Help Am 3 Virusi!

Va rog sa ma ajutati si pe mine.Nu prea ma picep la calculatoare.Problema e urmatoarea.Am scanat calc cu bit si a gasit 3 virusi,toti se gasesc in C\SYSTEM VOLUME INFORMATION.Nu ii poate sterge pt ca fac parte dintr.o arhiva.In plus cand caut nu gasesc acest system volume.Am windows XP. Cei 3 virusi sunt

-ADWARE.NAVIPROMO.BZE (gasit in C\System volume information\_restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP21\A0007751.exe=](NSIS0)=]Izma_solid_nsis0002)

-GENERIC.BANKER.DELF.3B2B9042 (gasit in C\System volume information\restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP7\A0003882.exe=]wise0030)

-GENERIC.BANKER.DELF.4649344E5 (gasit in C\System volume information\restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP7\A0003882.exe=]wise0064 )

Ce ma fac??va rog din suflet ajutati.ma!deja calc merge mai lent si cand intru p net imi apar mesaje de avertisment ca am sistemul infectat...

Găsiți mai multe postări etichetate cu

Comentarii

unknown

Buna,

Pentru a sterge malware-ul din System Volume Information trebuie urmati urmatorii pasi:

-click dreapta pe My Computer

-apoi click normal pe Properties -> System Restore

-bifeaza Turn off System Restore on all drives apoi Apply

-debifeaza Turn off System Restore on all drives apoi Apply din nou

Inainte de efectuarea acestor pasi dezactiveaza BitDefender, iar dupa ce termini activeaza-l la loc.

N-ar fi rau sa trimiti un log de HijackThis, pentru ca s-ar putea sa mai fie si alti malware care ruleaza pe calculator.

O zi buna!

me_caramella

Am urmat instructiunile,am dat restore(pt cei 3 virusi din System volume information-adware.navipromo,si 2 generic.banker),apoi am scanat si bit nu a gasit nimic.

Cand intru pe net IAR imi apar mesaje de avertizare ca sistemul e infectat.PLS Dati-mi mai multe detalii cum sa fac cu HijackThis.Bit trebuie dezactivat inainte sa dau log la HijackThis???si dupa ce scaneaza HijackThis sau ce-o face il dezinstalez si pun pe bit inapoi??

unknown

Buna,

Logul se poate realiza fara a dezactiva BitDefender. In caz ca nu ai HijackThis, il poti downloada aici. Trebuie doar sa-l rulezi si sa alegi varianta "Do a system scan and save a log file". In directorul in care ai executabilul o sa apara fisierul hijackthis.log pe care trebuie sa-l atasezi.

HijackThis nu trebuie dezinstalat, este doar un fisier pe care daca nu-l mai doresti pe calculator il poti sterge.

Am urmat instructiunile,am dat restore(pt cei 3 virusi din System volume information-adware.navipromo,si 2 generic.banker),apoi am scanat si bit nu a gasit nimic.

Cand intru pe net IAR imi apar mesaje de avertizare ca sistemul e infectat.PLS Dati-mi mai multe detalii cum sa fac cu HijackThis.Bit trebuie dezactivat inainte sa dau log la HijackThis???si dupa ce scaneaza HijackThis sau ce-o face il dezinstalez si pun pe bit inapoi??

alexcrist

Salut me_caramella,

Am unit cele doua topic-uri, pentru ca erau pe aceeasi tema. Foloseste butonul Add Reply ca sa raspnzi intr-un topic. Butonul New Topic trebuie folosit daca vrei sa intrebi altceva (o alta problema).

Despre HijackThis... descarca-l de AICI.

@Lirima: link-ul de pe Softpedia, postat de tine, duce la o varianta BETA de HijackThis!, mai veche.

Cris.

me_caramella

am si eu o mare problema!!!!!!!!!!in primul rand bit a scanat si nu a gasit nimic.DE CE CAND INTRU PE NET IMI APAR MESAJE CU ''WARNING YOUR COMPUTER IS INFECTED'' intr-o casuta mai mica in centru si apoi apare pe tot ecranul ca imi scaneaza si gaseste threats\sau uneori imi propune sa scanez cu un anumit scan cleaner sau ceva de genu.odata am dat scanare cu ce mi-a propus el(acel mesaj de avertisment) si bit a stopat virusii.nu inteleg...aceste mesaje imi spun k am virusi si knd ma iau dupa ele sa scanez imi dau virusi...

culmea odata knd mi-au aparut mesaje ziceau ceva de MATA HARI si ALEXA .si le-am inchis repede.zilele trecute pt.prima oara bit ma intreba daca permit accesul lui PVOBQTMML.EXE.si nu am permis.mentionez ca am laptopul din franta.

ce sa ma fac??va rog ajutati-ma din nou................................. :unsure:

unknown

Salut me_caramella,

E foarte probabil sa ai calculatorul infectat cu un malware din familia Zlob pe care BitDefender nu-l detecteaza inca. Acest tip de "virus" da mesaje false cum ca ai avea calculatorul infectat si indica spre linkuri ce contin malware, pentru a te determina sa-ti infectezi (si mai tare) calculatorul.

Trimite neaparat un log de HijackThis pentru a putea depista ce procese suspecte ruleaza pe calculatorul tau, sa ne dai fisierele sa punem detectie.

Daca nu ne trimiti un asemenea log, nu te putem ajuta.

Daca informatiile de mai sus in privinta modului in care se face logul nu-ti sunt suficient de clare, nu ezita sa ceri ajutor.

me_caramella

acesta este log-ul.

aaaaaa si bit a oprit pe virusul Adware.SystemErrorFixer.A cand mi-a aparut un mesaj de avertizare.si il localiza in user\local setting\temporary internet files.

e de rau????????????

/applications/core/interface/file/attachment.php?id=1361" data-fileid="1361" rel="">hijackthis_log.txt

hijackthis_log.txt

me_caramella

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:07:02 , on 18-Jan-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

End of file - 6099 bytes

ajutati-ma

claudiu

nu pare nimic suspect in log