Help Am 3 Virusi!

Va rog sa ma ajutati si pe mine.Nu prea ma picep la calculatoare.Problema e urmatoarea.Am scanat calc cu bit si a gasit 3 virusi,toti se gasesc in C\SYSTEM VOLUME INFORMATION.Nu ii poate sterge pt ca fac parte dintr.o arhiva.In plus cand caut nu gasesc acest system volume.Am windows XP. Cei 3 virusi sunt


-ADWARE.NAVIPROMO.BZE (gasit in C\System volume information\_restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP21\A0007751.exe=](NSIS0)=]Izma_solid_nsis0002)


-GENERIC.BANKER.DELF.3B2B9042 (gasit in C\System volume information\restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP7\A0003882.exe=]wise0030)


-GENERIC.BANKER.DELF.4649344E5 (gasit in C\System volume information\restore{ADF669D2-B6B0-4D63-85EA-E24E573E8DD0}\RP7\A0003882.exe=]wise0064 )


Ce ma fac??va rog din suflet ajutati.ma!deja calc merge mai lent si cand intru p net imi apar mesaje de avertisment ca am sistemul infectat...

Comentarii

  • Buna,


    Pentru a sterge malware-ul din System Volume Information trebuie urmati urmatorii pasi:


    -click dreapta pe My Computer


    -apoi click normal pe Properties -> System Restore


    -bifeaza Turn off System Restore on all drives apoi Apply


    -debifeaza Turn off System Restore on all drives apoi Apply din nou


    Inainte de efectuarea acestor pasi dezactiveaza BitDefender, iar dupa ce termini activeaza-l la loc.


    N-ar fi rau sa trimiti un log de HijackThis, pentru ca s-ar putea sa mai fie si alti malware care ruleaza pe calculator.


    O zi buna!

  • Am urmat instructiunile,am dat restore(pt cei 3 virusi din System volume information-adware.navipromo,si 2 generic.banker),apoi am scanat si bit nu a gasit nimic.


    Cand intru pe net IAR imi apar mesaje de avertizare ca sistemul e infectat.PLS Dati-mi mai multe detalii cum sa fac cu HijackThis.Bit trebuie dezactivat inainte sa dau log la HijackThis???si dupa ce scaneaza HijackThis sau ce-o face il dezinstalez si pun pe bit inapoi??

  • Buna,


    Logul se poate realiza fara a dezactiva BitDefender. In caz ca nu ai HijackThis, il poti downloada aici. Trebuie doar sa-l rulezi si sa alegi varianta "Do a system scan and save a log file". In directorul in care ai executabilul o sa apara fisierul hijackthis.log pe care trebuie sa-l atasezi.


    HijackThis nu trebuie dezinstalat, este doar un fisier pe care daca nu-l mai doresti pe calculator il poti sterge.


    Am urmat instructiunile,am dat restore(pt cei 3 virusi din System volume information-adware.navipromo,si 2 generic.banker),apoi am scanat si bit nu a gasit nimic.


    Cand intru pe net IAR imi apar mesaje de avertizare ca sistemul e infectat.PLS Dati-mi mai multe detalii cum sa fac cu HijackThis.Bit trebuie dezactivat inainte sa dau log la HijackThis???si dupa ce scaneaza HijackThis sau ce-o face il dezinstalez si pun pe bit inapoi??

  • Salut me_caramella,


    Am unit cele doua topic-uri, pentru ca erau pe aceeasi tema. Foloseste butonul Add Reply ca sa raspnzi intr-un topic. Butonul New Topic trebuie folosit daca vrei sa intrebi altceva (o alta problema).


    Despre HijackThis... descarca-l de AICI.


    @Lirima: link-ul de pe Softpedia, postat de tine, duce la o varianta BETA de HijackThis!, mai veche. ;)


    Cris.

  • am si eu o mare problema!!!!!!!!!!in primul rand bit a scanat si nu a gasit nimic.DE CE CAND INTRU PE NET IMI APAR MESAJE CU ''WARNING YOUR COMPUTER IS INFECTED'' intr-o casuta mai mica in centru si apoi apare pe tot ecranul ca imi scaneaza si gaseste threats\sau uneori imi propune sa scanez cu un anumit scan cleaner sau ceva de genu.odata am dat scanare cu ce mi-a propus el(acel mesaj de avertisment) si bit a stopat virusii.nu inteleg...aceste mesaje imi spun k am virusi si knd ma iau dupa ele sa scanez imi dau virusi...


    culmea odata knd mi-au aparut mesaje ziceau ceva de MATA HARI si ALEXA .si le-am inchis repede.zilele trecute pt.prima oara bit ma intreba daca permit accesul lui PVOBQTMML.EXE.si nu am permis.mentionez ca am laptopul din franta.


    ce sa ma fac??va rog ajutati-ma din nou................................. :unsure:

  • Salut me_caramella,


    E foarte probabil sa ai calculatorul infectat cu un malware din familia Zlob pe care BitDefender nu-l detecteaza inca. Acest tip de "virus" da mesaje false cum ca ai avea calculatorul infectat si indica spre linkuri ce contin malware, pentru a te determina sa-ti infectezi (si mai tare) calculatorul.


    Trimite neaparat un log de HijackThis pentru a putea depista ce procese suspecte ruleaza pe calculatorul tau, sa ne dai fisierele sa punem detectie.


    Daca nu ne trimiti un asemenea log, nu te putem ajuta.


    Daca informatiile de mai sus in privinta modului in care se face logul nu-ti sunt suficient de clare, nu ezita sa ceri ajutor.

  • acesta este log-ul.


    aaaaaa si bit a oprit pe virusul Adware.SystemErrorFixer.A cand mi-a aparut un mesaj de avertizare.si il localiza in user\local setting\temporary internet files.


    e de rau????????????

    /applications/core/interface/file/attachment.php?id=1361" data-fileid="1361" rel="">hijackthis_log.txt

  • Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 12:07:02 , on 18-Jan-08


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16574)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\ibmpmsvc.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\Program Files\CDBurnerXP\NMSAccessU.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\Explorer.EXE


    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe


    C:\Program Files\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll


    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll


    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll


    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


    O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll


    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm


    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx


    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll


    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll


    O17 - HKLM\System\CCS\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1


    O17 - HKLM\System\CS1\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1


    O17 - HKLM\System\CS2\Services\Tcpip\..\{09B7CE92-126B-44AD-B277-66920CF08376}: NameServer = 217.156.85.1,84.247.120.1


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe


    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe


    --


    End of file - 6099 bytes


    ajutati-ma

  • nu pare nimic suspect in log