Momci, momci, momci!!! Pa nećemo tako. Pa jesmo li mi tu da rešimo problem ili ne?
Meni se pre neki dan isto desilo.
Ali imam rešenje problema. Radi se o jednoj otimačini browsera i jednom crvu.
Pobrišite datoteke na disku koje imaju ovakve nazive, ali samo ako su veličine oko 21 kb i u sebi imaju tekst "HidePE":
C:\Program Files\directx\directx.exe
C:\Program Files\Common Files\System\systeem.exe (ima viška 'e')
C:\Windows\explore.exe (fali slovo 'r' na kraju)
C:\Windows\System\internet.exe
C:\Windows\Media\wmplayer.exe
C:\Windows\Help\helpcvs.exe
C:\Program Files\Accessories\accesss.exe (ima viška 's')
C:\Games\systemcritical.exe
C:\Documents Settings\sistem.exe
C:\Program Files\Common Files\Windows Media Player\wmplayer.exe
C:\Windows\Start Menu\Programs\Accessories\Game.exe
C:\Windows\sistem.exe
C:\Windows\System\RunDll16.exe
C:\Windows\iexplorer.exe (extra 'i' ili extra 'r')
C:\y.exe
C:\x.exe
c:\funny.exe
c:\funniest.exe
c:\Windows\notepad32.exe
C:\Windows\system\kazaa.exe
C:\Windows\system32\kazaa.exe
C:\Program Files\Common Files\Services\iexplorer.exe
C:\Program Files\Common Files\Services\explore.exe
C:\Program Files\Common Files\Services\exploreer.exe
C:\Program Files\Common Files\Services\sistem.exe
C:\Program Files\Common Files\Services\critical.exe
C:\Program Files\Common Files\Services\directx.exe
C:\Program Files\Common Files\Services\internet.exe
C:\Program Files\Common Files\Services\window.exe
C:\Program Files\Common Files\Services\winmgnt.exe
C:\Program Files\Common Files\Services\clrssn.exe
C:\Program Files\Common Files\Services\explorer32.exe
C:\Program Files\Common Files\Services\win32e.exe
C:\Program Files\Common Files\Services\directx32.exe
C:\Program Files\Common Files\Services\uninstall.exe
C:\Program Files\Common Files\Services\volume.exe
C:\Program Files\Common Files\Services\autorun.exe
C:\Program Files\Common Files\Services\users32.exe
C:\Program Files\Common Files\Services\notepad.exe
C:\Program Files\Common Files\Services\win64.exe
C:\Program Files\Common Files\Services\inetinf.exe
C:\Program Files\Common Files\Services\time.exe
C:\Program Files\Common Files\Services\systeem.exe
c:\Windows\system32\iexplorer.exe
c:\Windows\system32\explore.exe
c:\Windows\system32\exploreer.exe
c:\Windows\system32\sistem.exe
c:\Windows\system32\critical.exe
c:\Windows\system32\directx.exe
c:\Windows\system32\internet.exe
c:\Windows\system32\window.exe
c:\Windows\system32\winmgnt.exe
c:\Windows\system32\clrssn.exe
c:\Windows\system32\explorer32.exe
c:\Windows\system32\win32e.exe
c:\Windows\system32\directx32.exe
c:\Windows\system32\uninstall.exe
c:\Windows\system32\volume.exe
c:\Windows\system32\autorun.exe
c:\Windows\system32\users32.exe
c:\Windows\system32\win64.exe
c:\Windows\system32\inetinf.exe
c:\Windows\system32\time.exe
c:\Windows\system32\systeem.exe
- ili sve slično, ALI veličine oko 21.06KB i sa tekstom "HidePE" unutra
- u slučaju da ne možete da ih pobrišete, ubijte istoimene procese iz memorije
- ovaj crv će vam onesposobiti vaš firewall, pa se požurite da to rešite
ALI TO NIJE SVE!!! Time nije rešen problem browsera. Za TO ćete morati u REGEDIT da promenite zapise koji zlostavljaju vaš registry:
HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer,SearchURL =
HKCU\Software\Microsoft\Internet Explorer\SearchURL,@ =
http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\SearchURL,@ =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://magicsearch.ws
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://magicsearch.ws
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKCU\Software\Microsoft\Internet Explorer,Search =
http://magicsearch.ws/?q=
promenite u
HKCU\Software\Microsoft\Internet Explorer,Search =
HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer,SearchURL =
HKLM\Software\Microsoft\Internet Explorer\SearchURL,@ =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\SearchURL,@ =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://magicsearch.ws
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://magicsearch.ws
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://magicsearch.ws/?q=
HKLM\Software\Microsoft\Internet Explorer,Search =
http://magicsearch.ws/?q=
promenite u
HKLM\Software\Microsoft\Internet Explorer,Search =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix,@ =
http://magicsearch.ws/?q=
promenite u
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix,@ = http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes,www =
http://magicsearch.ws/?q=
promenite u
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes,www = http://
- na svim ostalim mestima gde nađete "*magicsearch.ws*", promenite u ""
TO BI BILO TO! Ja sam uspio u svom naumu.Bar mislim. Probajte i ako vam uspije, javite mi.