Cred Ca Am O Problema

Lady C.C
editat decembrie 2008 în Discu355ii malware

Well, am o mica problema cu BitDefender...(mentionez ca folosesc Bitdefender Total Security 2009 licentiat)


In ultimul timp, calculatorul imi merge foarte greu si se blocheaza des, apar deseori erori de la BitDefender Agent care necesita restartarea aplicatiei. Pana acum imi faceam update-urile la zi, calculatorul mergea perfect si toate cele. In urma cu cateva zile a inceput sa nu se mai inchida calculatorul decat daca ii dau END NOW la seccenter.exe, apar vreo 3-4 mesaje de restartare a aplicatiei pe ora si chiar mi s-a intamplat sa ma redirectioneze de pe un site legitim, marcat cu verde de *****, W*T si ****** Safe Web, pe www.pct**ls.com/registry-mechanic/ (se pare ca nu pot sa atasez niciun fisier pe forum deoarece imi da eroare:Upload failed. You are not permitted to upload this type of file). Site-ul este marcat cu verde, dar eu nu am incredele in el, deoarece am facut niste statistici despre Softwarerurile Rogue, si l-am incadrat si pe acesta in ele. Adesea imi ingheta PC-ul si nu mai ce sa fac cu el decat sa-l arunc pe geam. Nu pot face actualizari la BitDefender de cateva zile deoarece nu pot deschide aplicatia....Dau Enter pe Bitdefender Total Security 2009 si.....nimic :huh: Nu am reusit inca sa-i dau o scanare a sistemului din cauza acestei probleme. Mai mentionez ca in urma cu cateva luni am avut probleme cu SpySheriff pe care, cu foarte mare greutate, tot singura, am reusit sa-l elimin din calculator. E o poveste luuunga, cum de s-a ajuns aici, dar mi-e frica sa nu fi ramas vreo urma in calculator...


Va rog frumos, ajutati-ma cu aceasta problema. Vreau sa stiu daca este un virus sau doar o problema legata strict de PC-ul meu(ma rog laptop). Va multumesc

Comentarii

  • Salut,


    Te rog sa descarci BitDefender AVIS (de aici: http://forum.bitdefender.com/index.php?showtopic=7006). Dezarhiveaza continutul intr-un director gol, ruleaza AVIS, fa o actualizare completa, apoi du-te la System Info si fa un log complet al sistemului (s-ar putea sa dureze).


    Arhiveaza logul, si ataseaza-l la urmatorul tau post.


    Tipurile de arhive permise pentru atasare sunt ZIP si RAR. Daca vrei sa atasezi imagini, ataseaza-le in format JPG.


    Cris.

  • Am descarcat asa cum mi-ai spus, l-am dezarhivat, dar la rulare mi-a dat 3 erori succesive(am atasat o imagine). Am facut update si am arhivat logul. Sper sa-l fi arhivat bine. Multumesc pentru ajutor. O zi buna!

    post-20380-1229789538_thumb.jpg

    /applications/core/interface/file/attachment.php?id=4336" data-fileid="4336" rel="">bd_sys_log.xml.zip

  • In log nu apare absolut nimic ciudat. Toate procesele sunt in regula, serviciile par OK.


    Site-ul pc-tools este legitim (nu este rogue). Poti sa-mi spui cum anume ai fost redirectionata pe acel site?


    Cat despre problema initiala... ce versiune (completa) de BitDefender ai? (limba + build) Poti afla build-ul prin clic-dreapta pe iconita din tray, si alegi About (sau echivalentul in limba pe care o ai instalata). Daca nu functioneaza in acest mod (spui ca ai probleme cu BD Agent), poti rula aplicatia C:\Program Files\BitDefender\BitDefender 2009\About.exe


    Cris.

  • Lady C.C
    editat decembrie 2008

    Problema este ca prima data cand mi-a aparut eroarea de la BitDefender Agent pur si simplu cand am dat click pe restarteaza aplicatia m-a redirectionat pe pctools. Astazi dimineata, mi-a aparut eroare din nou la BitDefender si am vrut sa dau click pe restarteaza aplicatia. Am bifat casuta, dar mi s-a blocat calculatorul.


    Eu am spus ca PC Tools este un software rau deorece l-am instalat pe PC si in componenta acestuia mi-a adus SpySheriff :blink: (de aici si problemele mele cu SpySheriff). Nu sunt sigura daca a fost chiar actiunea software-ului Registry Mechanic, probabil il aveam in calculator deja, dar dupa ce l-am instalat a aparut pe Desktop iconita de install SpySheriff.


    Cat despre versiunea BitDefender: BitDefender Total Security 2009, limba romana si build: 12.0.11.2(daca m-am uitat bine)


    Nu stiu, dar calculatorul se blocheaza in ultimul timp foarte des, sincer nici nu mai stiu ce sa cred. Multumesc de ajutor, Cris!

  • Mai este o problema: Mai devreme cu un minut (ora 15:10) am primit o eroare de la BitDefender(am atasat o imagine). Multumesc de ajutor!

    post-20380-1229865212_thumb.jpg

  • Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop.


    Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.


    Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan.


    La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected.


    La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

  • Am facut asa cum mi-ai spus crysty2k5. Iata logul:


    Malwarebytes' Anti-Malware 1.31


    Database version: 1528


    Windows 5.1.2600 Service Pack 2


    21.12.2008 20:24:54


    mbam-log-2008-12-21 (20-24-54).txt


    Scan type: Full Scan (C:\|)


    Objects scanned: 98022


    Time elapsed: 1 hour(s), 23 minute(s), 40 second(s)


    Memory Processes Infected: 0


    Memory Modules Infected: 0


    Registry Keys Infected: 95


    Registry Values Infected: 3


    Registry Data Items Infected: 1


    Folders Infected: 0


    Files Infected: 0


    Memory Processes Infected:


    (No malicious items detected)


    Memory Modules Infected:


    (No malicious items detected)


    Registry Keys Infected:


    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.


    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    Registry Values Infected:


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.


    Registry Data Items Infected:


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.


    Folders Infected:


    (No malicious items detected)


    Files Infected:


    (No malicious items detected)

  • Majoritatea lucrurilor detectate, cele denumite Adware.MyWebSearch, au fost scoase de pe lista de detectii. MyWebSearch este un soft la limita dintre spyware si legitim, batand spre legitim. Nu s-a putut demonstra efectiv ca acest soft face ceva rau, iar ca urmare a acestui lucru (si a faptului ca firma ce produce MyWebSearch a depus mai multe plangeri), detectia a fost scoasa din BitDefender (si din alte produse competitoare), acesta fiind si motivul pentru care BitDefender nu a detectat nimic legat de acest presupus adware in sistemul tau.


    Din acelasi motiv, nu ai motive de ingrijorare legat de aceste detectii ale MalwareBytes AntiMalware. Chiar daca MyWebSearch este un soft la limita dintre bine si rau, totusi in niciun caz nu este o amentare de tip "downloader", care sa iti descarce alte tipuri de malware in sistem (daca ar fi fost asa, detectia nu ar fi fost scoasa sub nicio forma).


    Din tot logul postat mai sus, singurul lucru oarecum suspect este fisierul C:\WINDOWS\system32\ntos.exe. O referinta la acest fisier apare si in logul de AVIS, insa nu am observat-o la prima vedere (logul este totusi foarte mare, si pr si simplu nu am observat referinta).


    Desi sunt sigur ca fisierul in cauza nu mai exista (MalwareBytes a detectat doar o urma in registrii), totusi incearca sa-l cauti si, daca il gasesti, ataseaza-l aici (in arhica ZIP, cu parola infected). In caz ca il postezi, va fi analizat cat de curand posibil.


    Urmeaza si instructiunile de aici: http://forum.bitdefender.com/index.php?showtopic=3573


    Cris.

  • Lady C.C
    editat februarie 2009

    Se pare ca ntos.exe nu l-am gasit, insa am gasit derivatele sale: ntoskrnl.exe si ntoskvs1.exe. Nu stiu daca sunt corupte(am incercat sa ma documentez pe internet, dar nu cred ca am inteles prea multe), vreau sa stiu daca sunt curate sau infectate. Le-am arhivat cu parola infected. Multumesc de ajutor!

  • alexcrist
    alexcrist
    editat decembrie 2008

    ntoskrnl.exe este fisier legitim din Windows. E curat.


    Cat despre celalalt, pare OK la prima vedere. Insa il voi trimite spre analiza, ca sa avem un rezultat concret.


    Cris.


    EDIT: Sper ca nu ai sters fisierele astea doua din System32. Poti avea mari probleme daca le stergi!

  • Lady C.C
    editat decembrie 2008

    Nu, stai linistit, nu le-am sters. Oricum, atunci cand am mutat fisierul ntoskrnl.exe pe desktop pentru arhivare, s-a creat o dublura(fisierul original a ramas in system32), in comparatie cu ntoskvs1.exe care s-a mutat pe desktop fara duplicat. Astept raspunsul tau, Cris. Multumesc!

  • Si celalalt fisier este curat.


    Daca in continuare ai probleme cu BitDefender, este posibil sa se fi corupt vreun fisier. Incearca o reparare (pornesti kit-ul de instalare, si alegi Repair), sau o reinstalare completa (foloseste Uninstall Tool pentru a dezinstala versiunea curenta).


    Cris.

  • Multumesc mult, Cris. Daca o sa mai am probleme, o sa te anunt. O zi buna in continuare si va multumesc tie si lui crysty2k5 pentru ajutorul acordat! Va multumesc inca o data!