Help Am 3 Virusi!
Va rog sa ma ajutati si pe mine.Nu prea ma picep la calculatoare.Problema e urmatoarea.Am scanat calc cu bit si a gasit 3 virusi,toti se gasesc in C\SYSTEM VOLUME INFORMATION.Nu ii poate sterge pt ca fac parte dintr.o arhiva.In plus cand caut nu gasesc acest system volume.Am windows XP. Cei 3 virusi sunt
-ADWARE.NAVIPROMO.BZE (gasit in C\System volume information\_restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP21\A0007751.exe=](NSIS0)=]Izma_solid_nsis0002)
-GENERIC.BANKER.DELF.3B2B9042 (gasit in C\System volume information\restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP7\A0003882.exe=]wise0030)
-GENERIC.BANKER.DELF.4649344E5 (gasit in C\System volume information\restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP7\A0003882.exe=]wise0064 )
Ce ma fac??va rog din suflet ajutati.ma!deja calc merge mai lent si cand intru p net imi apar mesaje de avertisment ca am sistemul infectat...
Comentarii
-
Buna,
Pentru a sterge malware-ul din System Volume Information trebuie urmati urmatorii pasi:
-click dreapta pe My Computer
-apoi click normal pe Properties -> System Restore
-bifeaza Turn off System Restore on all drives apoi Apply
-debifeaza Turn off System Restore on all drives apoi Apply din nou
Inainte de efectuarea acestor pasi dezactiveaza BitDefender, iar dupa ce termini activeaza-l la loc.
N-ar fi rau sa trimiti un log de HijackThis, pentru ca s-ar putea sa mai fie si alti malware care ruleaza pe calculator.
O zi buna!0 -
Am urmat instructiunile,am dat restore(pt cei 3 virusi din System volume information-adware.navipromo,si 2 generic.banker),apoi am scanat si bit nu a gasit nimic.
Cand intru pe net IAR imi apar mesaje de avertizare ca sistemul e infectat.PLS Dati-mi mai multe detalii cum sa fac cu HijackThis.Bit trebuie dezactivat inainte sa dau log la HijackThis???si dupa ce scaneaza HijackThis sau ce-o face il dezinstalez si pun pe bit inapoi??0 -
Buna,
Logul se poate realiza fara a dezactiva BitDefender. In caz ca nu ai HijackThis, il poti downloada aici. Trebuie doar sa-l rulezi si sa alegi varianta "Do a system scan and save a log file". In directorul in care ai executabilul o sa apara fisierul hijackthis.log pe care trebuie sa-l atasezi.
HijackThis nu trebuie dezinstalat, este doar un fisier pe care daca nu-l mai doresti pe calculator il poti sterge.Am urmat instructiunile,am dat restore(pt cei 3 virusi din System volume information-adware.navipromo,si 2 generic.banker),apoi am scanat si bit nu a gasit nimic.
Cand intru pe net IAR imi apar mesaje de avertizare ca sistemul e infectat.PLS Dati-mi mai multe detalii cum sa fac cu HijackThis.Bit trebuie dezactivat inainte sa dau log la HijackThis???si dupa ce scaneaza HijackThis sau ce-o face il dezinstalez si pun pe bit inapoi??0 -
Salut me_caramella,
Am unit cele doua topic-uri, pentru ca erau pe aceeasi tema. Foloseste butonul Add Reply ca sa raspnzi intr-un topic. Butonul New Topic trebuie folosit daca vrei sa intrebi altceva (o alta problema).
Despre HijackThis... descarca-l de AICI.
@Lirima: link-ul de pe Softpedia, postat de tine, duce la o varianta BETA de HijackThis!, mai veche.
Cris.0 -
am si eu o mare problema!!!!!!!!!!in primul rand bit a scanat si nu a gasit nimic.DE CE CAND INTRU PE NET IMI APAR MESAJE CU ''WARNING YOUR COMPUTER IS INFECTED'' intr-o casuta mai mica in centru si apoi apare pe tot ecranul ca imi scaneaza si gaseste threats\sau uneori imi propune sa scanez cu un anumit scan cleaner sau ceva de genu.odata am dat scanare cu ce mi-a propus el(acel mesaj de avertisment) si bit a stopat virusii.nu inteleg...aceste mesaje imi spun k am virusi si knd ma iau dupa ele sa scanez imi dau virusi...
culmea odata knd mi-au aparut mesaje ziceau ceva de MATA HARI si ALEXA .si le-am inchis repede.zilele trecute pt.prima oara bit ma intreba daca permit accesul lui PVOBQTMML.EXE.si nu am permis.mentionez ca am laptopul din franta.
ce sa ma fac??va rog ajutati-ma din nou.................................0 -
Salut me_caramella,
E foarte probabil sa ai calculatorul infectat cu un malware din familia Zlob pe care BitDefender nu-l detecteaza inca. Acest tip de "virus" da mesaje false cum ca ai avea calculatorul infectat si indica spre linkuri ce contin malware, pentru a te determina sa-ti infectezi (si mai tare) calculatorul.
Trimite neaparat un log de HijackThis pentru a putea depista ce procese suspecte ruleaza pe calculatorul tau, sa ne dai fisierele sa punem detectie.
Daca nu ne trimiti un asemenea log, nu te putem ajuta.
Daca informatiile de mai sus in privinta modului in care se face logul nu-ti sunt suficient de clare, nu ezita sa ceri ajutor.0 -
acesta este log-ul.
aaaaaa si bit a oprit pe virusul Adware.SystemErrorFixer.A cand mi-a aparut un mesaj de avertizare.si il localiza in user\local setting\temporary internet files.
e de rau????????????0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:02 , on 18-Jan-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 6099 bytes
ajutati-ma0 -
nu pare nimic suspect in log
0
Liderul tuturor timpurilor
Categorii de discuții
- Toate Categoriile
- 2 Știri și bloguri
- 10 Subiecte generale
- 2 Securitate pentru companii
- 4 Sugestii și idei pentru produse
- 12 Alte produse și servicii
- 19 Central & Abonamente
- 16 VPN
- 14 Mobile Security
- 2 Mac
- 39 Windows
- 1.3K Protectie utilizatori individuali
- 949 Arhiva
- 199 Discu355ii generale
- 199 Discu355ii malware
- 6 Discu355ii spam 351i phishing
- 58 Produse
- 49 Sta355ii de lucru
- 1 Unix
- Servere windows
- 3 Protec355ie enterprise
- 5 Mobile
- 487 350tiri