Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Zilav virus ili trojanac

[es] :: Zaštita :: Zilav virus ili trojanac

Strane: 1 2 3

[ Pregleda: 16340 | Odgovora: 51 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

Horvat

Član broj: 17332
Poruke: 3042
dynamic-213-198-205-222.adsl.eunet.rs.



+165 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 12:56 - pre 190 meseci
nisi video win direktorijum jer si vrlo verovatno isao iz explorera,a nije ti ukljucen prikaz skrivenih i sistemskih datoteka,dok u totalu jeste

nisi rekao,jesi na kraju obrisao onaj exe iz temp direktorijuma?
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 14:33 - pre 190 meseci
Pozdrav,

Hvala svima na odgovorima i izvinite na kasnjenju, spavao sam malo duze zbog sinocnjeg rvanja sa virusom :)

GMER - nije nasao nista vazno, tj. nije ispisao nista crvenim fontom.
Avira Resque CD - Radila je celu noc i nasla mi virus W32/Sality.Y i TR/CRYPT.ZPACK.GEN

@kristi1: Sada cu pokusati. PS. sta je "fleska"? :)
@Andree2000: Gde mogu skinuti taj AV, tj. kako da ga narezem.
@horvat: Folder se nije video ni iz TC-a, samo se odjednom pojavio (!?)
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 15:22 - pre 190 meseci
Evo novog ComboFix report-a

Citat:

ComboFix 09-09-13.05 - Bojan 09/14/2009 15:37.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.259 [GMT 2:00]
Running from: c:\documents and settings\Bojan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bojan\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_abp470n5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-14 00:33 . 2009-09-14 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 23:24 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-13 23:24 . 2009-04-03 08:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-13 23:24 . 2008-12-18 09:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-13 23:23 . 2009-09-13 23:26 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-13 23:23 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-13 23:23 . 2009-09-13 23:38 -------- d-----w- c:\program files\Spyware Doctor
2009-09-13 23:23 . 2009-09-13 23:23 -------- d-----w- c:\documents and settings\Bojan\Application Data\PC Tools
2009-09-13 23:23 . 2009-09-13 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-13 23:17 . 2009-09-13 23:17 -------- d-----w- c:\documents and settings\Bojan\Application Data\Uniblue
2009-09-13 23:17 . 2009-09-13 23:17 -------- d-----w- c:\program files\Uniblue
2009-09-13 20:30 . 2009-09-13 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-13 20:30 . 2009-09-13 23:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 20:30 . 2009-09-13 20:30 -------- d-----w- c:\documents and settings\Bojan\Application Data\SUPERAntiSpyware.com
2009-09-13 20:30 . 2009-09-13 20:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 16:42 . 2009-09-13 16:42 -------- d-----w- c:\documents and settings\Bojan\Application Data\Malwarebytes
2009-09-13 16:41 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 16:41 . 2009-09-13 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 16:41 . 2009-09-13 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 16:41 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 16:17 . 2009-09-13 16:17 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-13 16:17 . 2009-09-13 16:17 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-13 16:15 . 2009-09-13 16:15 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-13 16:15 . 2009-09-13 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-13 15:55 . 2009-09-13 15:55 -------- d-----w- c:\documents and settings\Bojan\Application Data\AVG8
2009-09-13 15:54 . 2009-09-13 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-13 14:42 . 2009-09-13 14:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-11 20:44 . 2009-09-11 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{BBD31133-40F8-4B57-9BA6-DB76C03D153B}
2009-09-09 21:33 . 2009-09-09 21:33 -------- d-----w- c:\program files\iPod
2009-09-09 21:33 . 2009-09-09 21:34 -------- d-----w- c:\program files\iTunes
2009-09-09 19:13 . 2009-09-09 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-06 12:29 . 2009-09-06 12:29 -------- d-----w- c:\documents and settings\Bojan\Application Data\TuneUp Software
2009-09-06 12:28 . 2009-09-06 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-06 12:27 . 2009-09-06 12:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-29 22:43 . 2009-08-29 22:43 -------- d-----w- c:\documents and settings\Bojan\Local Settings\Application Data\RagdollSoft
2009-08-29 22:42 . 2009-08-29 22:43 -------- d-----w- c:\program files\Rubber Ninjas Demo
2009-08-28 03:17 . 2009-08-28 03:17 -------- d-----w- c:\program files\Scs4b5t
2009-08-27 03:16 . 2009-08-27 03:16 -------- d-----w- c:\program files\Psygnosis
2009-08-27 03:04 . 2009-08-27 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-08-27 03:04 . 2009-08-27 03:05 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-08-27 02:54 . 2009-08-27 02:54 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-27 02:54 . 2009-08-27 02:54 -------- d-----w- c:\documents and settings\Bojan\Application Data\DAEMON Tools Pro
2009-08-19 22:49 . 2009-08-19 22:49 -------- d-----w- c:\documents and settings\Bojan\Local Settings\Application Data\PunkBuster
2009-08-19 22:32 . 2009-09-13 16:51 -------- d-----w- c:\documents and settings\Bojan\Application Data\id Software
2009-08-19 20:29 . 2009-08-19 20:29 -------- d-----w- c:\program files\Zone Labs
2009-08-19 19:24 . 2009-08-19 19:24 437365 ----a-w- c:\temp\maindemo.zip
2009-08-19 19:23 . 2009-08-19 19:23 211329 ----a-w- c:\temp\inspector_demo.zip
2009-08-19 19:23 . 2009-08-19 19:23 215439 ----a-w- c:\temp\nextgrid_demo2.zip
2009-08-19 19:23 . 2009-08-19 19:23 286464 ----a-w- c:\temp\nextgrid_demo.zip
2009-08-18 22:02 . 2009-08-27 15:38 -------- d-----w- c:\documents and settings\Bojan\Local Settings\Application Data\MediaMonkey
2009-08-18 22:02 . 2009-08-27 15:38 -------- d-----w- c:\program files\MediaMonkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 14:07 . 2008-05-11 10:38 -------- d-----w- c:\documents and settings\Bojan\Application Data\skypePM
2009-09-14 00:43 . 2008-05-11 10:36 -------- d-----w- c:\documents and settings\Bojan\Application Data\Skype
2009-09-14 00:23 . 2008-09-12 14:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-13 17:15 . 2009-06-08 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-09-13 17:15 . 2009-06-08 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-09-13 16:11 . 2009-06-08 17:43 -------- d-----w- c:\documents and settings\Bojan\Application Data\VMware
2009-09-13 16:10 . 2008-05-07 20:09 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-13 15:21 . 2008-12-29 21:54 -------- d-----w- c:\program files\Common Files\Logishrd
2009-09-13 15:21 . 2008-04-02 14:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 15:00 . 2009-06-08 17:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2009-09-11 16:05 . 2008-08-25 09:39 -------- d-----w- c:\documents and settings\Bojan\Application Data\uTorrent
2009-09-10 01:12 . 2008-06-24 13:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 21:35 . 2008-04-08 09:57 -------- d-----w- c:\documents and settings\Bojan\Application Data\Apple Computer
2009-09-09 21:33 . 2008-04-08 09:55 -------- d-----w- c:\program files\Common Files\Apple
2009-09-09 21:32 . 2009-02-07 17:06 -------- d-----w- c:\program files\QuickTime
2009-09-09 21:04 . 2008-04-03 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 19:10 . 2008-09-12 17:44 -------- d-----w- c:\program files\Bonjour
2009-09-01 00:36 . 2008-12-14 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Embarcadero
2009-08-19 20:29 . 2008-04-02 16:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-14 21:14 . 2009-08-14 21:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-14 21:05 . 2008-04-02 16:02 -------- d-----w- c:\program files\Windows Media Connect
2009-08-09 15:39 . 2009-05-08 13:05 18 ----a-w- c:\windows\popcinfot.dat
2009-08-09 15:39 . 2009-05-08 13:23 14 ----a-w- c:\windows\popcinfo.dat
2009-08-05 13:31 . 2008-05-29 17:40 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-08-05 13:31 . 2008-05-29 17:40 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-08-05 13:31 . 2008-05-29 17:40 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 20:14 . 2008-04-03 16:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-27 20:11 . 2009-07-27 20:11 -------- d-----w- c:\program files\Adobe Media Player
2009-07-26 19:19 . 2009-07-26 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Blueberry
2009-07-26 19:18 . 2009-07-26 19:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6B71DDD0-B12C-4427-A1DE-A57327178878}
2009-07-26 19:18 . 2009-07-26 19:18 -------- d-----w- c:\program files\Common Files\Blueberry Software
2009-07-26 19:18 . 2009-07-26 19:18 -------- d-----w- c:\program files\Blueberry Software
2009-07-26 19:17 . 2008-05-29 17:41 -------- d-----w- c:\documents and settings\Bojan\Application Data\Blueberry
2009-07-25 18:46 . 2009-07-25 18:41 -------- d-----w- c:\program files\Quake III Arena
2009-07-25 18:42 . 2009-07-25 18:42 -------- d-----w- c:\program files\Mplayer
2009-07-19 14:37 . 2009-07-19 14:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 13:48 . 2009-07-03 13:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 13:45 . 2009-07-03 13:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-29 16:12 . 2006-02-28 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-28 12:46 . 2008-04-02 17:03 60408 ----a-w- c:\documents and settings\Bojan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 18:36 . 2006-02-28 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-02-28 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-02-28 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-02-28 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-02-28 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-02-28 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-02-28 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-02-28 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-02-28 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-02-28 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2006-02-28 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:17 . 2006-02-28 12:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2006-02-28 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-02-28 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17 . 2006-02-28 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2006-02-28 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-02-28 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-02-28 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-02-28 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-02-28 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 18:48 . 2009-06-21 18:48 51760 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-19 21:03 . 2009-06-19 20:56 78884 ----a-w- c:\windows\hpfins05.dat
2009-06-16 14:55 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-13_22.33.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-09 17:34 . 2009-09-14 14:08 231113 c:\windows\system32\inetsrv\MetaBase.bin
- 2008-04-09 17:34 . 2009-09-13 22:34 231113 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 2068208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 839769]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 274432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1385808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-3 187392]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 663613]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-08-19 13:52 389120 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Bojan\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Bojan\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^santa.bat]
path=c:\documents and settings\Bojan\Start Menu\Programs\Startup\santa.bat
backup=c:\windows\pss\santa.batStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^WingsStart.lnk]
path=c:\documents and settings\Bojan\Start Menu\Programs\Startup\WingsStart.lnk
backup=c:\windows\pss\WingsStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsmax2010_32"=2 (0x2)
"LightScribeService"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PersonalSecureDriveService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"IFXTCS"=2 (0x2)
"IFXSpMgtSrv"=2 (0x2)
"idsvc"=3 (0x3)
"hpqwmiex"=2 (0x2)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BlackfishSQL"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
"c:\\Program Files\\ProtectTools\\Embedded Security Software\\PSDrt.exe"=
"c:\\Programs\\Process\\procexp.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTServs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2010\\klwtblfs.exe"=
"c:\\WINDOWS\\system32\\CF28155.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/14/2009 1:24 AM 130936]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [10/25/2005 8:10 PM 35488]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 2:00 PM 14336]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [5/29/2008 7:40 PM 4096]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/2/2008 4:46 PM 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 3:26 PM 35968]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [5/1/2009 11:58 PM 30336]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/14/2009 1:23 AM 348752]
S4 BlackfishSQL;BlackfishSQL;c:\program files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe [8/29/2008 9:00 PM 65536]
S4 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-73586283-1801674531-1003Core.job
- c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 20:27]

2009-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-73586283-1801674531-1003UA.job
- c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 20:27]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Bojan\Application Data\Mozilla\Firefox\Profiles\uyzmc3lw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Bojan\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 16:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-73586283-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:58,a1,1c,56,28,3e,69,da,dd,cc,bd,36,50,f7,60,7f,02,00,dc,94,de,
57,2a,7e,cc,a9,30,41,ae,ca,b6,a9,50,a8,ca,e1,8f,55,84,ad,4a,7e,44,f0,e1,6d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'lsass.exe'(1176)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll

- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\system32\dllhost.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\inetsrv\davcdata.exe
.
**************************************************************************
.
Completion time: 2009-09-14 16:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-14 14:16
ComboFix2.txt 2009-09-13 22:43

Pre-Run: 19,748,868,096 bytes free
Post-Run: 19,558,744,064 bytes free

382 --- E O F --- 2009-09-09 21:10


Hvala jos jednom.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 16:26 - pre 190 meseci
Kazi mi kakva je situacija.
Fleska je usb drajv ili ti stick.
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 16:56 - pre 190 meseci
Situacija je i dalje ista. I dalje ne mogu da ugasim taj virus koji je u memoriji i koji mi gasi AV i ne dozvoljava sa odem na AV sajtove.

Imam USB HDD na koji sam presnimio vazne stvari, pa me zanima kako da nakon re-instalacije i formatiranja glavnog HDD-a, da slucajno se ne zarazim opet sa virusa koji je "prebegao" na USB HDD.

Hvala jos jednom
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 17:11 - pre 190 meseci
Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u (dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira (to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning (izgleda kao Play dugme).
Moram da vas upozorim da kompletno skeniranje moze da potraje nekoliko sati!

Pokazite log (zapakujte u ".rar" arhivu i upload-ujte) CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\

P.S. Mozete i odmah pokusati da pokrenete Dr.Web CureIt! u normal mode-u posle skidanja i da vidite da li ce Express Scan-om da pronajde virus i da ga ukolni.
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 17:22 - pre 190 meseci
Citat:
Dashkes: Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u (dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira (to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning (izgleda kao Play dugme).
Moram da vas upozorim da kompletno skeniranje moze da potraje nekoliko sati!

Pokazite log (zapakujte u ".rar" arhivu i upload-ujte) CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\

P.S. Mozete i odmah pokusati da pokrenete Dr.Web CureIt! u normal mode-u posle skidanja i da vidite da li ce Express Scan-om da pronajde virus i da ga ukolni.


Hvala,

Pokusacu i njega, ali ne mogu da odem u SafeMode jer ga je virus pokvario.

PS. Iz nekog razloga ne mogu da skinem CureIt sa vaseg sajta. Izgleda da je i njega virus blokirao.
 
Odgovor na temu

silvestro

Član broj: 121205
Poruke: 57
195.252.70.*



Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 17:28 - pre 190 meseci
Nadji u c:\windows\system32\drivers\etc\ file hosts, otvori ga notepad-om i obrisi sve sto se nalazi u njega i sacuvaj izmene. Onda ces moci da udjes na AV sajtove...
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 17:41 - pre 190 meseci
Citat:
silvestro: Nadji u c:\windows\system32\drivers\etc\ file hosts, otvori ga notepad-om i obrisi sve sto se nalazi u njega i sacuvaj izmene. Onda ces moci da udjes na AV sajtove...


Nazalost ni to ne pomaze, u fajlu hosts je samo "localhost" ubacen.
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 17:46 - pre 190 meseci
Da li mozete da skinete sledece programe - http://www.bdtools.net/download/dcleaner.zip - Win32.HLLW.Shadow.based (Conficker)
i
http://www.softpedia.com/get/Antivirus/Win32-Sality-Remover.shtml - Win32.HLLP.Sector (Sality)?
Pokusajte da ocistite sa njim racunar i onda pokusajte da skinete Dr.Web CureIt!

[Ovu poruku je menjao Dashkes dana 14.09.2009. u 19:08 GMT+1]
 
Odgovor na temu

drvlada75
Prokuplje

Član broj: 153703
Poruke: 1206
93.87.140.*



+34 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:00 - pre 190 meseci
Pomenuo si da si zarazen Sality virusom. Takodje pominjes i number.exe virus... Imao sam skoro iskustva sa tim virusima. Pretpostavljam da su ti prakticno svi .exe zarazeni dok je ulazak u Safe mode onemogucen plavim ekranom. Jedini antivirus koji je uspeo da se izbori sa njim i da DEZINFIKUJE fajlove bio je Bit Defender. Postoji njihov rescue disk, vredi ga probati:
http://download.bitdefender.co...rRescueCD_v2.0.0_3_08_2009.iso
Medjutim, toplo ti savetujem vadjenje hard diska instaliranje Bit Defendera na drugi racunar i onda ciscenje. Kasperski i Avast ce pronaci viruse ali i obrisati .exe fajlove. Jos jedna stvar. Posto sam ocistio racunar i ponovo ga pokrenuo iskljucio sam mrezni kabl i instalirao Comodo Firewall. Racunar je imao staticku adresu. Napadac sa interneta je odmah krenuo sa napadom. Zanimljivo je to, da je napadac bio kod istog srpskog provajdera kao i racunar. Sve se zavrsilo slanjem log fajla firewall-a provajderu koji je u najkracem roku onemogucio napadaca.
Eto, izneo sam jedno iskustvo i resenje slicnog problema.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:02 - pre 190 meseci
Bojim se da si zapatio Sality Legacy_abp470n5 Vec je bilo reci kako se cisti taj Virus.
Evo drvlada75 me pretece

Najbolje resenje je Format C, instaliranje jednog od boljih AV i komplet scan, sve ostalo moze da uspe a i ne mora. Postoji velika verovatnoca da windows nece da se podigne. Znaci ako vec hoces da se resis tog virusa najbrze i najbolje je ovo sto sam ti predlozio. Znaci AV pre drajvera i scan. Komletan racunar ti je zarazen, znaci sve particije.

[Ovu poruku je menjao kristi1 dana 14.09.2009. u 19:13 GMT+1]
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:17 - pre 190 meseci
Citat:
drvlada75: Pomenuo si da si zarazen Sality virusom. Takodje pominjes i number.exe virus... Imao sam skoro iskustva sa tim virusima. Pretpostavljam da su ti prakticno svi .exe zarazeni dok je ulazak u Safe mode onemogucen plavim ekranom. Jedini antivirus koji je uspeo da se izbori sa njim i da DEZINFIKUJE fajlove bio je Bit Defender. Postoji njihov rescue disk, vredi ga probati:
http://download.bitdefender.co...rRescueCD_v2.0.0_3_08_2009.iso
Medjutim, toplo ti savetujem vadjenje hard diska instaliranje Bit Defendera na drugi racunar i onda ciscenje. Kasperski i Avast ce pronaci viruse ali i obrisati .exe fajlove. Jos jedna stvar. Posto sam ocistio racunar i ponovo ga pokrenuo iskljucio sam mrezni kabl i instalirao Comodo Firewall. Racunar je imao staticku adresu. Napadac sa interneta je odmah krenuo sa napadom. Zanimljivo je to, da je napadac bio kod istog srpskog provajdera kao i racunar. Sve se zavrsilo slanjem log fajla firewall-a provajderu koji je u najkracem roku onemogucio napadaca.
Eto, izneo sam jedno iskustvo i resenje slicnog problema.


Hvala na odgovoru,

Nazalost nece da otvori ni sajt bitdefender.com :(

Sve ovo mi se desava na laptopu sa internim diskom i jos jednim eksternim USB diskom.

Prebacio sam podatke i neke instalacije na taj USB disk, ali me plasi da ce mi se komp nakon format-a i pokretanja instalacija ponovo zapatiti virusima. Da li je najpametnije da nakon instalacije Windows-a da odmah skinem bit-defender i onda da skeniram taj eksterni disk?
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:19 - pre 190 meseci
Jeste li mozda uspeli da skinete porgrame iz ove teme i da ih pokrenete - http://www.elitesecurity.org/p2387602 ?
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:29 - pre 190 meseci
Citat:
Dashkes: Jeste li mozda uspeli da skinete porgrame iz ove teme i da ih pokrenete - http://www.elitesecurity.org/p2387602 ?


dcleaner nece da se startuje (!?) dok Virus remover upravo radi (mada jos uvek nista ne nalazi)
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:33 - pre 190 meseci
Citat:
Sve ovo mi se desava na laptopu sa internim diskom i jos jednim eksternim USB diskom.


Vrlo moguce da si ga i preneo sa njega, obavezno ga prikljuci i komplet skeniranje. Ako si ga nosio negde i kacio na druge kompove.
Jedino Anntivirus moze da ukloni sality, nijedan drugi program, slobodno prekini skeniranje.
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:37 - pre 190 meseci
Citat:
kristi1: Vrlo moguce da si ga i preneo sa njega, obavezno ga prikljuci i komplet skeniranje. Ako si ga nosio negde i kacio na druge kompove.
Jedino Anntivirus moze da ukloni sality, nijedan drugi program, slobodno prekini skeniranje.


kristi1, jeste li videli koji je to program? Kratak opis programa - A useful tool for deleting the Win32/Sality virus from your computer.
 
Odgovor na temu

Bokacio

Član broj: 189612
Poruke: 112
*.dynamic.sbb.rs.



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:42 - pre 190 meseci
Citat:
kristi1: Bojim se da si zapatio Sality Legacy_abp470n5 Vec je bilo reci kako se cisti taj Virus.
Evo drvlada75 me pretece :)

Najbolje resenje je Format C, instaliranje jednog od boljih AV i komplet scan, sve ostalo moze da uspe a i ne mora. Postoji velika verovatnoca da windows nece da se podigne. Znaci ako vec hoces da se resis tog virusa najbrze i najbolje je ovo sto sam ti predlozio. Znaci AV pre drajvera i scan. Komletan racunar ti je zarazen, znaci sve particije.

[Ovu poruku je menjao kristi1 dana 14.09.2009. u 19:13 GMT+1]


To cu sad da uradim, neka mi je bog u pomoci :)

Hvala
 
Odgovor na temu

drvlada75
Prokuplje

Član broj: 153703
Poruke: 1206
93.87.140.*



+34 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:43 - pre 190 meseci
Uh, ne znam koliko su ti vazni podaci na disku i da li vredi da skines neku linux distribuciju, narezes, pokrenes, a zatim iz nje skines i narezes rescue disk.
Dashkes probao sam ja taj program...nazalost, nije uspeo nista da uradi sa mojom vrstom Sality virusa.
Moram da napomenem da je racunar bio sa Windows 2000 operativnim sistemom.
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Zilav virus ili trojanac14.09.2009. u 18:48 - pre 190 meseci
A Dr.Web CureIt!?
 
Odgovor na temu

[es] :: Zaštita :: Zilav virus ili trojanac

Strane: 1 2 3

[ Pregleda: 16340 | Odgovora: 51 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.