Am Nevoie De Putin Ajutor
Sunt nou pe sv,si sunt la primul meu topic insa am o problema,aseara am decis sami scanez putin pc si am gasit urmatoarele:
C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\ATOJ8XAN\index[1].htm Infectat Trojan.JS.PXM
C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\EI7P1ZP7\code2[1].htm Detected: Application.JS.ForcePopup.I
Iam descoperit ci BitDefender 8,problema e ca nu le poate face nimik decat sa le dea ignore,asa ca miam oprit netu si mam dus Tools/Folder Options/View/Hidden files and folders si am bifat pe Show hidden files and folders, apoi mam dus in:
C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files
C:\Documents and Settings\<My Name>\Local Settings\Temp
si am sters toate fisierele, coockies alea,apoi am pornit din nou o scanare si de data asta a gasit din nou:
C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\ATOJ8XAN\index[1].htm Infectat Trojan.JS.PXM
Ce pot face ca sa scap de el,e virus sau e vreun virus imaginar pe care si-l creaza bitdefender dupa anumiti algoritmi care ii are el?Lam cautat si pe site la virus history sau ceva de genu sa vad daca exista si nu gasea decat Trojan.JS.****
PS:Va rog sa ma ajuati ,sami ziceti cum sa scap de el?daca e periculos?
Comentarii
-
Repeta procedura in Safe Mode ,dar inainte sa intri in SafeMode dezactiveaza System Restore pe toate partitiile.Sterge dupa procedura si folderele Recycled (dupa ce in prealabil ai dezactivat Recycle Binul total, ca sa poti sterge folderele lejer)
Daca vrei sa verifici veridicitatea infectiei poti sa scanezi fisirele suspecte in virustotal.
Mai poti incerca scanari cu MalwareBytes Antimalware si SpyBot Search & Distroy.
N-ar fi rau sa postezi si un log HijackThis , programelul il gasesti aici : http://www.trendsecure.com/portal/en-US/to...ools/hijackthis
Infectia vine de pe un site si iti recomand sa eviti situl respectiv si sa activezi in BD scanarea traficului http ,daca nu ai facut-o deja.0 -
Pai cred ca stiu dp ce site vin si o sal evit,insa am mai facut un tipic pe un alt forum si mi sa zis sa folosesc avast si sai dau un scan boot,asta am si facut si nu a descoperit nimica,acu nu stiu ce sa cred,am luat programul HijackThis dar nu stiu cum sal folosesc,momentan am avast pe pc,treb sa il dezinstalez ca sa pot scana cu HijackThis?
PS:Inca ceva,ce antivirus ar trebui sami pun,sa tin in continuare avast profesional 4(lam luat dp site de la ei,si tine numa 60 de zile,daca nu ii bag cod) sau bitdefender 2008 cu liceenta sau avg free edition?0 -
Logul HijackThis se obtine foarte simplu,downlodezi una din versiuni(installer sau zip cu exe) de pe situl oficial ,rulezi aplicatia si alegi "Do a system scan and save a log file ".Computerul va fi scanat si va fi generat si un fisier cu extensia .log din care dai copy si paste pe forum la tot continutul ,logul fiind ulterior analizat de cineva cu experienta in domeniu.Daca in acel log exista intrari necorespunzatoare ti se va sugera ce sa stergi din interfata HijackThis.
Ti-am mai recomandat si scanari cu freeware-urile MalwareBytes ( http://www.malwarebytes.org/ ) si Spybot Search & Distroy ( http://www.safer-networking.org/en/download/ ) ,scanari pe care le faci ,dupa ce updatezi programasele, cu mufa de net scoasa.
Boot scanul cu antivirusul pe care il folosesti e recomandat.
Daca vrei antivirus freeware sunt doar 3 mari si late iar cel pe care-l folosesti deja e mai bun ca celalalt mentionat de tine.
BD 2008 (light) sau BD 2009 (pe care nu ti l-as recomanda pentru sisteme cu procesor single core) nu vor dezamagi ,eventual poti apela la licentele din revistele IT romanesti,dar orice antivirus ai alege nu te va proteja daca frecventezi situri obscure,de aceea pentru o navigare mai sigura e recomandat sa folosesti browsere up to date(eventual cu pluginuri antiscript) si un sandbox cum ar fi Sandboxie ( http://www.sandboxie.com/ ).
Fa scanarile si posteaza loguri prin metoda copy/paste sa vedem care e problema.0 -
Pai am facut cu HijackThis,uie logul:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:57 PM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5399 bytes
Iar in legatura cu celelalte programe care mi leai sugerat,am luat ala SpyBoot search and destroy,dar nu lam bagat ca nu am inteles ceva,deci trb sa instalez programu iar apoi cand sai dau scan trb sa scot si mufa de la net,sa opresc netu si apoi mai trb sa scanez si cu avast?
In legatura cu site-uri obscure ,nu intru pe asa ceva,ca nu vreau probleme,problema e sora mea care intra pe nu stiu ce siteuri de muzica(manele " /> )
PS:antivirusu care ar trebui sal pastrez e avast?(scz dar is ametit rau de tot(nu de bautua),am fost ascultat astazi la sc la 3 obiecte si am dat si lucrare0 -
In opinia mea de nespet logul e clean.
Cat despre scanul cu Spybot Search & Distroy ,fraza mea initiala e foarte clara si cu virgule unde trebuie.Instalezi ,updatezi, scoti firul de net ,intri in safe mode si dai scan.
Daca vrei av free ,ce ai e ok ,daca vrei antivirus pe bani bagi BD 2008 sau BD 2009.0 -
Logul e clean.
Descarca: ATF Cleaner si salveaza-l pe Desktop.
Dublu-click pe el, bifeaza "Select All" si apasa "Empty selected".
Apoi ruleaza un scan cu Bitdefender in Safe mode !0
Liderul tuturor timpurilor
Categorii de discuții
- Toate Categoriile
- 2 Știri și bloguri
- 10 Subiecte generale
- 2 Securitate pentru companii
- 4 Sugestii și idei pentru produse
- 12 Alte produse și servicii
- 19 Central & Abonamente
- 16 VPN
- 14 Mobile Security
- 2 Mac
- 39 Windows
- 1.3K Protectie utilizatori individuali
- 949 Arhiva
- 199 Discu355ii generale
- 199 Discu355ii malware
- 6 Discu355ii spam 351i phishing
- 58 Produse
- 49 Sta355ii de lucru
- 1 Unix
- Servere windows
- 3 Protec355ie enterprise
- 5 Mobile
- 487 350tiri