Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte

[es] :: Zaštita :: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte

Strane: 1 2

[ Pregleda: 7625 | Odgovora: 24 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:01 - pre 197 meseci
Ljudi imam problem oko ovog virusa nemogu nikako da ga obrisem imao sam nod32 i pronasao ga je ali ga nije mogao obrisati nikako i stalno mi je izbacivao poruku da je virus aktivan.Iskljucio sam system restore otisao u safe mode i skenirao ali kad se pokrene win on se ponovo pojavi.Danas sam instaliro avast ali ne vredi stalno se pojavljuje ponovo i nalazi se u C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\wmiprves[1].exe obrisem ga rucno ali se on pojavi ponovo. Postoji li kakav program za ovaj problem a da se ne mora vrsiti instalacija win ponovo.
Pozdrav
 
Odgovor na temu

papak1
papucic mihael
serviser i unlocker mobilnih telefona
cro

Član broj: 139230
Poruke: 11
*.adsl.net.t-com.hr.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:07 - pre 197 meseci
mislim daa ces morati win ponovo instalirati, nemam neko logicko rijesenje kod nas se dogadjalo slicno u NASICAMA par kompova se zbrejkalo al kod servisera kompova. tako da je to izgleda neki modificirani virus. ili jednostavno nisi obrisao sve njegove filove

unlocker CRO
 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:15 - pre 197 meseci
Nije valjda da mora format i win ponovo imam dosta podataka sad ostaje pitanje dali su i oni zarazeni.Ajde sacekacu jos malo mozda iskopam neko resenje za ovaj problem ako nista to je zadnja solucija.
U svakom slucaju ti hvala.
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3778 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:25 - pre 197 meseci
Dobro je sto si iskljucio System Restore. Skini CCleaner i obrisi sve temp fajlove ukljucujuci i Temporary Internet Files sa njim. Okachi HiJackThis! log.
 
Odgovor na temu

papak1
papucic mihael
serviser i unlocker mobilnih telefona
cro

Član broj: 139230
Poruke: 11
*.adsl.net.t-com.hr.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:29 - pre 197 meseci
pokusaj filove koji su ti vrlo bitni koprat ali prije toga pokusaj sa avastom prekontrolirati taj folder svaki zasebno
unlocker CRO
 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:30 - pre 197 meseci
evo sad cu skinuti ccleaner ali ovo ne znam za hijack this.Jel mozes da mi to objasnis kako to da dobjem.
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3778 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:34 - pre 197 meseci
Uradi pretragu ovde na zastiti. Ima mnogo tema koje ti mogu pomoci.
 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:43 - pre 197 meseci
Skino sam ccleaner i skeniro i ocistio za sad mi ne izbacuje avast poruku da ima virusa videcu kad restartujem komp.
A evo i ovog hijck log.
Logfile of HijackThis v1.99.1
Scan saved at 9:41:28, on 21.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FG2CatchUrl - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 17:50 - pre 197 meseci
Sad sam resetovo racunar i ista situacija ponovo mi izbacuje da ima virus u C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\wmiprves[1].exe.
 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 18:12 - pre 197 meseci
evo ako je i ovo od pomoci log file od avasta.

SYSTEM 1512 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\WINDOWS\system32\ndt2.sys" file.
21.1.2008 7:30:44 SYSTEM 1484 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AV036HML\wmiprves[1].exe" file.
21.1.2008 7:31:01 SYSTEM 1484 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\WINDOWS\system32\ndt2.sys" file.
21.1.2008 7:56:28 SYSTEM 1516 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WR0D83I9\wmiprves[1].exe" file.
21.1.2008 7:56:44 SYSTEM 1516 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\WINDOWS\system32\ndt2.sys" file.
21.1.2008 8:26:44 SYSTEM 1516 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WR0D83I9\wmiprves[2].exe" file.
21.1.2008 8:27:03 SYSTEM 1516 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\WINDOWS\system32\ndt2.sys" file.
21.1.2008 8:46:27 kuljaking 2468 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WR0D83I9\wmiprves[1].exe" file.
21.1.2008 8:46:37 kuljaking 2468 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WR0D83I9\wmiprves[2].exe" file.
21.1.2008 8:49:31 kuljaking 2468 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\ndt2.sys" file.
21.1.2008 9:06:34 kuljaking 2468 Sign of "Win32:Agent-MCF [Trj]" has been found in "C:\System Volume Information\_restore{CD803E96-9E41-45CA-9832-CE2197A904A2}\RP5\A0000089.exe" file.
21.1.2008 9:21:20 kuljaking 2468 Sign of "Win32:Delf-HOX [Trj]" has been found in "D:\install\Vegas_7c_and_DVD_Architect_with_Keygen\keygen\keygen.exe" file.
21.1.2008 9:23:37 kuljaking 2468 Sign of "Win32:Delf-HOX [Trj]" has been found in "D:\System Volume Information\_restore{CD803E96-9E41-45CA-9832-CE2197A904A2}\RP5\A0000240.exe" file.
21.1.2008 9:47:35 SYSTEM 1512 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AV036HML\wmiprves[1].exe" file.
21.1.2008 9:47:43 SYSTEM 1512 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\WINDOWS\system32\tmp0_890157351648.bk" file.
21.1.2008 10:07:15 SYSTEM 1528 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WR0D83I9\wmiprves[1].exe" file.
21.1.2008 10:07:28 SYSTEM 1528 Sign of "Win32:Delf-HTI [Trj]" has been found in "C:\WINDOWS\system32\tmp0_151273339618.bk" file.


 
Odgovor na temu

glackop
Le.

Član broj: 168452
Poruke: 1143
*.ninet.co.yu.



+26 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 18:40 - pre 197 meseci
Zbog slicnosti tvog slucaja ja mesecno instaliram windows bar tri puta,i kad se trojanac vec smestio u sistem 32 nijedan ga antivirus nece obrisati,zato ne gubi vreme vec pocni formatirati C,a sve vazne podatke cuvaj u D,jer iz mog primera tamo virusi ne ulaze.
 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 18:53 - pre 197 meseci
OK Glackok to je zadnja opcija nego sam mislio da postoji neki program ili nacin da se to resi.Problem je sto imam dosta programa instaliranih a nemam ih na disku.http://static.elitesecurity.org/icon11.gif
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3778 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 19:25 - pre 197 meseci
Update-uj Avast i uradi boot time scan (udji u Avast GUI i naci ces gde se to podesava). Nemam vremena trenutno da pogledam HiJackThis! log ali cu ga pogledati. Ne formatiraj nista za sad. Nemoj da si lud :)
 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 19:34 - pre 197 meseci
Uradio sam boot time scan ali isto nadje on viruse i obrise ih ali se ponovo pojave.Mozda da pokusam sa nekim drugim antivirus programom.Probao sam sa Avastom i Nod 32 ali nista.Videcu veceras da skinem drugi pa da probam.Nemam ideju prosto.
 
Odgovor na temu

glackop
Le.

Član broj: 168452
Poruke: 1143
*.ninet.co.yu.



+26 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 19:49 - pre 197 meseci
Ja se svrstavam u pocetnike i moje misljenje je da antivirusi sluze da onemoguce virus da se smesti i uradi sto mu je zadato ali ako on vec predje tu prepreku onda je to skoro neresiv problem/bar za mene/ oko koga se mogu izgubiti vise uzaludnih sati,pa zar hakeri nisu vec razmisljali i o tome?
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
89.110.203.*

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 20:11 - pre 197 meseci
@kuljaking vidi ovo procitaj imas i direktne linkove, mozda pomogne

http://www.interfejs.tv/tekst.asp?id=501&b=6
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3778 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 20:14 - pre 197 meseci
U pitanju je trojanac a ne virus. Antivirusni alati sluze da stite ali nisu svemocni a novi virusi i slicna gamad za Windows se stalno pojavljuju...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3778 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 20:26 - pre 197 meseci
@kuljaking

Code:
C:\WINDOWS\system32\perfs.exe


i

Code:
C:\WINDOWS\system32\routing.exe


su fajlovi kojih treba da se ratosiljas.

Ovo treba da stikliras u HiJackThis!-u i obrises:

Code:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe


perfs.exe i routing.exe obrisi (to treba prvo da se odradi) tako sto ces da ih ubijes u Task manageru i onda ces manuelno odnavigirati do njih u system32 i najnormalnije ih obrisati. Ako ne tako onda iz Safe Mode-a.

I naravno posle ovoga sa brisanjem i sa HJT! ponovo odradi boot time scan sa avastom.





 
Odgovor na temu

kuljaking
xxxx xxxx
bjeljina

Član broj: 108007
Poruke: 51
*.telrad.net.



Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 21:46 - pre 197 meseci
Problem RESEN!
@Binary Mind ti si kralj svaka cast!
Pozdrav i Hvala!
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3778 Profil

icon Re: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte21.01.2008. u 22:10 - pre 197 meseci
Drago mi je da sam mogao da pomognem.
 
Odgovor na temu

[es] :: Zaštita :: Win32/TrojanDownloader.Delf.DSX trojanski konj Ljudi pomagajte

Strane: 1 2

[ Pregleda: 7625 | Odgovora: 24 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.