Am Bitdefender Internet Security 2008

Am BitDefender Internet Security 2008 cu licenta pana in 2009 si azi la scanare mi-a gasit "Rogue.AntiVirus XP 2008" si "Trojan.Dropper/Gen" apoi s-a blocat calculatorul ,i-am dat restart manual an "safe mode" ,am rescanat ,iar la repornire normala am urmatoarele probleme:

- in toolbars langa ceas apare "VIRUS ALERT!"

- pe ecran apare "Windows warning message", si nu pot sa mai schimb imaginea de pe desktop

- nu pot sa mai fac sistem restore (nu mai am decat un singur punct de restore ,cel de azi)

- in bara de start-menu nu mai am niciun program

-nu mai am partitia C in my computer

Am facut alt user si totul este normal , cum pot sa refac si userul existent la normal.

Multumesc!

Găsiți mai multe postări etichetate cu

Comentarii

rootkit

Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.

Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan.

La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected.

La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

eugennico

Am descarcat programul dar nu pot sa-l instalez zice ca nu sant logat cu drepturi de administrator desi sant singurul administrator pe calculator ,nu mai pot instala niciun program sau sa mut vreun fisier zice ca e folosit sau e protejat....

Malwarebytes' Anti-Malware 1.26

Versiunea bazei de date: 1104

Windows 5.1.2600 Service Pack 2

02.09.2008 20:19:26

mbam-log-2008-09-02 (20-19-17).txt

Tipul scanarii: Scanare rapida

Obiecte scanate: 52219

Timp trecut: 2 minute(s), 0 second(s)

Procese din memorie afectate: 0

Module de memorie afectate: 0

Chei de registri infectate: 9

Valori din registri afectate: 2

Elemente din registri infectate: 1

Foldere infectate: 11

Fisiere infectate: 11

Procese din memorie afectate:

(Nici un element periculos nu a fost detectat)

Module de memorie afectate:

(Nici un element periculos nu a fost detectat)

Chei de registri infectate:

HKEY_CLASSES_ROOT\sai.instantiator (Adware.180Solutions) -> No action taken.

HKEY_CLASSES_ROOT\sai.instantiator.1 (Adware.180Solutions) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\gksraemq.bgow (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valori din registri afectate:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectD

elayLoad\dgksvbpn (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectD

elayLoad\xrdwbfgn (Trojan.FakeAlert) -> No action taken.

Elemente din registri infectate:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-649-1088227-23404) -> No action taken.

Foldere infectate:

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\rhctfvj0e9cc\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Fisiere infectate:

C:\WINDOWS\system32\blphcpfvj0e9cc.scr (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.

C:\WINDOWS\system32\phcpfvj0e9cc.bmp (Trojan.FakeAlert) -> No action taken.

C:\Documents and Settings\Eugen\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.

Sa rezolvat cate ceva

MULTUMESC!!!!

rootkit

Ba nu s-a rezolvat !

De ce ai dat scanare rapida ? Da-i completa !!!!!!!

Ai bifat alea toate si ai dat remove ?

Se vede in log ca nu: No action taken.

Ruleaza inca o data scanul(dar complet de data asta) si da-i remove la tot ce gaseste !

Revii cu log-ul aici !

eugennico

Malwarebytes' Anti-Malware 1.26

Versiunea bazei de date: 1103

Windows 5.1.2600 Service Pack 2

03.09.2008 10:17:01

mbam-log-2008-09-03 (10-17-01).txt

Tipul scanarii: Scanare totala (C:\|D:\|E:\|)

Obiecte scanate: 243018

Timp trecut: 12 hour(s), 40 minute(s), 28 second(s)

Procese din memorie afectate: 0

Module de memorie afectate: 0

Chei de registri infectate: 0

Valori din registri afectate: 0

Elemente din registri infectate: 0

Foldere infectate: 0

Fisiere infectate: 1

Procese din memorie afectate:

(Nici un element periculos nu a fost detectat)

Module de memorie afectate:

(Nici un element periculos nu a fost detectat)

Chei de registri infectate:

(Nici un element periculos nu a fost detectat)

Valori din registri afectate:

(Nici un element periculos nu a fost detectat)

Elemente din registri infectate:

(Nici un element periculos nu a fost detectat)

Foldere infectate:

(Nici un element periculos nu a fost detectat)

Fisiere infectate:

C:\System Volume Information\_restore{53BF4B56-77BD-4BCF-B18B-325F49C0D90D}\RP1\A0000001.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

TMV

Daca mai ai probleme, descarca SmitFraudFix. Ruleaza-l, alegi a doua optiune si totul va reveni la normal.