Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Trojan downloader-kako ga otkloniti

[es] :: Zaštita :: Trojan downloader-kako ga otkloniti

Strane: 1 2

[ Pregleda: 7169 | Odgovora: 25 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Trojan downloader-kako ga otkloniti22.10.2009. u 18:18 - pre 176 meseci
sa mreže sam pokupio virus,i sad mi ga nod stalno detektuje,dnevno 50-tak puta i više,stavi ga u karantin i obriše.i onda ponovo,i ponovo i ponovo...tri puta sam skenirao računar i ništa.u treath logu piše: trojan downloader.unruy.AAtrojan
kako da se rešim napasti?
P.S.
Nemam baš puno iskustva sa ovim
 
Odgovor na temu

Zoran Rodic
Beograd

Član broj: 57538
Poruke: 3215
*.adsl-a-1.sezampro.yu.

Sajt: zoranrodic.in.rs


+63 Profil

icon Re: Trojan downloader-kako ga otkloniti22.10.2009. u 19:52 - pre 176 meseci
Pogledaj u log ekranu Nod-a ... šta konkretno briše.

Da li lokacija ispred ima IP adresu, tj. vidi da ne dolazi sa drugog računara u mreži.
Lomografija je kad imaš sa čime, a nećeš … a Pinhole kad nemaš sa čime, a hoćeš! tm
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti22.10.2009. u 21:24 - pre 176 meseci
evo šta piše:
Time Module Object Name Threat Action User Information
21.10.2009 17:53:38 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv41734.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
21.10.2009 17:34:36 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv40810.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
21.10.2009 17:21:19 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv39885.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
21.10.2009 17:05:02 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv38961.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
21.10.2009 16:50:32 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv38038.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
21.10.2009 16:50:29 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv37115.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
21.10.2009 16:23:38 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\ctv36193.exe Win32/TrojanDownloader.Unruy.AA trojan quarantined - deleted VPC-DM\sef proizvodnje Event occurred on a new file created by the application: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe. The file was moved to quarantine. You may close this window.
20.10.2009 17:14:50 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\rjfhadkz.exe Win32/TrojanDropper.Agent.NNE trojan quarantined - deleted Event occurred on a new file created by the application: C:\Documents and Settings\sef proizvodnje\My Documents\Downloads\Keygen.Scanitto.1.16.0.0 (1).exe. The file was moved to quarantine. You may close this window.
20.10.2009 17:11:16 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\bbjcozzc.exe a variant of Win32/Kryptik.WJ trojan quarantined - deleted Event occurred on a new file created by the application: C:\Documents and Settings\sef proizvodnje\My Documents\Downloads\Keygen.Scanitto.1.16.0.0 (1).exe. The file was moved to quarantine. You may close this window.
20.10.2009 17:11:02 AMON file C:\DOCUME~1\SEFPRO~1\LOCALS~1\Temp\evgsaukr.exe a variant of Win32/Kryptik.AWP trojan quarantined - deleted Event occurred on a new file created by the application: C:\Documents and Settings\sef proizvodnje\My Documents\Downloads\Keygen.Scanitto.1.16.0.0 (1).exe. The file was moved to quarantine. You may close this window.
20.10.2009 17:10:19 IMON file http://stopicot.ultrxxxxa.com/pzdcbl/ll.exe a variant of Win32/Kryptik.AWP trojan VPC-DM\sef proizvodnje
20.10.2009 17:09:10 IMON file http://medianetxxxx.com/Serial.Scanitto.1.16.0.0.45042.exe a variant of Win32/Kryptik.AWQ trojan VPC-DM\sef proizvodnje



i nadalje sve tako.uvek je iza onog ctv drugi broj.šta dalje?

[Ovu poruku je menjao Dashkes dana 23.10.2009. u 00:28 GMT+1]
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 01:31 - pre 176 meseci
Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt


Kopiraj mi DDS.txt
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 06:06 - pre 176 meseci
evo šta kaže:
DDS (Ver_09-10-13.01) - NTFSx86
Run by sef proizvodnje at 6:42:09,31 on pet 23.10.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.759.271 [GMT 2:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ClocX\ClocX .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc .exe
C:\WINDOWS\NCLAUNCH .exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\sef proizvodnje\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyServer = 192.168.80.10:8080
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB0.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB0.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sef proizvodnje\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [ClocX] c:\program files\clocx\ClocX.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [WHITNEY_S2P] c:\program files\samsung\samsung scx-4x21 series\psu\Scan2pc.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\sefpro~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?b34629e0ae824782a5c6cde136a71638
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?b34629e0ae824782a5c6cde136a71638
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {599C0F30-3E75-4233-85A3-584FAC958C16} = 195.178.32.2,212.200.13.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-5-18 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-20 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 MCUSBPM3;Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS);c:\windows\system32\drivers\PM3w2k.sys [2004-3-22 12447]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 mpr_freader;MPR FileReader Driver;\??\c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys --> c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-10-21 06:15 30,208 a------- c:\documents and settings\sef proizvodnje\rundll32.exe bthprops .exe
2009-10-20 17:10 10 a------- c:\windows\system32\kr_done1
2009-10-03 06:18 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-23 06:18 30,208 a------- c:\windows\nclaunch.exe
2009-09-14 19:13 2,568 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-11 16:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 16:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 23:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 23:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 12:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 12:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 07:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 07:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 10:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 10:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-13 17:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 11:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 17:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 16:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 16:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 16:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-03-14 12:54 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-04-21 14:05 8 ---shr-- c:\windows\system32\BB642112CA.sys
2009-04-01 08:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat

============= FINISH: 6:42:46,59 ===============
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 10:43 - pre 176 meseci
Skini ovaj program http://swandog46.geekstogo.com/avenger2/download.php
Raspakuj ga u folder
Dvoklikom pokreni avenger.exe
Iskopiraj ovaj tekst u beli prozor programa

Code:


Files to delete:
c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys
c:\windows\system32\kr_done1

Drivers to delete:
mpr_freader


Zatim klikni Execute pa dva puta Yes.
Kompjuter ce se restartovati, mozda dva puta.
Postavi log fajl C:\avenger.txt
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 13:47 - pre 176 meseci
završio sam sve kao što si mi reko ,dva puta se restartovao,kad sam se ulogovao pojavio se donji text,i dok sam ga ja pogledao opet mi je nod prijavio da je otkrio virus:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Oct 23 14:44:10 2009

14:44:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys"
Deletion of file "c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "c:\windows\system32\kr_done1" deleted successfully.
Driver "mpr_freader" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 13:53 - pre 176 meseci
Ok ajde ovako cemo da ga sklonimo.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe Skini na desktop
Iskljuci Antivirus
Pokreni ga dvoklikom sa desktopa
Odgovori potvrdno za sve sto te pita
Na kraju skeniranja izbacice ti log koji ces mi kopirati ovde.
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 15:39 - pre 176 meseci
Šta dalje? da li je sada uklonjen napokon?

ComboFix 09-10-22.01 - sef proizvodnje 23.10.2009 16:29.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.759.267 [GMT 2:00]
Running from: c:\documents and settings\sef proizvodnje\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~WRD0005.tmp
c:\documents and settings\sef proizvodnje\rundll32.exe bthprops .exe
c:\recycler\S-1-5-21-674801537-3840082271-3752609986-500
c:\windows\nclaunch .exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\comrepl.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\documents and settings\sef proizvodnje\Local Settings\Application Data\PCHealth
2009-10-03 04:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 12:47 . 2004-12-14 10:39 -------- d-----w- c:\program files\ClocX
2009-10-23 12:47 . 2009-02-13 09:46 30208 ----a-w- c:\windows\nclaunch.exe
2009-10-23 08:36 . 2008-11-26 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-21 16:32 . 2009-01-20 07:50 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-14 06:06 . 2008-12-03 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-14 17:16 . 2008-12-31 10:55 -------- d-----w- c:\documents and settings\sef proizvodnje\Application Data\MSN6
2009-09-14 17:13 . 2007-04-21 12:05 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-11 14:18 . 2003-03-31 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 04:46 . 2009-03-20 07:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 10:20 . 2007-04-26 10:17 -------- d-----w- c:\documents and settings\sef proizvodnje\Application Data\Skype
2009-09-06 08:37 . 2008-03-14 10:54 -------- d-----w- c:\documents and settings\sef proizvodnje\Application Data\skypePM
2009-09-04 21:03 . 2003-03-31 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-12-07 14:37 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2003-03-31 02:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 10:44 . 2009-08-26 10:44 -------- d-----w- c:\program files\Readiris
2009-08-26 10:44 . 2004-10-29 23:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-26 08:00 . 2003-03-31 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-12-12 07:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2003-03-31 02:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2003-03-31 02:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-04-21 12:05 . 2007-04-21 12:05 8 --sh--r- c:\windows\system32\BB642112CA.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-04-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-04-01 05:35 1883672 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-04-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-04-01 1883672]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-26 133104]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2009-10-23 30208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-06-01 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2009-10-20 30208]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2009-10-23 30208]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-18 949376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-07 98304]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2009-10-23 30208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\sef proizvodnje\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Google Update"="c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"TomcatStartup"=c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"StatusClient"=c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"IgfxTray"=c:\windows\System32\igfxtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18.5.2007 13:36 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [20.3.2009 9:28 55152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S2 MCUSBPM3;Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS);c:\windows\system32\drivers\PM3w2k.sys [22.3.2004 2:45 12447]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-16 07:36]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241337480-236900093-1425797982-1006Core.job
- c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-26 07:24]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241337480-236900093-1425797982-1006UA.job
- c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-26 07:24]

2009-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyServer = 192.168.80.10:8080
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b34629e0ae824782a5c6cde136a71638
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b34629e0ae824782a5c6cde136a71638
LSP: imon.dll
TCP: {599C0F30-3E75-4233-85A3-584FAC958C16} = 195.178.32.2,212.200.13.13
.
- - - - ORPHANS REMOVED - - - -

AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\imon.dll
.
Completion time: 2009-10-23 16:37
ComboFix-quarantined-files.txt 2009-10-23 14:37

Pre-Run: 35.703.853.056 bytes free
Post-Run: 36.430.077.952 bytes free

- - End Of File - - 37C1F0A51E5F2AC9357E7A8F912A0269
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 16:30 - pre 176 meseci
sve je isto...
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 17:19 - pre 176 meseci
Imas li izvestaj sta ti to pronalazi nod, ili uslikaj pa postavi da vidim.
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 18:53 - pre 176 meseci
Slikao,još kad bi mi reko kako da dodam sliku u ovoj poruci?
Ako pomaže piše sledeće:
Alert details
File:
C:\DOCUME-1\SEFPRO-1\LOCALS-1\Temp\ctv6623.exe
Threat:
Win32/TrojanDownloader.Unruy.AAtrojan
Comment:
Event occured on a new file created by application>C:\Program Files\Compaq\SetRefresh\SetRefresh.exe.The file was moved to quarantine.You may close this window.
 
Odgovor na temu

Zoran Rodic
Beograd

Član broj: 57538
Poruke: 3215
*.adsl-a-1.sezampro.yu.

Sajt: zoranrodic.in.rs


+63 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 19:09 - pre 176 meseci
Ajde isključi System restore, pa obriši sadžaj TEMP foldera,
C:\Windows\Temp i ovaj što se spominje najviše ... idi Start-Run pa učukaj
%temp%
pa pobriši sve to što ima
Isprazni Recycle Bin pa skeniraj sa Malwarebytes i kasnije sa NOD-om
Lomografija je kad imaš sa čime, a nećeš … a Pinhole kad nemaš sa čime, a hoćeš! tm
 
Odgovor na temu

mitije
dejan mitic
vlasotince

Član broj: 199623
Poruke: 20
212.200.23.*



Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 21:06 - pre 176 meseci
opet isto.sve sam uradio kao sto si reko i dok sam skenirao nod-om 3 puta se uključio alarm da je pronašao virus.Malverbytes nisam koristio i nemam ga(valjda).Šta dalje činiti?
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 21:11 - pre 176 meseci
Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u (dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira (to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning (izgleda kao Play dugme).

Pokazite log (zapakujte u ".rar" arhivu i upload-ujte) CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\
 
Odgovor na temu

Zoran Rodic
Beograd

Član broj: 57538
Poruke: 3215
*.adsl-a-1.sezampro.yu.

Sajt: zoranrodic.in.rs


+63 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 21:19 - pre 176 meseci
Citat:
mitije: .Malverbytes nisam koristio i nemam ga(valjda).Šta dalje činiti?



Pa prilično sam uveren da bi on baš rešio problem.
Lomografija je kad imaš sa čime, a nećeš … a Pinhole kad nemaš sa čime, a hoćeš! tm
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 21:27 - pre 176 meseci
Citat:
Zoran Rodic: Pa prilično sam uveren da bi on baš rešio problem.


Pre nego odradis ovo deinstaliraj combofix.
Start > run > Combofix /u > enter.
 
Odgovor na temu

valjan
Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Moderator
Član broj: 158605
Poruke: 3531
*.dynamic.sbb.rs.



+553 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 23:02 - pre 176 meseci
Koliko sam video na stranim forumima, problem resavaju i Dr.Web, i ComboFix, i MBAM i SuperAntiSyware, ali svi samo iz SafeMode-a...
 
Odgovor na temu

Zoran Rodic
Beograd

Član broj: 57538
Poruke: 3215
*.adsl-a-1.sezampro.yu.

Sajt: zoranrodic.in.rs


+63 Profil

icon Re: Trojan downloader-kako ga otkloniti23.10.2009. u 23:34 - pre 176 meseci
Malo mi je čudno da se posle brisanja javlja na C:\DOCUME-1\SEFPRO-1\LOCALS-1\Temp\ ovoj lokaciji

Dakle, uključi opciju Show hidden Files i idi direkt na C:\Documents and Settings\Tvoj User Name\Local Settings\Temp i obriši sve unutar njega
Kraća opcija je Start>Run pa %temp% pa Enter

Posle toga isprazni recycle bin i skeniraj sa malwarebytes,

Sve to možeš odraditi i u Safe modu ... svakako da je bolje.

Lomografija je kad imaš sa čime, a nećeš … a Pinhole kad nemaš sa čime, a hoćeš! tm
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Trojan downloader-kako ga otkloniti24.10.2009. u 09:07 - pre 176 meseci
Ali pazi ovo:

Code:
Error: could not open file "c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys"
Deletion of file "c:\docume~1\sefpro~1\locals~1\temp\rarsfx0\mpr_freader.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


I to se u prvom logu lepo pojavljuje ta lokacija, kasnije je nema posle brisanja drajvera. Najverovatnije je nesto petljao u medjuvremenu. Posle deinstalacije CF-a automatski ce mu resetovati system restore, tako da je moguce da vise nece prijavljivati trojanca.

Citat:
valjan: Koliko sam video na stranim forumima, problem resavaju i Dr.Web, i ComboFix, i MBAM i SuperAntiSyware, ali svi samo iz SafeMode-a...


Sa Combofixom se ne radi iz safe mode, jedino ako bas ne moze da se pokrene iz normal mode, u ekstremnim slucajevima, takodje ista je situacija i sa mbam-om. Ne znam koje si forume gledao, ja sam na jednom video da covek cak izmislja komande, znaci uzas. Jedino relevantni forumi su clanovi ASAP udruzenja (Alliance of Security Analysis Professionals), gde postoje striktna pravila.
 
Odgovor na temu

[es] :: Zaštita :: Trojan downloader-kako ga otkloniti

Strane: 1 2

[ Pregleda: 7169 | Odgovora: 25 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.