. Procito sam par tekstova sa googla ali mi malo nejasno i neznam ddali je to tacno ako ko ima iskustva sa ovim .... unapred hvala

IP sačuvana

Zatvori

savage

Poruka #1

05. Okt 2011, 18:01:19

Prijatelj foruma

Zvezda u usponu

Zodijak
Pol
Poruke	1718
Zastava

	Windows XP
	Opera 11.50
	HTC Sensation

To su neke cudne pricice za viruse u boot sectoru. Tvoj master boot record ima 512 bajtova. Ne moze mnogo virusa tu da stane Smile

. Nego postoje oni koji ti napisu svasta tamo. Cim se ti nama javljas ovde, nisu kod tebe nista pisali Wink

. Tako da nemoj suvise da cupas kosu, nije toliko hitno. Sacekaj da ti se javi neko iz combofix departmenta i ne gubi zivce Smile

IP sačuvana

Zatvori

sijuksss

Poruka #2

05. Okt 2011, 18:02:53

Ucesnik diskusija

Zodijak
Pol
Poruke	53

	Windows XP
	Mozilla Firefox 7.0

IP sačuvana

Zatvori

sijuksss

Poruka #3

05. Okt 2011, 18:31:17

Ucesnik diskusija

Zodijak
Pol
Poruke	53

	Windows XP
	Mozilla Firefox 7.0

http://imageshack.us/photo/my-images/805/unledmp.jpg/

IP sačuvana

Zatvori

savage

Poruka #4

05. Okt 2011, 18:37:09

Prijatelj foruma

Zvezda u usponu

Zodijak
Pol
Poruke	1718
Zastava

	Windows XP
	Opera 11.50
	HTC Sensation

http://www.ntfs.com/mbr-virus.htm

IP sačuvana

Zatvori

genije1

Poruka #5

05. Okt 2011, 18:41:21

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 7.0.1

Ne pisi poruke za redom. Imas opciju Izmeni.

Preuzmi DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds,kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt
Oba izvestaja sacuvaj na Desktop.
Okaci mi DDS.txt

edit:
Info koga zanima
http://www.informacija.rs/Virus/TDL4-Rootkit-zaobilazi-Windows-ovu-zastitnu-sertifikaciju-koda.html
http://www.informacija.rs/Virus/Infekcije-MBR-sektora-ponovo-u-modi.html

//dosta toga se promenilo od pisanja ovog clanka

« Poslednja izmena: 05. Okt 2011, 18:46:22 od genije1 »

IP sačuvana

Zatvori

sijuksss

Poruka #6

05. Okt 2011, 18:51:34

Ucesnik diskusija

Zodijak
Pol
Poruke	53

	Windows XP
	Mozilla Firefox 7.0

ok, hvala... nemam neka iskustva sa ovim zato sam ovako stavljao poruke

IP sačuvana

Zatvori

sijuksss

Poruka #7

05. Okt 2011, 18:57:36

Ucesnik diskusija

Zodijak
Pol
Poruke	53

	Windows XP
	Mozilla Firefox 7.0

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by laza at 18:47:09 on 2011-10-05
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\laza\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoUpdateCheck = 0 (0x0)
IE: &Preuzmi sa FlashGet-om - c:\program files\flashget\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\flashget\jc_all.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FD6521D5-377E-4651-9E49-4FEAEF4FDEBC} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laza\application data\mozilla\firefox\profiles\vlugm29f.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\opera\program\plugins\Npcgm32.dll
FF - plugin: c:\program files\opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-10-06 01:16:42   83064   ----a-w-   c:\windows\system32\drivers\SMR210.SYS
2011-10-06 01:16:42   390   ----a-w-   c:\windows\system32\drivers\SMR210.dat
2011-09-29 08:22:46   --------   d-----w-   c:\documents and settings\all users\application data\Norton
2011-09-28 08:16:30   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-28 05:27:19   1409   ----a-w-   c:\windows\QTFont.for
2011-09-26 08:46:26   --------   d-----w-   c:\documents and settings\laza\application data\SUPERAntiSpyware.com
2011-09-26 08:45:55   --------   d-----w-   c:\documents and settings\all users\application data\!SASCORE
2011-09-26 08:45:51   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-09-26 08:45:51   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-23 07:01:16   839680   ----a-w-   c:\windows\system32\lameACM.acm
2011-09-23 07:01:16   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2011-09-23 07:01:15   74752   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-09-23 07:01:15   650752   ----a-w-   c:\windows\system32\xvidcore.dll
2011-09-23 07:01:15   243200   ----a-w-   c:\windows\system32\xvidvfw.dll
2011-09-17 09:11:18   --------   d-----w-   c:\windows\XSxS
2011-09-16 08:33:11   135032   ----a-w-   c:\windows\system32\drivers\dwprot.sys
2011-09-11 23:42:24   --------   d-----w-   c:\documents and settings\laza\application data\go
2011-09-11 11:09:59   --------   dc-h--w-   c:\windows\ie8
2011-09-11 09:16:00   256000   ----a-w-   c:\windows\PEV.exe
2011-09-11 09:16:00   208896   ----a-w-   c:\windows\MBR.exe
2011-09-11 07:55:43   --------   d-sh--w-   c:\documents and settings\laza\IETldCache
2011-09-11 07:55:43   --------   d-sh--w-   c:\documents and settings\laza\IECompatCache
2011-09-11 07:44:47   --------   d-sh--w-   c:\documents and settings\laza\UserData
.
==================== Find3M ====================
.
2011-09-17 19:54:24   25992   ----a-w-   c:\windows\system32\pgdfgsvc.exe
2011-09-17 06:25:58   5120   ----a-w-   c:\windows\system32\drivers\Stdsys.SYS
.
============= FINISH: 18:47:44.53 ===============

IP sačuvana

Zatvori

genije1

Poruka #8

05. Okt 2011, 19:03:03

Jet set burekdzija

Zodijak
Pol
Poruke	7657

	Windows 7
	Mozilla Firefox 7.0.1

Preuzmi aswMBR program i sacuvaj ga na Desktop

public.avast.com/~gmerek/aswMBR.exe

Pokreni program dvoklikom.
Pod AV Scan sa "Quick Scan" prebaci na " (none) "

Klikni na dugme Scan.

Kada program zavrsi ispisace dole nesto kao "scan complited"
Klikni na Safe Log i log sacuvaj na Desktop.
Log okaci uz poruku kao attachment ( pregled poruke > dodatne opcije > browse )

edit:

// pokretao si Combofix??? Zasto Kad? Log pokazuje ostatke CF-a.

« Poslednja izmena: 05. Okt 2011, 19:04:17 od genije1 »

IP sačuvana

Zatvori

sijuksss

Poruka #9

05. Okt 2011, 19:19:42

Ucesnik diskusija

Zodijak
Pol
Poruke	53

	Windows XP
	Mozilla Firefox 7.0

druze okacicu ovo jer izgleda da nemogu da se snadjem da ovo okacim kako kazes ti verovatno sto sto hocu sto pre da ti odgovorim

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-05 19:01:12
-----------------------------
19:01:12.781 OS Version: Windows 5.1.2600 Service Pack 3
19:01:12.781 Number of processors: 1 586 0x2F02
19:01:12.781 ComputerName: LAZA-A5D72A4F13 UserName: laza
19:01:13.531 Initialize success
19:01:53.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
19:01:53.656 Disk 0 Vendor: ST312082 3.42 Size: 114473MB BusType: 1
19:01:53.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target2Lun0
19:01:53.656 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 1
19:01:53.656 Device \Driver\viamraid -> DriverStartIo SCSIPORT.SYS ba65240e
19:01:53.671 Disk 0 MBR read successfully
19:01:53.671 Disk 0 MBR scan
19:01:53.671 Disk 0 Windows XP default MBR code
19:01:53.671 Disk 0 scanning sectors +234436545
19:01:53.734 Disk 0 scanning C:\WINDOWS\system32\drivers
19:02:11.796 Service scanning
19:02:13.250 Modules scanning
19:02:21.109 Disk 0 trace - called modules:
19:02:21.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
19:02:21.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2bd030]
19:02:21.109 3 CLASSPNP.SYS[ba928fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x8a2d8a38]
19:02:21.109 Scan finished successfully
19:03:10.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laza\Desktop\MBR.dat"
19:03:10.937 The log file has been saved successfully to "C:\Documents and Settings\laza\Desktop\aswMBR.txt"

da combofix sam probao pre par nedelja zbog nekih novih procesa koji su se javili ali on ih nije obrisao vec sam to kasnije resio sa kaspersky rescue disk iz boot , pomalo sumnjam da je to mozda od tada

IP sačuvana

Zatvori

Stranice:

2 3

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: virus (Moderatori: enaB, chelavi1)

Trenutno vreme je: 27. Apr 2024, 14:57:28

Prebaci se na:

Oznake: idm skype sys disk pev tdsskiller sdg rescue mbr gen
virus obrisati agent exe win32 download trojan kaspersky genije1

Upozorenje:ova tema je zaključana!
Samo administratori i moderatori mogu odgovoriti.

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Domaci :: Morazzia :: TotalCar :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Alfaprevod

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.