Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Browser-i zarazeni - anti-spayware, anti-virus ne pomazu

[es] :: Zaštita :: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu

[ Pregleda: 5132 | Odgovora: 8 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

n1tr0
Freelance
Cortanovci / NS

Član broj: 55279
Poruke: 465
*.mediaworksit.net.

Sajt: grubicv.iz.rs


+2 Profil

icon Browser-i zarazeni - anti-spayware, anti-virus ne pomazu07.07.2008. u 22:21 - pre 192 meseci
Dakle problem sam opisao u drugoj temi: http://www.elitesecurity.org/t...-Google-hoce-da-me-iznerviraju

Reklame dolaze sa servedbyadbutler (dot) com.
Skenirao sam sve sa avast!, spyeraser, spybot search & destroy, nod32 i nista nisu nasli...
Probao sa drugog kompa (samo spojio mrezni kabal od prvoga - za net) i sve je ok, ali ovaj je zarazen.
Izgubio sam sve moguce ideje - tj. gde se sakrio ovaj malware?
 
Odgovor na temu

n1tr0
Freelance
Cortanovci / NS

Član broj: 55279
Poruke: 465
*.mediaworksit.net.

Sajt: grubicv.iz.rs


+2 Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu08.07.2008. u 03:06 - pre 192 meseci
Pokusao i sa Kaspersky-im... Sve cisto...
 
Odgovor na temu

toldici
Aleksandar
Učenik
Apatin

Član broj: 180568
Poruke: 43
*.smin.itsisp.net.



Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu08.07.2008. u 09:57 - pre 192 meseci
Probaj u firefox ući u tools-add-ons i tamo vidi da li imaš nešto sumljivo instalirano.Ako to ne pomogne promeni verziju firefoxa.
 
Odgovor na temu

Dr.Web

Član broj: 167977
Poruke: 19
77.46.169.*



Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu08.07.2008. u 10:06 - pre 192 meseci
Probaj sa Dr.Web Cureit http://freedrweb.com/
 
Odgovor na temu

n1tr0
Freelance
Cortanovci / NS

Član broj: 55279
Poruke: 465
*.mediaworksit.net.

Sajt: grubicv.iz.rs


+2 Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu08.07.2008. u 10:52 - pre 192 meseci
Citat:
toldici: Probaj u firefox ući u tools-add-ons i tamo vidi da li imaš nešto sumljivo instalirano.Ako to ne pomogne promeni verziju firefoxa.
Ne shvatas najbolje - nije to samo u firefox-u nego svugde... Znaci svi browseri: firefox, opera, safari i ie... I ja sam to pomislio pa sam prvo poiskljucivao sve extenzije, plugin-ove, pa cak i teme, ali nije pomoglo.

Koliko ja vidim zajednicko svim browserima i AdSense-u je sto se izvrsi javascript kod, a to bi znacilo da su neki dll-ovi ili exe za izvrsavanje javascript koda inficirani - pokusao sam da zamenim jscript.dll, ali nije on u pitanju.

Citat:
Dr.Web: Probaj sa Dr.Web Cureit http://freedrweb.com/
Probacu...
 
Odgovor na temu

n1tr0
Freelance
Cortanovci / NS

Član broj: 55279
Poruke: 465
*.mediaworksit.net.

Sajt: grubicv.iz.rs


+2 Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu08.07.2008. u 11:26 - pre 192 meseci
Skeniracu sve, ali za sada sam pokrenuo express(memorija, root...) i skenirao C: i opet nista... :(
Da li neko zna koji sistemski fajlovi su sve zaduzeni za izvrsavanje javascript-a?
 
Odgovor na temu

Dr.Web

Član broj: 167977
Poruke: 19
79.101.197.*



Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu09.07.2008. u 11:02 - pre 192 meseci
Postavi HijackThis log.
 
Odgovor na temu

Stefan 93

Član broj: 178220
Poruke: 364
89.216.93.*



Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu09.07.2008. u 12:11 - pre 192 meseci
Naravno da ti avast i nod nisu pomogli pošto si zaražen adwerom, a oni su još novi u tome. Ne znam što se svi zaluđuju da je Kaspersky svemoćan. Bilo je nekoliko problema ovde na forumu da Spybot S&D nije ništa našao i kada srede pomoću hijackthis sve je u redu. Skeniraj sa hijackthis i okači log na ovaj sajt, što bi čekao da kačiš ovde i da ti drugi odgovaraju, to će trajati nekoliko dana
http://hijackthis.de/
 
Odgovor na temu

n1tr0
Freelance
Cortanovci / NS

Član broj: 55279
Poruke: 465
*.mediaworksit.net.

Sajt: grubicv.iz.rs


+2 Profil

icon Re: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu11.07.2008. u 03:36 - pre 192 meseci
Resio sam problem - cim sam video log posumnjao sam na Host-ove, a kasnije jos na onom linku videh da ne bi trebalo da bude tako... Mozda se problem pojavi kada ponovo restartujem komp, al' cemo da vidimo... Ovakav je log, pa obratite paznju na bold stvari:
Citat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:44, on 11.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5296.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink...Id=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834&clcid=0x409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.136.224.10:80
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 pagead.googlesyndication.com
O1 - Hosts: 72.167.163.234 pagead2.googlesyndication.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 38.113.174.32 view.atdmt.com
O1 - Hosts: 38.113.170.200 themis.geocities.yahoo.com // OBRISANO BOLD-ovano
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) // wtf is this???
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMcTray] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') // opet - wtf is this???
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A33BAA16-4318-4BCC-9863-79D49C65C8B6}: NameServer = 217.169.208.1,217.169.208.2 // Ovo su mi DNS-ovi, ali zasto sluzi ovaj value u registry?
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8544 bytes
 
Odgovor na temu

[es] :: Zaštita :: Browser-i zarazeni - anti-spayware, anti-virus ne pomazu

[ Pregleda: 5132 | Odgovora: 8 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.