Korisnik:   Lozinka:   
 
Beograd Novi Sad Kragujevac Niš
PC Berza Forum : Ver. 2.35
Najnovije teme Najnoviji odgovori Prikačene teme Najaktivnije teme Najčitanije teme
Pronađi : U : Pretraži :
Forum : Softver
Antivirusni softver
Kad se Win zaglupi - 2. deo
STRANA 1 OD 1
strela75 Kad se Win zaglupi - 2. deo 16.12.2009. 13:59 T22879

status: user
broj poruka: 1589		 juce skenirao u safe modu sa Malwarebytes-om i nasao mi neke 4 stavke:
***
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\updatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Files Infected:
D:\instal\Foxit PDF editor\foxit.pdf.editor.2.1.0.build.0702-patch_Under SEH Team.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\instal\test\hyper_pi_0.99b\hyper_pi_0.99\super_pi_mod-1.5\super_pi_mod.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
***

Sve obrise, restartuje komp, greskom ode u normalni windows, ponovo restart, udjem u Safe mod, ponovno skeniram, kad ono opet:

***
Files Infected:
D:\System Volume Information\_restore{B0EFCB74-29B7-4222-A14A-A63DCB47671A}\RP42\A0002835.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{B0EFCB74-29B7-4222-A14A-A63DCB47671A}\RP42\A0002836.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
***
I to u onom ekranu gde pokazuje rezultate pise:

Malware.Packer -> prvi system volume information
Malware.Packer.Krunchy -> drugi system volume information

Znaci, ako iz safe moda ne udjem u Win, nemam virus. Cim udjem u Win, on ga obnovi.

Ajd` sad pomagajte (ako mu pomoci ima).

Unapred hvala.

Pozdrav.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
doca80 Re: Kad se Win zaglupi - 2. deo 16.12.2009. 14:05 #171074

status: user
broj poruka: 3053		 to je jedna metoda koju neki malware-i koriste da se povrate u sistem nakon brisanja...UnHackMe ce morati da radi,brisanje na BOOT-ovanju kompa ce te najverovatnije resiti te napasti... Uputstvo imas iskoristi ga na pravi nacin...


KLIN(KA) SE KLIN(K)OM IZBIJA

:: juce skenirao u safe modu sa Malwarebytes-om i nasao mi neke 4 stavke
:: **
:: Registry Data Items Infected
:: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully
:: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\updatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully
::
:: Files Infected
:: D:\instal\Foxit PDF editor\foxit.pdf.editor.2.1.0.build.0702-patch_Under SEH Team.exe (Malware.Packer) -> Quarantined and deleted successfully
:: D:\instal\test\hyper_pi_0.99b\hyper_pi_0.99\super_pi_mod-1.5\super_pi_mod.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully
:: **
::
:: Sve obrise, restartuje komp, greskom ode u normalni windows, ponovo restart, udjem u Safe mod, ponovno skeniram, kad ono opet
::
:: **
:: Files Infected
:: D:\System Volume Information\_restore{B0EFCB74-29B7-4222-A14A-A63DCB47671A}\RP42\A0002835.exe (Malware.Packer) -> Quarantined and deleted successfully
:: D:\System Volume Information\_restore{B0EFCB74-29B7-4222-A14A-A63DCB47671A}\RP42\A0002836.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully
:: **
:: I to u onom ekranu gde pokazuje rezultate pise
::
:: Malware.Packer -> prvi system volume informatio
:: Malware.Packer.Krunchy -> drugi system volume informatio
::
:: Znaci, ako iz safe moda ne udjem u Win, nemam virus. Cim udjem u Win, on ga obnovi
::
:: Ajd` sad pomagajte (ako mu pomoci ima)
::
:: Unapred hvala
::
:: Pozdrav.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
nenika Re: 16.12.2009. 14:07 #171076

status: user
broj poruka: 1133
Skini odavde ovo

http://www.combofix.org/


iskluci sve antiviruse INTERNET NEKA BUDE UKLJUCEN PA INSTALIRAJ combofix

pa prati uputstva.

javi rezultat
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
smhardyu Re: Re: 16.12.2009. 14:13 #171078

status: user
broj poruka: 104		 ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.

DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!

Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.

We will also announce when ComboFix is available on our Twitter and Facebook pages.


::
:: Skini odavde ovo
::
:: http://www.combofix.org
::
::
:: iskluci sve antiviruse INTERNET NEKA BUDE UKLJUCEN PA INSTALIRAJ combofix
::
:: pa prati uputstva
::
:: javi rezulta
::
::
::
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
strela75 Spremam se za Unhackme, 16.12.2009. 14:15 #171080

status: user
broj poruka: 1589		 samo sto ce mi trebati i vremena i koncentracije (koju juce nisam imao).

Da li problem resavam ako ubacim jos jedan disk, na njega instaliram Win i Unhackme, a onda iskeniram ovaj stari i ocistim ga potpuno? Posto sadasnji disk ima samo 160GB, razmisljam vec neko vreme da nabavim neki WD od 640GB - 1TB i da mi to bude sistemski + jedna velika radna particija, a ovaj od 160GB da bude druga (radna) particija.

U svakom slucaju probacu danas Unhackme.

Pozdrav.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
nenika moze ovde da se skine. proverio. kome treba 16.12.2009. 14:16 #171081

status: user
broj poruka: 1133
http://www.brothersoft.com/combofix-download-292397.html
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
smhardyu Re: moze ovde da se skine. proverio. kome treba 16.12.2009. 14:26 #171086

status: user
broj poruka: 104
To je u redu ali ta verzija ima bug koja na nekim masinama moze da dovede do toga
da ne mogu da se boot-uju uopste. Procitajte ceo tekst,tj nemojte rizikovati.

http://download.bleepingcomputer.com/sUBs/ComboFix.html

::
:: http://www.brothersoft.com/combofix-download-292397.htm
::
::
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
H-nitro yo 16.12.2009. 14:29 #171088

status: user
broj poruka: 1973		 probaj sa unhackme i sa hijack this vidi vise programa u startupu od ms-a. pa javi sta si uradio

Don`t drink and drive take joint and fly
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
valdemar Tvoj problem je najverovatnije izazvao FOXIT PDF reader.... 16.12.2009. 14:38 #171094

status: user
broj poruka: 55
.....izbegavaj taj program!!!
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
nenika ja instaliro i evo radi ko sat 16.12.2009. 14:40 #171095

status: user
broj poruka: 1133		 ComboFix 09-09-25.01 - nenika 16.12.2009 14:36.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.538 [GMT 1:00]
Running from: n:\slike \ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-11-16 to 2009-12-16 )))))))))))))))))))))))))))))))
.

2009-12-16 11:58 . 2009-12-16 11:58 129 - - a-w- c:\documents and settings\nenika\Local Settings\Application Data\fusioncache.dat
2009-12-16 11:58 . 2009-12-16 12:16 - - - - d - - -w- c:\documents and settings\nenika\Local Settings\Application Data\ApplicationHistory
2009-12-16 11:57 . 2009-12-16 11:58 - - - - d - - -w- c:\windows\system32\URTTemp
2009-12-16 11:56 . 2009-12-16 11:56 - - - - d - - -w- c:\program files\Torrent Harvester
2009-12-14 21:40 . 2009-12-14 21:40 - - - - d - - -w- c:\program files\FireTrust
2009-12-14 18:39 . 2009-12-14 18:40 - - - - d - - -w- c:\documents and settings\nenika\WhiteCap
2009-12-14 08:46 . 2009-12-14 08:46 - - - - d - - -w- c:\program files\Jocsoft
2009-12-11 21:47 . 2009-12-11 21:47 - - - - d - - -w- c:\documents and settings\nenika\Local Settings\Application Data\Ahead
2009-12-11 20:13 . 2004-03-02 16:37 125184 - - - w- c:\windows\system32\drivers\imagesrv.sys
2009-12-11 20:13 . 2004-03-02 16:37 5504 - - - w- c:\windows\system32\drivers\imagedrv.sys
2009-12-11 20:13 . 2004-07-26 16:16 476320 - - - w- c:\windows\system32\ImagXpr7.dll
2009-12-11 20:13 . 2004-07-26 16:16 471040 - - - w- c:\windows\system32\ImagXRA7.dll
2009-12-11 20:13 . 2004-07-26 16:16 262144 - - - w- c:\windows\system32\ImagXR7.dll
2009-12-11 20:13 . 2004-07-26 16:16 1568768 - - - w- c:\windows\system32\ImagX7.dll
2009-12-11 20:13 . 2000-06-26 10:45 106496 - - a-w- c:\windows\system32\TwnLib20.dll
2009-12-11 20:13 . 2001-07-09 10:50 155648 - - a-w- c:\windows\system32\NeroCheck.exe
2009-12-11 20:13 . 2009-12-11 20:13 - - - - d - - -w- c:\program files\Ahead
2009-12-11 20:13 . 2009-12-11 20:13 - - - - d - - -w- c:\program files\Common Files\Ahead
2009-12-10 22:21 . 2001-08-17 12:56 7552 -c - a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-10 22:21 . 2001-08-17 12:56 7552 - - a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-10 14:36 . 2009-12-10 14:36 - - - - d - - -w- c:\documents and settings\nenika\Local Settings\Application Data\Identities
2009-12-10 01:48 . 2009-08-06 18:23 274288 - - a-w- c:\windows\system32\mucltui.dll
2009-12-09 17:23 . 2009-12-09 17:23 - - - - d - - -w- c:\documents and settings\All Users\Application Data\TechSmith
2009-12-09 17:10 . 2009-12-09 17:10 - - - - d - - -w- c:\documents and settings\nenika\Local Settings\Application Data\TechSmith
2009-12-09 15:59 . 2008-03-31 10:59 3034624 - - a-w- c:\windows\system32\The Lost Watch 3D Screensaver.exe
2009-12-09 15:59 . 2008-03-28 17:40 855552 - - a-w- c:\windows\system32\The_Lost_Watch_3D_Screensaver.scr
2009-12-09 15:59 . 2009-12-09 15:59 - - - - d - - -w- c:\program files\The Lost Watch 3D Screensaver
2009-12-09 12:14 . 2009-12-09 12:14 - - - - d - - -w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-12-09 12:13 . 2009-12-09 12:13 - - - - d - - -w- c:\documents and settings\nenika\Application Data\Logitech
2009-12-09 12:12 . 2007-11-15 09:06 301656 - - a-w- c:\windows\system32\BtCoreIf.dll
2009-12-09 12:12 . 2007-11-15 09:07 76304 - - a-w- c:\windows\system32\KemXML.dll
2009-12-09 12:12 . 2007-11-15 09:07 117264 - - a-w- c:\windows\system32\KemWnd.dll
2009-12-09 12:12 . 2007-11-15 09:07 141840 - - a-w- c:\windows\system32\KemUtil.dll
2009-12-09 12:12 . 2007-11-15 09:07 170512 - - a-w- c:\windows\system32\kemutb.dll
2009-12-09 12:11 . 2009-12-09 12:11 - - - - d - - -w- c:\documents and settings\All Users\Application Data\Logitech
2009-12-09 12:11 . 2009-12-09 12:11 - - - - d - h - w- c:\program files\InstallShield Installation Information
2009-12-09 12:11 . 2009-12-09 12:12 - - - - d - - -w- c:\program files\Common Files\Logishrd
2009-12-09 12:11 . 2009-12-09 12:11 - - - - d - - -w- c:\program files\Logitech
2009-12-09 12:11 . 2009-12-09 12:11 - - - - d - - -w- c:\documents and settings\nenika\Application Data\Insta
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
neXus2000 Ovaj deo 16.12.2009. 15:03 #171105

status: user
broj poruka: 3350		 `Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\updatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.`

Ovo sto ti stoji je da si rucno, osim ako virus nije to uradio, iskljucio windows update i firewall.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
nenika pa sve programe treba da isljucis koje mozes 16.12.2009. 15:08 #171106

status: user
broj poruka: 1133		 Al ja sam naknadno iskljucivao programe koje sam mogao. Ali moji racunari radu uvek sao svajcarski satovi.ali pitanje kako ce COMBOFIX DA RADI KOD VAS.


:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
strela75 @neXus2000 16.12.2009. 15:24 #171111

status: user
broj poruka: 1589		 Po instalaciji sistema iskljucio sam update. Firewall nisam.

Pozdrav.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
MyDoom NOD 32 16.12.2009. 16:34 #171127

status: user
broj poruka: 553


Men are but flesh and blood.They know their doom, but not the hour

Pesmice za dobro jutro... :))
http://www.youtube.com/watch?v=imYr8YjXXlQ
http://www.youtube.com/watch?v=gS5ZOJyN8B4
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
neXus2000 @strela 16.12.2009. 16:35 #171128

status: user
broj poruka: 3350		 Kad budes ubuduce radio sa Malwarebytes-om, povodom iskljucivanja Firewall/antivirus(3ca stavka)/update sekcije windows-a, kada iskenira sve, nemoj da radis repair(koliko se secam ili clean), nego klikni misem desno dugme na svako od tih polja, i izaberi ignore.

Za
`D:\System Volume Information\_restore{B0EFCB74-29B7-4222-A14A-A63DCB47671A}\RP42\A0002835.exe (Malware.Packer) -> Quarantined and deleted successfully
:: D:\System Volume Information\_restore{B0EFCB74-29B7-4222-A14A-A63DCB47671A}\RP42\A0002836.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully

ovaj deo, klikni desno dugme na My Computer, izaberi properties, izaberi stavku System restore i disableuj restore svih drajvova(stikliraj Turn off system restore on all drives), pa apply, pa odstikliraj(Turn Off) i rokni OK.
Skini Kaspersky 2009 ili 2010(ako je izasao) sa probnim kljucem od metar dana, i preskeniraj komp. Naravno opet pusti Malwarebytes u pogon(Full Scan). Procistice ti sve.

Edit: NOD32 je krsh u odnosu na Kaspersky, koristio sam jedan i drugi kako sam mogao (kupovina preko `sajtova`), ali po iskustvu, Kaspersky je mnogo bolji jer je detaljniji. Sad imam licencirani :D
Najbolja kombinacija je Kaspersky i Malwarebytes.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
Slavuj ... 16.12.2009. 17:19 #171158

status: user
broj poruka: 2236		 ...dok Kaspersky ne počne da nalazi viruse iz 2009. na kompakt diskovima iz 2003.

:: Najbolja kombinacija je Kaspersky i Malwarebytes.
:: icq :: e-mail :: prijavi adminu :: citiraj :: odgovori ::
neXus2000 Re: ... 17.12.2009. 09:15 #171479

status: user
broj poruka: 3350		 Munched some drugs??? :D


:: ...dok Kaspersky ne počne da nalazi viruse iz 2009. na kompakt diskovima iz 2003
::
:: :: Najbolja kombinacija je Kaspersky i Malwarebytes.
:: e-mail :: prijavi adminu :: citiraj :: odgovori ::
STRANA 1 OD 1
Broj postavljenih tema: 60355. Broj poslatih odgovora: 646991.
Trenutno niste prijavljeni na PC Berzu i zbog toga imate status 'gosta'. Kao gost ne možete da šaljete poruke na Forum. Ako ste registrovani kao član PC Berze, prijavite se. Ako ste novi korisnik, molimo registrujte se da bi dobili mogućnost aktivnog učešća u radu Foruma.
- niste prijavljeni - samo za čitanje - zaključano
- nema novih poruka - ima novih poruka - ima novih tema
Slagalica.net
Microsystems d.o.o.
PCB Network: pcberza.rs | lisica.rs