havard_ Skrevet 20. mai 2012 Del Skrevet 20. mai 2012 (endret) Hei. Jeg sliter litt med en csrss.exe fil som kjører, samt noen mapper jeg ikke får til å slette. Har sett at dere anbefaler å kjøre Anti-Malware og combofix, så jeg har gjort dette og lagt ved loggene: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.23.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Havard :: HAVARD-DELL [administrator] 2/23/2012 10:30:51 PM mbam-log-2012-02-23 (22-30-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189675 Time elapsed: 8 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Strong Malware Defender (Rogue.StrongMalwareDefender) -&--#62; Data: "C:\ProgramData\12b826\SM12b_8043.exe" /s /d -&--#62; Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -&--#62; Data: C:\Users\Havard\23d302dd-8043.exe -&--#62; Delete on reboot. Registry Data Items Detected: 2 HKCR\Drive\shell| (Hijack.Drives) -&--#62; Bad: (open) Good: (none) -&--#62; Quarantined and repaired successfully. HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -&--#62; Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.google.co...age={startPage}) -&--#62; Quarantined and repaired successfully. Folders Detected: 1 C:\Users\Havard\AppData\Roaming\Strong Malware Defender (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. Files Detected: 9 C:\ProgramData\12b826\SM12b_8043.exe (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\AppData\Local\Temp\4CB3.tmp (Trojan.FakeAlert.FS) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\Desktop\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\AppData\Roaming\Microsoft\Windows\Start Menu\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\AppData\Roaming\Strong Malware Defender\cookies.sqlite (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\AppData\Roaming\Strong Malware Defender\Instructions.ini (Rogue.StrongMalwareDefender) -&--#62; Quarantined and deleted successfully. C:\Users\Havard\23d302dd-8043.exe (Backdoor.IRCBot) -&--#62; Quarantined and deleted successfully. (end) ComboFix 12-05-20.04 - Havard 05/20/2012 19:53:16.2.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1068 [GMT 2:00] Running from: d:\download\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\neoqaz2.dll c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 ))))))))))))))))))))))))))))))) . . 2012-05-20 18:05 . 2012-05-20 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-20 17:41 . 2012-05-20 17:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-05-20 17:22 . 2012-05-20 17:22 -------- d-----w- c:\program files\CCleaner 2012-05-20 14:30 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE3FE7B2-605E-4A2E-A203-9024D81DDADC}\mpengine.dll 2012-05-19 02:33 . 2012-05-19 02:33 -------- d-----w- c:\program files\Conduit 2012-05-19 02:33 . 2012-05-20 17:29 -------- d-----w- c:\users\Havard\AppData\Local\Conduit 2012-05-19 02:32 . 2002-01-05 14:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-05-19 01:08 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-04-25 12:42 . 2012-04-25 12:42 -------- d-----w- c:\users\Havard\AppData\Local\ZoneFiveSoftware 2012-04-25 11:19 . 2012-04-25 11:19 -------- d-----w- c:\program files\Zone Five Software 2012-04-25 11:19 . 2012-04-25 11:19 -------- d-----w- c:\programdata\ZoneFiveSoftware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 13:56 . 2012-02-23 21:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 18:44 . 2010-10-25 03:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2010-03-26 02:30 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 05:53 . 2012-04-16 06:21 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:49 . 2012-04-16 06:21 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:45 . 2012-04-16 06:21 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:40 . 2012-04-16 06:21 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18 . 2012-04-16 06:22 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11 . 2012-04-16 06:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11 . 2012-04-16 06:22 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03 . 2012-04-16 06:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-26 22:23 . 2011-10-13 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-24 21:43 . 2012-02-24 21:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-24 21:43 . 2012-02-24 21:43 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-24 21:43 . 2012-02-24 21:43 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-24 21:43 . 2012-02-24 21:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-24 21:43 . 2012-02-24 21:43 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-24 21:43 . 2012-02-24 21:43 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-24 21:43 . 2012-02-24 21:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-24 21:43 . 2012-02-24 21:43 367104 ----a-w- c:\windows\system32\html.iec 2012-02-24 21:43 . 2012-02-24 21:43 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-24 21:43 . 2012-02-24 21:43 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-24 21:43 . 2012-02-24 21:43 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-24 21:43 . 2012-02-24 21:43 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-24 21:43 . 2012-02-24 21:43 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-24 21:43 . 2012-02-24 21:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-24 21:43 . 2012-02-24 21:43 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-24 21:43 . 2012-02-24 21:43 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-24 21:43 . 2012-02-24 21:43 101888 ----a-w- c:\windows\system32\admparse.dll 2012-01-27 14:48 . 2012-01-27 14:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Havard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Havard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Havard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F.lux"="c:\users\Havard\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . c:\users\Havard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Havard\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Evernote Clipper.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk backup=c:\windows\pss\Evernote Clipper.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Havard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk] path=c:\users\Havard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk backup=c:\windows\pss\EvernoteClipper.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Havard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteTray.lnk] path=c:\users\Havard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk backup=c:\windows\pss\EvernoteTray.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent] 2011-04-14 13:22 12036968 ----a-w- c:\program files\Garmin\ANT Agent\ANT Agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-01-21 22:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Net Agent] 2010-07-29 11:20 431424 ----a-w- c:\program files\DAEMON Tools Net\DTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS] 2010-05-08 00:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-02 20:15 15144328 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2012-02-23 18:16 740216 ----a-w- c:\program files\uTorrent\uTorrent.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 136176] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1343400] S1 dtcdrom;dtcdrom;c:\windows\system32\drivers\dtcdrom.sys [2010-09-19 201280] S2 DTNetService;DTNetService;c:\program files\DAEMON Tools Net\DTNetSrv.exe [2010-07-29 394560] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-05-20 40776] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 14:48] . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 14:48] . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1955553683-2999527687-1158331272-1000Core.job - c:\users\Havard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 04:59] . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1955553683-2999527687-1158331272-1000UA.job - c:\users\Havard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-22 04:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://tegrity.ou.edu/TegrityUtils/Login.aspx IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: Interfaces\{4FBD16A6-50EC-4231-A664-3707E8317EB5}: NameServer = 192.168.1.1,192.168.0.1 DPF: {54EABC7D-40DC-4667-8517-F42D00540342} - hxxp://tegrityweb.ou.edu/tegrity/_Player/1.0/Code/DRMActiveX.CAB FF - ProfilePath - c:\users\Havard\AppData\Roaming\Mozilla\Firefox\Profiles\3i4vao1b.default\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-20 20:11:48 ComboFix-quarantined-files.txt 2012-05-20 18:11 ComboFix2.txt 2012-05-20 17:19 . Pre-Run: 2,888,331,264 bytes free Post-Run: 2,825,420,800 bytes free . - - End Of File - - 9CE47699CFB57CCE4F0E0C0AD7BB53A7 Noen tips? Endret 20. mai 2012 av havard_ Lenke til kommentar
Dr.Geek Skrevet 20. mai 2012 Del Skrevet 20. mai 2012 Hai. kan du først gå til https://www.virustotal.com/index2.html og laste opp denne filen: c:\users\Havard\Local Settings\Apps\F.lux\flux.exe (Gjør skjulte mapper og filer synlig først) Post log. Lenke til kommentar
Dr.Geek Skrevet 20. mai 2012 Del Skrevet 20. mai 2012 (endret) Til din informasjon: Malwarebytes fant Malware med Backdoor funksjonalitet: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -&--#62; Data: C:\Users\Havard\23d302dd-8043.exe -&--#62; http://en.wikipedia...._Relay_Chat_bot http://en.wikipedia.org/wiki/Botnet Vi kan godt analysere mer men jeg anbefaler deg sterkt å nyinstallere Windows og forandre alle passord fra en annen clean PC. En backdoor gir angriperen full tilgang til systemet. Umulig å rense sånt, da vi ikke vet hvilke endringer han/hun har gjort og om det er flere bakdører åpen. Endret 20. mai 2012 av TheGenius Lenke til kommentar
havard_ Skrevet 20. mai 2012 Forfatter Del Skrevet 20. mai 2012 (endret) Til din informasjon: Malwarebytes fant Malware med Backdoor funksjonalitet: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -&--#62; Data: C:\Users\Havard\23d302dd-8043.exe -&--#62; http://en.wikipedia...._Relay_Chat_bot http://en.wikipedia.org/wiki/Botnet Vi kan godt analysere mer men jeg anbefaler deg sterkt å nyinstallere Windows og forandre alle passord fra en annen clean PC. En backdoor gir angriperen full tilgang til systemet. Umulig å rense sånt, da vi ikke vet hvilke endringer han/hun har gjort og om det er flere bakdører åpen. Tusen takk for hurtig svar! Sitter med en stor oppgave som skal inn i juni, så da får denne PC'en hvile inntil jeg har tid til å ta tak i det. Hvordan er det å kopiere filer(sikkerhetskopi ) fra denne PC'en nå? Noe jeg bør passe på? Vil jeg kunne utsette problemet med å kjøre Ubuntu fra en usb-stick? Endret 20. mai 2012 av havard_ Lenke til kommentar
Dr.Geek Skrevet 20. mai 2012 Del Skrevet 20. mai 2012 Hvis Pcen/Laptopen har en såkalt "System Restore" installert (sjekk håndboken) kan du også bruke denne istendenfor å installere ny med Windows CDen. Du kan godt bruke PCen til du installere ny, men IKKE connect til Internet/ eller til andre PCer med USB Stick eller hjemmenettverk, da infeksjoner kan spres som ild i tørr skog. Når du skal ta med filene dine gjør du det best med UBUNTU live cd eller lignende Alternativer, da Autorun Malware ikke overføres da. http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/ Ikke ta med sånne filer http://en.wikipedia.org/wiki/EXE. Lenke til kommentar
Dr.Geek Skrevet 20. mai 2012 Del Skrevet 20. mai 2012 Du redigerte ditt siste posting med å sette inn et nytt spørsmål. Her kommer svar på det: Du kan boote denne PCen med en LiveCD/USB Stick og med dette live systemet kan du til å med surfe på nettet uten fare, da den infisierte WIndows ikke er aktiv da. Hvis du vil poster jeg deg flere Links hvordan du bruker UBUNTU. Dette er faktisk en helt fantastisk operativsystem. Lenke til kommentar
havard_ Skrevet 20. mai 2012 Forfatter Del Skrevet 20. mai 2012 Du redigerte ditt siste posting med å sette inn et nytt spørsmål. Her kommer svar på det: Du kan boote denne PCen med en LiveCD/USB Stick og med dette live systemet kan du til å med surfe på nettet uten fare, da den infisierte WIndows ikke er aktiv da. Hvis du vil poster jeg deg flere Links hvordan du bruker UBUNTU. Dette er faktisk en helt fantastisk operativsystem. Hehe, ja er heldigvis litt vant med Ubuntu fra før! Fant frem en gammel USB-stick og kjører nå Live Boot. Var dessverre avhengig av mye software for Windows ifm masteroppgaven så da har jeg beholdt Windows de siste årene. Men jeg er helt enig, når man har fått satt seg inn i system er Ubunut(unix generelt) supert! Lenke til kommentar
Dr.Geek Skrevet 20. mai 2012 Del Skrevet 20. mai 2012 Bra! Hvordan du får tilgang til dine Windows filer gjennom UBUNTU-Live står beskrevet øverst i linken. Filene kan du da overføre til en clean Harddisk/USB Sticks. Nettverk tilgang med Ubuntu er også rimelig enkelt både trådløs nettverk og lokalt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå