Toolbar
Pravilnik foruma
Burek marketing
Najčešća pitanja
Posetite Burek Prodavnicu
Prijava na forum:
Ime:
Lozinka:
Prijavi me trajno:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:

Zatvori
ConQUIZtador
banner
BUREK marketing
*
linktree Burek :: Forumi ::  >  Tehnicki deo foruma  >  Pc Klinika ~ Doktori za vas kompjuter
linktree Tema: virus (Moderatori: enaB, chelavi1)
Trenutno vreme je: 25. Okt 2025, 04:35:24
 nazadnapred
Korisnici koji su trenutno na forumu 0 članova i 0 gostiju pregledaju ovu temu.

 Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Idi dole
Stranice:
1
2 3
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Tema: virus  (Pročitano 6750 puta)
Tema opcije Oceni temu
sijuksss
05. Okt 2011, 17:52:53
Ucesnik diskusija

Zodijak
Pol
Poruke 53
Browser
Mozilla Firefox 7.0
Molim za malu i brzu pomoc kako da najlakse i sto brze obrisem ovaj virus ...Win32/Agent.SDG.Gen trojan in MBR sector of 1. physical drive ( NALAZI SE U BOOT SECTORU )eset smart security ne moze da ga obrise. OS  XP  PRO SP3. Procito sam par tekstova sa googla ali mi malo nejasno i neznam ddali je to tacno ako ko ima iskustva sa ovim .... unapred hvala
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
savage
Poruka #1 05. Okt 2011, 18:01:19
Prijatelj foruma
Zvezda u usponu

Zodijak
Pol Muškarac
Poruke 1718
Zastava Vršac
OS
Windows XP
Browser
Opera 11.50
mob
HTC Sensation
To su neke cudne pricice za viruse u boot sectoru. Tvoj master boot record ima 512 bajtova. Ne moze mnogo virusa tu da stane Smile. Nego postoje oni koji ti napisu svasta tamo. Cim se ti nama javljas ovde, nisu kod tebe nista pisali Wink. Tako da nemoj suvise da cupas kosu, nije toliko hitno. Sacekaj da ti se javi neko iz combofix departmenta i ne gubi zivce  Smile
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
sijuksss
Poruka #2 05. Okt 2011, 18:02:53
Ucesnik diskusija

Zodijak
Pol
Poruke 53
OS
Windows XP
Browser
Mozilla Firefox 7.0
ok
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
sijuksss
Poruka #3 05. Okt 2011, 18:31:17
Ucesnik diskusija

Zodijak
Pol
Poruke 53
OS
Windows XP
Browser
Mozilla Firefox 7.0
http://imageshack.us/photo/my-images/805/unledmp.jpg/
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
savage
Poruka #4 05. Okt 2011, 18:37:09
Prijatelj foruma
Zvezda u usponu

Zodijak
Pol Muškarac
Poruke 1718
Zastava Vršac
OS
Windows XP
Browser
Opera 11.50
mob
HTC Sensation
http://www.ntfs.com/mbr-virus.htm
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
genije1
Poruka #5 05. Okt 2011, 18:41:21
Jet set burekdzija

Zodijak Scorpio
Pol
Poruke 7658
OS
Windows 7
Browser
Mozilla Firefox 7.0.1
Ne pisi poruke za redom. Imas opciju Izmeni.

Preuzmi DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.com

Dvoklikom pokreni dds,kad zavrsi, DDS ce otvoriti dva loga:
         1. DDS.txt
         2. Attach.txt
Oba izvestaja sacuvaj na Desktop.
Okaci mi DDS.txt


edit:
Info koga zanima
http://www.informacija.rs/Virus/TDL4-Rootkit-zaobilazi-Windows-ovu-zastitnu-sertifikaciju-koda.html
http://www.informacija.rs/Virus/Infekcije-MBR-sektora-ponovo-u-modi.html

//dosta toga se promenilo od pisanja ovog clanka
« Poslednja izmena: 05. Okt 2011, 18:46:22 od genije1 »
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
sijuksss
Poruka #6 05. Okt 2011, 18:51:34
Ucesnik diskusija

Zodijak
Pol
Poruke 53
OS
Windows XP
Browser
Mozilla Firefox 7.0
ok, hvala... nemam  neka iskustva sa ovim zato sam ovako stavljao poruke
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
sijuksss
Poruka #7 05. Okt 2011, 18:57:36
Ucesnik diskusija

Zodijak
Pol
Poruke 53
OS
Windows XP
Browser
Mozilla Firefox 7.0
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_18
Run by laza at 18:47:09 on 2011-10-05
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\laza\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoUpdateCheck = 0 (0x0)
IE: &Preuzmi sa FlashGet-om - c:\program files\flashget\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\flashget\jc_all.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FD6521D5-377E-4651-9E49-4FEAEF4FDEBC} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\laza\application data\mozilla\firefox\profiles\vlugm29f.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\opera\program\plugins\Npcgm32.dll
FF - plugin: c:\program files\opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-10-06 01:16:42   83064   ----a-w-   c:\windows\system32\drivers\SMR210.SYS
2011-10-06 01:16:42   390   ----a-w-   c:\windows\system32\drivers\SMR210.dat
2011-09-29 08:22:46   --------   d-----w-   c:\documents and settings\all users\application data\Norton
2011-09-28 08:16:30   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-28 05:27:19   1409   ----a-w-   c:\windows\QTFont.for
2011-09-26 08:46:26   --------   d-----w-   c:\documents and settings\laza\application data\SUPERAntiSpyware.com
2011-09-26 08:45:55   --------   d-----w-   c:\documents and settings\all users\application data\!SASCORE
2011-09-26 08:45:51   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-09-26 08:45:51   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-23 07:01:16   839680   ----a-w-   c:\windows\system32\lameACM.acm
2011-09-23 07:01:16   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2011-09-23 07:01:15   74752   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-09-23 07:01:15   650752   ----a-w-   c:\windows\system32\xvidcore.dll
2011-09-23 07:01:15   243200   ----a-w-   c:\windows\system32\xvidvfw.dll
2011-09-17 09:11:18   --------   d-----w-   c:\windows\XSxS
2011-09-16 08:33:11   135032   ----a-w-   c:\windows\system32\drivers\dwprot.sys
2011-09-11 23:42:24   --------   d-----w-   c:\documents and settings\laza\application data\go
2011-09-11 11:09:59   --------   dc-h--w-   c:\windows\ie8
2011-09-11 09:16:00   256000   ----a-w-   c:\windows\PEV.exe
2011-09-11 09:16:00   208896   ----a-w-   c:\windows\MBR.exe
2011-09-11 07:55:43   --------   d-sh--w-   c:\documents and settings\laza\IETldCache
2011-09-11 07:55:43   --------   d-sh--w-   c:\documents and settings\laza\IECompatCache
2011-09-11 07:44:47   --------   d-sh--w-   c:\documents and settings\laza\UserData
.
==================== Find3M  ====================
.
2011-09-17 19:54:24   25992   ----a-w-   c:\windows\system32\pgdfgsvc.exe
2011-09-17 06:25:58   5120   ----a-w-   c:\windows\system32\drivers\Stdsys.SYS
.
============= FINISH: 18:47:44.53 ===============
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
genije1
Poruka #8 05. Okt 2011, 19:03:03
Jet set burekdzija

Zodijak Scorpio
Pol
Poruke 7658
OS
Windows 7
Browser
Mozilla Firefox 7.0.1
Preuzmi aswMBR program i sacuvaj ga na Desktop

public.avast.com/~gmerek/aswMBR.exe

Pokreni program dvoklikom.
Pod AV Scan sa "Quick Scan" prebaci na " (none) "

Klikni na dugme Scan.

Kada program zavrsi ispisace dole nesto kao "scan complited"
Klikni na Safe Log i log sacuvaj na Desktop.
Log okaci uz poruku kao attachment ( pregled poruke > dodatne opcije > browse )


edit:

// pokretao si Combofix??? Zasto Kad? Log pokazuje ostatke CF-a.
« Poslednja izmena: 05. Okt 2011, 19:04:17 od genije1 »
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
sijuksss
Poruka #9 05. Okt 2011, 19:19:42
Ucesnik diskusija

Zodijak
Pol
Poruke 53
OS
Windows XP
Browser
Mozilla Firefox 7.0
druze okacicu ovo jer izgleda da nemogu da se snadjem da ovo okacim kako kazes ti verovatno sto sto hocu sto pre da ti odgovorim

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-05 19:01:12
-----------------------------
19:01:12.781    OS Version: Windows 5.1.2600 Service Pack 3
19:01:12.781    Number of processors: 1 586 0x2F02
19:01:12.781    ComputerName: LAZA-A5D72A4F13  UserName: laza
19:01:13.531    Initialize success
19:01:53.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
19:01:53.656    Disk 0 Vendor: ST312082 3.42 Size: 114473MB BusType: 1
19:01:53.656    Disk 1  \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target2Lun0
19:01:53.656    Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 1
19:01:53.656    Device \Driver\viamraid -> DriverStartIo SCSIPORT.SYS ba65240e
19:01:53.671    Disk 0 MBR read successfully
19:01:53.671    Disk 0 MBR scan
19:01:53.671    Disk 0 Windows XP default MBR code
19:01:53.671    Disk 0 scanning sectors +234436545
19:01:53.734    Disk 0 scanning C:\WINDOWS\system32\drivers
19:02:11.796    Service scanning
19:02:13.250    Modules scanning
19:02:21.109    Disk 0 trace - called modules:
19:02:21.109    ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
19:02:21.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2bd030]
19:02:21.109    3 CLASSPNP.SYS[ba928fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x8a2d8a38]
19:02:21.109    Scan finished successfully
19:03:10.937    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laza\Desktop\MBR.dat"
19:03:10.937    The log file has been saved successfully to "C:\Documents and Settings\laza\Desktop\aswMBR.txt"




da combofix sam probao pre par nedelja  zbog nekih novih procesa koji su se javili ali on ih nije obrisao vec sam to kasnije resio sa kaspersky rescue disk iz boot  , pomalo sumnjam da je to mozda od tada
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
zaboravili ste šifru?
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Zatvori
Idi gore
Stranice:
1
2 3
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
linktree Burek :: Forumi ::  >  Tehnicki deo foruma  >  Pc Klinika ~ Doktori za vas kompjuter
linktree Tema: virus (Moderatori: enaB, chelavi1)
Trenutno vreme je: 25. Okt 2025, 04:35:24
 nazadnapred
Prebaci se na:  
Upozorenje:ova tema je zaključana!
Samo administratori i moderatori mogu odgovoriti.
web design

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Nova godina Beograd :: nova godina restorani :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Sudski tumač Novi Beograd

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.

Copyright © 2002- "Burek.com", all rights reserved. Performance: 0.047 sec za 13 q. Powered by: SMF. © 2005, Simple Machines LLC.