Am Nevoie De Putin Ajutor

liberate
liberate
în Discu355ii generale

Sunt nou pe sv,si sunt la primul meu topic insa am o problema,aseara am decis sami scanez putin pc si am gasit urmatoarele:


C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\ATOJ8XAN\index[1].htm Infectat Trojan.JS.PXM


C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\EI7P1ZP7\code2[1].htm Detected: Application.JS.ForcePopup.I


Iam descoperit ci BitDefender 8,problema e ca nu le poate face nimik decat sa le dea ignore,asa ca miam oprit netu si mam dus Tools/Folder Options/View/Hidden files and folders si am bifat pe Show hidden files and folders, apoi mam dus in:


C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files


C:\Documents and Settings\<My Name>\Local Settings\Temp


si am sters toate fisierele, coockies alea,apoi am pornit din nou o scanare si de data asta a gasit din nou:


C:\Documents and Settings\<My Name>\Local Settings\Temporary Internet Files\Content.IE5\ATOJ8XAN\index[1].htm Infectat Trojan.JS.PXM


Ce pot face ca sa scap de el,e virus sau e vreun virus imaginar pe care si-l creaza bitdefender dupa anumiti algoritmi care ii are el?Lam cautat si pe site la virus history sau ceva de genu sa vad daca exista si nu gasea decat Trojan.JS.****


PS:Va rog sa ma ajuati ,sami ziceti cum sa scap de el?daca e periculos?

Comentarii

  • Sm3K3R
    Sm3K3R ✭✭✭

    Repeta procedura in Safe Mode ,dar inainte sa intri in SafeMode dezactiveaza System Restore pe toate partitiile.Sterge dupa procedura si folderele Recycled (dupa ce in prealabil ai dezactivat Recycle Binul total, ca sa poti sterge folderele lejer)


    Daca vrei sa verifici veridicitatea infectiei poti sa scanezi fisirele suspecte in virustotal.


    Mai poti incerca scanari cu MalwareBytes Antimalware si SpyBot Search & Distroy.


    N-ar fi rau sa postezi si un log HijackThis , programelul il gasesti aici : http://www.trendsecure.com/portal/en-US/to...ools/hijackthis


    Infectia vine de pe un site si iti recomand sa eviti situl respectiv si sa activezi in BD scanarea traficului http ,daca nu ai facut-o deja.

  • liberate
    liberate

    Pai cred ca stiu dp ce site vin si o sal evit,insa am mai facut un tipic pe un alt forum si mi sa zis sa folosesc avast si sai dau un scan boot,asta am si facut si nu a descoperit nimica,acu nu stiu ce sa cred,am luat programul HijackThis dar nu stiu cum sal folosesc,momentan am avast pe pc,treb sa il dezinstalez ca sa pot scana cu HijackThis?


    PS:Inca ceva,ce antivirus ar trebui sami pun,sa tin in continuare avast profesional 4(lam luat dp site de la ei,si tine numa 60 de zile,daca nu ii bag cod) sau bitdefender 2008 cu liceenta sau avg free edition?

  • Sm3K3R
    Sm3K3R ✭✭✭


    Logul HijackThis se obtine foarte simplu,downlodezi una din versiuni(installer sau zip cu exe) de pe situl oficial ,rulezi aplicatia si alegi "Do a system scan and save a log file ".Computerul va fi scanat si va fi generat si un fisier cu extensia .log din care dai copy si paste pe forum la tot continutul ,logul fiind ulterior analizat de cineva cu experienta in domeniu.Daca in acel log exista intrari necorespunzatoare ti se va sugera ce sa stergi din interfata HijackThis.


    Ti-am mai recomandat si scanari cu freeware-urile MalwareBytes ( http://www.malwarebytes.org/ ) si Spybot Search & Distroy ( http://www.safer-networking.org/en/download/ ) ,scanari pe care le faci ,dupa ce updatezi programasele, cu mufa de net scoasa.


    Boot scanul cu antivirusul pe care il folosesti e recomandat.


    Daca vrei antivirus freeware sunt doar 3 mari si late iar cel pe care-l folosesti deja e mai bun ca celalalt mentionat de tine.


    BD 2008 (light) sau BD 2009 (pe care nu ti l-as recomanda pentru sisteme cu procesor single core) nu vor dezamagi ,eventual poti apela la licentele din revistele IT romanesti,dar orice antivirus ai alege nu te va proteja daca frecventezi situri obscure,de aceea pentru o navigare mai sigura e recomandat sa folosesti browsere up to date(eventual cu pluginuri antiscript) si un sandbox cum ar fi Sandboxie ( http://www.sandboxie.com/ ).


    Fa scanarile si posteaza loguri prin metoda copy/paste sa vedem care e problema.

  • liberate
    liberate

    Pai am facut cu HijackThis,uie logul:


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 6:55:57 PM, on 1/16/2009


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    C:\Program Files\Alwil Software\Avast4\ashServ.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\RUNDLL32.EXE


    D:\Program Files\Winamp\winampa.exe


    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    C:\Program Files\VIA\RAID\raid_tool.exe


    C:\WINDOWS\system32\nvsvc32.exe


    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    C:\WINDOWS\system32\wscntfy.exe


    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll


    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll


    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll


    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll


    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"


    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe


    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll


    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3


    O17 - HKLM\System\CS1\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3


    O17 - HKLM\System\CS2\Services\Tcpip\..\{8AD72890-139A-430B-982B-9F9844236783}: NameServer = 89.40.196.2,89.40.196.3


    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll


    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe


    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe


    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe


    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    --


    End of file - 5399 bytes


    Iar in legatura cu celelalte programe care mi leai sugerat,am luat ala SpyBoot search and destroy,dar nu lam bagat ca nu am inteles ceva,deci trb sa instalez programu iar apoi cand sai dau scan trb sa scot si mufa de la net,sa opresc netu si apoi mai trb sa scanez si cu avast?


    In legatura cu site-uri obscure ,nu intru pe asa ceva,ca nu vreau probleme,problema e sora mea care intra pe nu stiu ce siteuri de muzica(manele <img class=" /> )


    PS:antivirusu care ar trebui sal pastrez e avast?(scz dar is ametit rau de tot(nu de bautua),am fost ascultat astazi la sc la 3 obiecte si am dat si lucrare :wacko:

  • Sm3K3R
    Sm3K3R ✭✭✭


    In opinia mea de nespet logul e clean.


    Cat despre scanul cu Spybot Search & Distroy ,fraza mea initiala e foarte clara si cu virgule unde trebuie.Instalezi ,updatezi, scoti firul de net ,intri in safe mode si dai scan.


    Daca vrei av free ,ce ai e ok ,daca vrei antivirus pe bani bagi BD 2008 sau BD 2009. B)

  • rootkit
    rootkit ✭✭✭

    Logul e clean.


    Descarca: ATF Cleaner si salveaza-l pe Desktop.


    Dublu-click pe el, bifeaza "Select All" si apasa "Empty selected".


    pic1atf.gif


    Apoi ruleaza un scan cu Bitdefender in Safe mode !

Liderul tuturor timpurilor

Categorii de discuții

Defenders of the month