Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Win32:Agent-AKOO [Drp]

[es] :: Zaštita :: Win32:Agent-AKOO [Drp]

[ Pregleda: 2946 | Odgovora: 18 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Win32:Agent-AKOO [Drp]05.08.2010. u 12:45 - pre 167 meseci
Ima problem sa Ime malware: Win32:Agent-AKOO [Drp], koji se nalazi u C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N1XSMYV\20100730[1].exe\GoogleUpdateBeta.exe

i C:\Windows\Temp\pfxA0E7.tmp.exe\GoogleUpdateBeta.exe i ima imae Kukavièije jaje....

MOLIM VAS ZA POMOC, JER KADA GA OBRISHEM ON SE NOVIM STARTOVANJEM WINDOWS 7 POJAVI.

NAPOMENA: Osim interneta svi programi rade normalno. Internet nekada uspori pa moram da idem na reload. Nema ove oznake medju pomenutim crvicima i virusima na forumu.

Hvala!
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]05.08.2010. u 14:21 - pre 167 meseci
Očisti temp direktorijume:
C:\WINDOWS\Temp
C:\Documents and Settings\Vas-Account\Local Settings\Temp
C:\Documents and Settings\Vas-Account \Local Settings\Temporary Internet Files

Obrisi sve unutar Recycle Bin-a...skini Malwarebytes' Anti-Malware http://download.cnet.com/Malwa...8022_4-10804572.html?tag=mncol , update-uj i odradi Full scan...kada zavrsi, log (text file) sa rezultatima nam upload-uj ovde...
Koji AV koristis?
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]05.08.2010. u 16:53 - pre 167 meseci
Koristim AVAST 4.8 antivirus.

EVo loga:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4393

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05-Aug-10 17:51:11
mbam-log-2010-08-05 (17-51-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 238395
Time elapsed: 47 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> No action taken.
C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.
D:\System Volume Information\_restore{0828F4C7-33E6-4A35-A9EB-0EF9E8DB1505}\RP15\A0005881.exe (Malware.Packer.Gen) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\Damn_MainConcept_MPEG_1&2_Plugin_v1.0_Keygen.exe (Trojan.Agent.CK) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\damn_MP3Plugin_kg.exe (Trojan.Agent.CK) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\Multi-KeyGenerator.exe (Trojan.Downloader) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\SF8_Retail.exe (Trojan.Downloader) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\SF8_Trial.exe (Trojan.Downloader) -> No action taken.
C:\Users\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe (Trojan.Agent) -> No action taken.
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]05.08.2010. u 18:14 - pre 167 meseci
Ovako...deinstaliraj taj Avast i skini Avast!5 Free odavde http://download.cnet.com/Avast...2239_4-10019223.html?tag=mncol , instaliraj, update-uj ga i odradi Full scan...nakon toga odradi jos jednom Full scan Malwarebytes'-om i opet mi postavi log da vidim kakvo je stanje...posto dobar deo malware-a napada preko USB-a, instaliraj MCShield http://amf.mycity.rs/programs/mc/mcshield/ , on ce automatski brisati malware-e prilikom ubacivanja flash-a svaki sledeci put...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]05.08.2010. u 23:04 - pre 167 meseci
Avast je 8 virusa, 7 na C i 1 na D, a posle toga sam uradio sa Malwarebytes'-om scan i log glasi:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4393

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06-Aug-10 00:02:01
mbam-log-2010-08-06 (00-02-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 238775
Time elapsed: 42 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\71747601\2302A1E7\memman.vxd (Rogue.sysCleaner) -> No action taken.
C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.
D:\System Volume Information\_restore{0828F4C7-33E6-4A35-A9EB-0EF9E8DB1505}\RP15\A0005881.exe (Malware.Packer.Gen) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\Damn_MainConcept_MPEG_1&2_Plugin_v1.0_Keygen.exe (Trojan.Agent.CK) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\damn_MP3Plugin_kg.exe (Trojan.Agent.CK) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\Multi-KeyGenerator.exe (Trojan.Downloader) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\SF8_Retail.exe (Trojan.Downloader) -> No action taken.
D:\PROGRAMI\Sony_Sound_Forge_8.0\SF8_Trial.exe (Trojan.Downloader) -> No action taken.
C:\Users\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe (Trojan.Agent) -> No action taken.
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]05.08.2010. u 23:20 - pre 167 meseci
Da li si po zavrsetku skeniranja isao na Remove selected???
Da li si restartovao komp kada je Malwarebytes zavrsio???
Nemoguce da je opet ista situacija...
Odradi opet Full scan Malwarebytes-om, ukloni detektovane malware-e, prekopiraj mi log, a zatim restartuj komp...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

goran9888

Član broj: 171536
Poruke: 235
*.dynamic.isp.telekom.rs.



+18 Profil

icon Re: Win32:Agent-AKOO [Drp]05.08.2010. u 23:20 - pre 167 meseci
Nakon sto zavrsis scan MBAM-om, klikni kao na slici.
 
Odgovor na temu

Goran Mijailovic

Član broj: 12684
Poruke: 6907



+437 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 00:30 - pre 167 meseci
Citat:
C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.


ocigledno nije isao...
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 00:51 - pre 167 meseci
Shvatio sam, ali kad sam vec napisao poruku... :)
@nenad0000, uradi kako sam ti rekao...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 07:16 - pre 167 meseci
Hocu, pustio sam ga da radi pa cu da obrishem sve selectovana!
Nisam ti poslao Goran Mijailovic shta je Avast 5 uradio.

Evo ga:

http://img718.imageshack.us/i/scanresults.jpg/

Chim MBAM zavrshi, javljam za log!
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 09:08 - pre 167 meseci
Zavrshio je sa skeniranjem Malwarebytes i sada log ovaj poslednji glasi:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4393

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06-Aug-10 09:57:19
mbam-log-2010-08-06 (09-57-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 238292
Time elapsed: 40 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Obrisao sam sve selektovano, restartovao i sada nema vishe inficiranih file-ova. Da li da skeniram sa Avstom 5 opet?
Hvala!
 
Odgovor na temu

goran9888

Član broj: 171536
Poruke: 235
217.16.130.*



+18 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 10:09 - pre 167 meseci
Ugasi pa upali System Restore.
Nakon toga uradi full scan Avast-om...
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 12:09 - pre 167 meseci
Nije potrebno nista vise, ukoliko je Malwarebytes' ocistio sve...jos samo Avastom prekontrolisi i bice sve ok... ;)
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 12:37 - pre 167 meseci
Avast je opet pronashao 5 file-ova!\

Slika:

http://img196.imageshack.us/f/scanresults06082010.jpg/

Shta da radim?
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 13:00 - pre 167 meseci
Brisi slodobno sve, ti trojanci se nalaze u Temporary Internet Files-u, ne mozes nista da ostetis...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 13:05 - pre 167 meseci
OK, obrisacu!

Hvala PUNO Aleksandar Maletic i goran9888 na pomoci!
 
Odgovor na temu

dava
Banja Luka

Član broj: 27208
Poruke: 893



+384 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 13:08 - pre 167 meseci
Ostaje pitanje odkud sad oni tu. Da li si surfao netom u medjuvremenu, ako jesi OK, ako nisi moguće je da imaš neki downloader u sistemu koji ih skida.
SELECT * FROM หน่วยงานหลัก WHERE ยสันติ LIKE 'โดย%'
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 13:18 - pre 167 meseci
Instaliraj MCShield http://amf.mycity.rs/programs/mc/mcshield/ , on ce svaki naredni put brisati malware-e prilikom ubacivanja USB flash-a...
Proveravaj stanje, odradi za dan-dva scan Avastom i Malwarebytes-om (dovoljan je Quick Scan) pa nas obavesti ako se slucajno pojavi nesto...
Mozda je @dava u pravu...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

nenad0000
Beograd

Član broj: 47151
Poruke: 19
*.dynamic.isp.telekom.rs.



+1 Profil

icon Re: Win32:Agent-AKOO [Drp]06.08.2010. u 13:25 - pre 167 meseci
Uradio sam ponovo Full Scan sa Avastom 5 i nema nishta. Chak sam i restartovao comp i sve je ok.
MCShield sam skinuo i instalirao i probao sam sa nekim USB fleshom i pronalazi i brishe sve malware koje nadje!

Hvala za napomenu @dave, dileme nema nestali su kada sam ih obrisao. To nisam napomenuo, sorry!
Skenirao sam nema nichega, sve je OK.

Hvala puno josh jednom...
 
Odgovor na temu

[es] :: Zaštita :: Win32:Agent-AKOO [Drp]

[ Pregleda: 2946 | Odgovora: 18 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.