Am Nevoie De Putin Ajutor

Sunt nou pe sv,si sunt la primul meu topic insa am o problema,aseara am decis sami scanez putin pc si am gasit urmatoarele:

C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\ATOJ8XAN\index[1].htm Infectat Trojan.JS.PXM

C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\EI7P1ZP7\code2[1].htm Detected: Application.JS.ForcePopup.I

Iam descoperit ci BitDefender 8,problema e ca nu le poate face nimik decat sa le dea ignore,asa ca miam oprit netu si mam dus Tools/Folder Options/View/Hidden files and folders si am bifat pe Show hidden files and folders, apoi mam dus in:

C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files

C:\Documents and Settings\<My Name>\Local Settings\Temp

si am sters toate fisierele, coockies alea,apoi am pornit din nou o scanare si de data asta a gasit din nou:

C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\ATOJ8XAN\index[1].htm Infectat Trojan.JS.PXM

Ce pot face ca sa scap de el,e virus sau e vreun virus imaginar pe care si-l creaza bitdefender dupa anumiti algoritmi care ii are el?Lam cautat si pe site la virus history sau ceva de genu sa vad daca exista si nu gasea decat Trojan.JS.****

PS:Va rog sa ma ajuati ,sami ziceti cum sa scap de el?daca e periculos?

Găsiți mai multe postări etichetate cu

Comentarii

Sm3K3R

Repeta procedura in Safe Mode ,dar inainte sa intri in SafeMode dezactiveaza System Restore pe toate partitiile.Sterge dupa procedura si folderele Recycled (dupa ce in prealabil ai dezactivat Recycle Binul total, ca sa poti sterge folderele lejer)

Daca vrei sa verifici veridicitatea infectiei poti sa scanezi fisirele suspecte in virustotal.

Mai poti incerca scanari cu MalwareBytes Antimalware si SpyBot Search & Distroy.

N-ar fi rau sa postezi si un log HijackThis , programelul il gasesti aici : http://www.trendsecure.com/portal/en-US/to...ools/hijackthis

Infectia vine de pe un site si iti recomand sa eviti situl respectiv si sa activezi in BD scanarea traficului http ,daca nu ai facut-o deja.

liberate

Pai cred ca stiu dp ce site vin si o sal evit,insa am mai facut un tipic pe un alt forum si mi sa zis sa folosesc avast si sai dau un scan boot,asta am si facut si nu a descoperit nimica,acu nu stiu ce sa cred,am luat programul HijackThis dar nu stiu cum sal folosesc,momentan am avast pe pc,treb sa il dezinstalez ca sa pot scana cu HijackThis?

PS:Inca ceva,ce antivirus ar trebui sami pun,sa tin in continuare avast profesional 4(lam luat dp site de la ei,si tine numa 60 de zile,daca nu ii bag cod) sau bitdefender 2008 cu liceenta sau avg free edition?

Sm3K3R

Logul HijackThis se obtine foarte simplu,downlodezi una din versiuni(installer sau zip cu exe) de pe situl oficial ,rulezi aplicatia si alegi "Do a system scan and save a log file ".Computerul va fi scanat si va fi generat si un fisier cu extensia .log din care dai copy si paste pe forum la tot continutul ,logul fiind ulterior analizat de cineva cu experienta in domeniu.Daca in acel log exista intrari necorespunzatoare ti se va sugera ce sa stergi din interfata HijackThis.

Ti-am mai recomandat si scanari cu freeware-urile MalwareBytes ( http://www.malwarebytes.org/ ) si Spybot Search & Distroy ( http://www.safer-networking.org/en/download/ ) ,scanari pe care le faci ,dupa ce updatezi programasele, cu mufa de net scoasa.

Boot scanul cu antivirusul pe care il folosesti e recomandat.

Daca vrei antivirus freeware sunt doar 3 mari si late iar cel pe care-l folosesti deja e mai bun ca celalalt mentionat de tine.

BD 2008 (light) sau BD 2009 (pe care nu ti l-as recomanda pentru sisteme cu procesor single core) nu vor dezamagi ,eventual poti apela la licentele din revistele IT romanesti,dar orice antivirus ai alege nu te va proteja daca frecventezi situri obscure,de aceea pentru o navigare mai sigura e recomandat sa folosesti browsere up to date(eventual cu pluginuri antiscript) si un sandbox cum ar fi Sandboxie ( http://www.sandboxie.com/ ).

Fa scanarile si posteaza loguri prin metoda copy/paste sa vedem care e problema.

liberate

Pai am facut cu HijackThis,uie logul:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:55:57 PM, on 1/16/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3

O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 5399 bytes

Iar in legatura cu celelalte programe care mi leai sugerat,am luat ala SpyBoot search and destroy,dar nu lam bagat ca nu am inteles ceva,deci trb sa instalez programu iar apoi cand sai dau scan trb sa scot si mufa de la net,sa opresc netu si apoi mai trb sa scanez si cu avast?

In legatura cu site-uri obscure ,nu intru pe asa ceva,ca nu vreau probleme,problema e sora mea care intra pe nu stiu ce siteuri de muzica(manele <img class= " /> )

PS:antivirusu care ar trebui sal pastrez e avast?(scz dar is ametit rau de tot(nu de bautua),am fost ascultat astazi la sc la 3 obiecte si am dat si lucrare :wacko:

Sm3K3R

In opinia mea de nespet logul e clean.

Cat despre scanul cu Spybot Search & Distroy ,fraza mea initiala e foarte clara si cu virgule unde trebuie.Instalezi ,updatezi, scoti firul de net ,intri in safe mode si dai scan.

Daca vrei av free ,ce ai e ok ,daca vrei antivirus pe bani bagi BD 2008 sau BD 2009.

rootkit

Logul e clean.

Descarca: ATF Cleaner si salveaza-l pe Desktop.

Dublu-click pe el, bifeaza "Select All" si apasa "Empty selected".

Apoi ruleaza un scan cu Bitdefender in Safe mode !