hardkjerne Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 (endret) Filen som blir lastet ned får jeg ikke til å slette i Vista 64 Trykker på slett, trykker yes på at jeg er sikker, trykker continue på at jeg bekrefter, trykker continue(elleryes?) på UAC, deretter får jeg beskjed om at "destination folder acces denied" og "try again" knapp. Hjelper ikke å trykke på try again. Fungerer fint å rename, alle andre filer i denne mappen gikk greit å slette manuellt. Prøver jeg å flytte filen står det at den er åpen i et annet program... *skrivefeil* Endret 11. januar 2008 av hardkjerne Lenke til kommentar
Überadri Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 Så fort dette spredte seg da Litt skummelt. Fikk linken på msn for noen timer siden, men Avira kom "to the rescue" (temmelig bra kamuflert link ... "okai, hun skal vise meg et bilde fra photobucket" tenkte jeg og trykket i vei). Noen som vet hva den gjør (bortsatt fra å spre seg gjennom msn)?. Lenke til kommentar
erikpau1 Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 Hei. Eg har fått samme viruset. Kjørt noen virus-scan, men vet ikkje om det e vekke, så kjørte combofix og msnfix,dere ser loggene nedover...Kan noen si hva jeg skal gjøre nå?? På forhånd, takk. MsnFix: MSNFix 1.623 C:\MSNFix Scan done at 11.01.2008 - 23:27:09,06 By eripau normal mode ************************ Checking Files ... C:\WINDOWS\images.zip ... C:\WINDOWS\images.zip ... C:\WINDOWS\images.zip ************************ MSNCHK ***** /!\ beta test /!\ ************************ Checking Folders No Folders Found ************************ Deleting malware Files .. OK ... C:\WINDOWS\images.zip .. OK ... C:\WINDOWS\images.zip .. OK ... C:\WINDOWS\images.zip ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\445930.exe] 400B54B6519E165AC6A15013A990109B [\445930.exe] 400B54B6519E165AC6A15013A990109B ==> Please upload the file \Upload_Me.zip to http://upload.changelog.fr The File and Registry deletions have been saved in 11.01.2008_23292382.zip ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- ComboFix: ComboFix 08-01-11.1 - eripau 2008-01-11 23:36:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1151 [GMT 1:00] Running from: C:\Documents and Settings\eripau\Lokale innstillinger\Temporary Internet Files\Content.IE5\V9BS1UGV\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\445930.exe C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))) . 2008-01-11 23:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 23:29 . 2008-01-11 23:29 82,965 --a------ C:\Upload_Me.zip 2008-01-11 23:18 . 2008-01-11 23:18 <DIR> d-------- C:\KAV 2008-01-11 22:54 . 2008-01-11 23:29 <DIR> d-------- C:\MSNFix 2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData 2008-01-11 22:11 . 2008-01-11 22:30 574,119 --a------ C:\chanrar.rar 2008-01-11 20:53 . 2008-01-11 21:28 <DIR> d---s---- C:\Documents and Settings\LocalService\Favoritter 2008-01-11 20:41 . 2008-01-11 20:41 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2008-01-11 20:41 . 2008-01-11 20:41 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe 2008-01-09 11:11 . 2008-01-09 11:11 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ 2008-01-09 11:11 . 2005-11-21 06:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL 2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Programfiler\Maxtor 2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor 2008-01-06 19:44 . 2008-01-06 19:44 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-06 19:44 . 2008-01-11 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-06 19:44 . 2008-01-06 19:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-05 23:46 . 2008-01-11 23:16 <DIR> d--hs---- C:\Documents and Settings\eripau\Siste 2008-01-05 23:04 . 2008-01-05 23:04 <DIR> d-------- C:\Programfiler\uTorrent 2008-01-05 23:04 . 2008-01-11 18:50 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\uTorrent 2007-12-21 21:12 . 2007-12-21 21:16 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-12-21 21:12 . 2007-12-21 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-12-21 15:36 . 2007-12-21 15:36 <DIR> d-------- C:\Programfiler\DivX 2007-12-18 09:21 . 2008-01-06 23:23 116 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-18 00:10 . 2007-12-18 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LightScribe 2007-12-17 22:40 . 2005-01-31 11:18 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll 2007-12-17 22:40 . 2005-01-31 11:20 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS 2007-12-17 22:40 . 2005-01-31 11:10 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll 2007-12-17 22:40 . 2005-01-31 11:08 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2007-12-17 22:40 . 2005-01-31 11:00 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2007-12-17 22:40 . 2005-01-31 11:12 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-12-17 22:40 . 2005-01-31 09:37 9,255 -ra------ C:\WINDOWS\system32\lvcoinst.ini 2007-12-17 22:26 . 2008-01-06 23:23 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\Ahead 2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Nero 2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\WINDOWS\CatRoot 2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\Programfiler\Vimicro 2007-12-16 22:41 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe 2007-12-16 22:41 . 2004-06-18 16:52 233,557 --a------ C:\WINDOWS\system32\VM31bPrp.Ax 2007-12-16 22:41 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe 2007-12-16 22:41 . 2004-08-17 11:44 91,263 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys 2007-12-16 22:41 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll 2007-12-16 22:41 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe 2007-12-16 22:41 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe 2007-12-16 22:41 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll 2007-12-13 16:13 . 2007-12-13 16:56 1,244,214 --a------ C:\Bordell ved presse.bmp 2007-12-13 12:53 . 2007-12-13 12:55 128,127,222 --a------ C:\VTS_01_5.avi 2007-12-13 12:40 . 2007-12-13 12:53 886,747,220 --a------ C:\VTS_01_4.avi 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-11 11:45 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-12-11 11:45 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys 2007-12-11 11:44 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-12-11 11:44 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2007-12-11 11:44 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-12-11 11:44 . 2004-08-03 23:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 21:50 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-01-10 23:04 --------- d-----w C:\Programfiler\Clue 2008-01-09 20:38 --------- d-----w C:\Programfiler\QuickTime 2008-01-09 17:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-05 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Webroot Shared 2008-01-05 22:15 --------- d-----w C:\Programfiler\Privacy Guardian 2007-12-30 13:39 --------- d-----w C:\Programfiler\LimeWire 2007-12-29 15:57 --------- d-----w C:\Documents and Settings\eripau\Programdata\LimeWire 2007-12-26 01:09 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-21 20:18 --------- d-----w C:\Programfiler\Windows Live 2007-12-18 08:15 --------- d-----w C:\Documents and Settings\eripau\Programdata\Lionhead Studios 2007-12-16 21:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-12 21:16 --------- d-----w C:\Programfiler\Windows Live Safety Center 2007-12-10 08:04 --------- d-----w C:\Programfiler\Java 2007-12-04 23:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Minnetonka Audio Software 2007-12-04 22:43 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia 2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winupsvc.exe 2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winsvcup.exe 2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\mswinup.exe 2007-12-02 20:05 --------- d-----w C:\Programfiler\AVS4YOU 2007-12-02 20:01 --------- d-----w C:\Documents and Settings\eripau\Programdata\AVS4YOU 2007-12-02 18:59 --------- d-----w C:\Programfiler\Theorica Divx ;-) Codecs 2007-12-02 14:48 --------- d-----w C:\Programfiler\AliveMedia 2007-11-27 23:48 --------- d-----w C:\Documents and Settings\eripau\Programdata\Skype 2007-11-19 12:49 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-16 09:44 --------- d-----w C:\Programfiler\Apple Software Update 2007-11-16 09:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 22:12 --------- d-----w C:\Programfiler\Lavasoft 2007-11-11 22:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-11 22:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-26 06:43 111,464 ----a-w C:\WINDOWS\Fonts\sf_movie_poster.zip 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-11 08:04 64,534 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-10-11 08:04 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-10-11 08:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2004-08-04 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe 2007-06-29 08:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}] 2007-01-08 03:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-26 18:30 94208] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 13:28 124928] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36 827392] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 07:41 159744] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-06-27 11:25 185896] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960] "Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\eripau\Start-meny\Programmer\Oppstart\ CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 08:57:36] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35] R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 01:13] S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 00:23] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50] S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3c4e7e-57a1-11dc-8171-001a4b599103}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844751e5-5b77-11dc-817c-001a735a0d0a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e548f782-23dd-11dc-ab50-001a734a4008}] \Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {C7099049-4779-1634-2C83-372EE984396F} /qb . Contents of the 'Scheduled Tasks' folder "2008-01-09 16:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-01-11 19:30:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 23:38:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-11 23:40:12 ComboFix-quarantined-files.txt 2008-01-11 22:39:27 . 2008-01-11 15:11:50 --- E O F --- Lenke til kommentar
Haugz Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 Så fort dette spredte seg da Litt skummelt. Fikk linken på msn for noen timer siden, men Avira kom "to the rescue" (temmelig bra kamuflert link ... "okai, hun skal vise meg et bilde fra photobucket" tenkte jeg og trykket i vei). Noen som vet hva den gjør (bortsatt fra å spre seg gjennom msn)?. Jeg tror ikke den gjør ingenting annet en det. Den bare sender linken videre til alle på listen din hver gang du logger på MSN. Lenke til kommentar
jojo123 Skrevet 11. januar 2008 Forfatter Del Skrevet 11. januar 2008 Tøm cachen/temporære mapper i Opera slik at du får fjernet dette: C:\Users\Jonas\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\PIC 5830.jpg-photobucket.com Kjør deretter en full scan med SAS (gratisversjonen). Fortell så hvordan ting og tang fungerer. SAS fant ingenting Lenke til kommentar
norbat Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 (endret) Hei. Eg har fått samme viruset. Kjørt noen virus-scan, men vet ikkje om det e vekke, så kjørte combofix og msnfix,dere ser loggene nedover...Kan noen si hva jeg skal gjøre nå??På forhånd, takk. MsnFix: MSNFix 1.623 C:\MSNFix Scan done at 11.01.2008 - 23:27:09,06 By eripau normal mode ************************ Checking Files ... C:\WINDOWS\images.zip ... C:\WINDOWS\images.zip ... C:\WINDOWS\images.zip ************************ MSNCHK ***** /!\ beta test /!\ ************************ Checking Folders No Folders Found ************************ Deleting malware Files .. OK ... C:\WINDOWS\images.zip .. OK ... C:\WINDOWS\images.zip .. OK ... C:\WINDOWS\images.zip ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\445930.exe] 400B54B6519E165AC6A15013A990109B [\445930.exe] 400B54B6519E165AC6A15013A990109B ==> Please upload the file \Upload_Me.zip to http://upload.changelog.fr The File and Registry deletions have been saved in 11.01.2008_23292382.zip ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- ComboFix: ComboFix 08-01-11.1 - eripau 2008-01-11 23:36:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1151 [GMT 1:00] Running from: C:\Documents and Settings\eripau\Lokale innstillinger\Temporary Internet Files\Content.IE5\V9BS1UGV\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\445930.exe C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))) . 2008-01-11 23:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 23:29 . 2008-01-11 23:29 82,965 --a------ C:\Upload_Me.zip 2008-01-11 23:18 . 2008-01-11 23:18 <DIR> d-------- C:\KAV 2008-01-11 22:54 . 2008-01-11 23:29 <DIR> d-------- C:\MSNFix 2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d--hs---- C:\Documents and Settings\LocalService\UserData 2008-01-11 22:11 . 2008-01-11 22:30 574,119 --a------ C:\chanrar.rar 2008-01-11 20:53 . 2008-01-11 21:28 <DIR> d---s---- C:\Documents and Settings\LocalService\Favoritter 2008-01-11 20:41 . 2008-01-11 20:41 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2008-01-11 20:41 . 2008-01-11 20:41 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe 2008-01-09 11:11 . 2008-01-09 11:11 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ 2008-01-09 11:11 . 2005-11-21 06:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL 2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-01-09 11:03 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Programfiler\Maxtor 2008-01-06 19:45 . 2008-01-06 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Maxtor 2008-01-06 19:44 . 2008-01-06 19:44 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-06 19:44 . 2008-01-11 11:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-06 19:44 . 2008-01-06 19:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-05 23:46 . 2008-01-11 23:16 <DIR> d--hs---- C:\Documents and Settings\eripau\Siste 2008-01-05 23:04 . 2008-01-05 23:04 <DIR> d-------- C:\Programfiler\uTorrent 2008-01-05 23:04 . 2008-01-11 18:50 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\uTorrent 2007-12-21 21:12 . 2007-12-21 21:16 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-12-21 21:12 . 2007-12-21 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-12-21 15:36 . 2007-12-21 15:36 <DIR> d-------- C:\Programfiler\DivX 2007-12-18 09:21 . 2008-01-06 23:23 116 --a------ C:\WINDOWS\NeroDigital.ini 2007-12-18 00:10 . 2007-12-18 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LightScribe 2007-12-17 22:40 . 2005-01-31 11:18 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll 2007-12-17 22:40 . 2005-01-31 11:20 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS 2007-12-17 22:40 . 2005-01-31 11:10 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll 2007-12-17 22:40 . 2005-01-31 11:08 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2007-12-17 22:40 . 2005-01-31 11:00 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2007-12-17 22:40 . 2005-01-31 11:12 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-12-17 22:40 . 2005-01-31 09:37 9,255 -ra------ C:\WINDOWS\system32\lvcoinst.ini 2007-12-17 22:26 . 2008-01-06 23:23 <DIR> d-------- C:\Documents and Settings\eripau\Programdata\Ahead 2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Nero 2007-12-17 22:22 . 2007-12-17 22:22 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\WINDOWS\CatRoot 2007-12-16 22:41 . 2007-12-16 22:41 <DIR> d-------- C:\Programfiler\Vimicro 2007-12-16 22:41 . 2000-10-31 12:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe 2007-12-16 22:41 . 2004-06-18 16:52 233,557 --a------ C:\WINDOWS\system32\VM31bPrp.Ax 2007-12-16 22:41 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe 2007-12-16 22:41 . 2004-08-17 11:44 91,263 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys 2007-12-16 22:41 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll 2007-12-16 22:41 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe 2007-12-16 22:41 . 2003-08-07 15:19 49,152 --a------ C:\WINDOWS\amcap.exe 2007-12-16 22:41 . 2004-03-08 17:00 24,576 --a------ C:\WINDOWS\RunSetup.dll 2007-12-13 16:13 . 2007-12-13 16:56 1,244,214 --a------ C:\Bordell ved presse.bmp 2007-12-13 12:53 . 2007-12-13 12:55 128,127,222 --a------ C:\VTS_01_5.avi 2007-12-13 12:40 . 2007-12-13 12:53 886,747,220 --a------ C:\VTS_01_4.avi 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-11 11:45 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-12-11 11:45 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys 2007-12-11 11:44 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-12-11 11:44 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2007-12-11 11:44 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-12-11 11:44 . 2004-08-03 23:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 21:50 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-01-10 23:04 --------- d-----w C:\Programfiler\Clue 2008-01-09 20:38 --------- d-----w C:\Programfiler\QuickTime 2008-01-09 17:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-05 22:17 --------- d-----w C:\Programfiler\Fellesfiler\Webroot Shared 2008-01-05 22:15 --------- d-----w C:\Programfiler\Privacy Guardian 2007-12-30 13:39 --------- d-----w C:\Programfiler\LimeWire 2007-12-29 15:57 --------- d-----w C:\Documents and Settings\eripau\Programdata\LimeWire 2007-12-26 01:09 --------- d-----w C:\Programfiler\Messenger Plus! Live 2007-12-21 20:18 --------- d-----w C:\Programfiler\Windows Live 2007-12-18 08:15 --------- d-----w C:\Documents and Settings\eripau\Programdata\Lionhead Studios 2007-12-16 21:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-12 21:16 --------- d-----w C:\Programfiler\Windows Live Safety Center 2007-12-10 08:04 --------- d-----w C:\Programfiler\Java 2007-12-04 23:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Minnetonka Audio Software 2007-12-04 22:43 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia 2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winupsvc.exe 2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\winsvcup.exe 2007-12-02 20:19 11,925 ----a-w C:\WINDOWS\system32\mswinup.exe 2007-12-02 20:05 --------- d-----w C:\Programfiler\AVS4YOU 2007-12-02 20:01 --------- d-----w C:\Documents and Settings\eripau\Programdata\AVS4YOU 2007-12-02 18:59 --------- d-----w C:\Programfiler\Theorica Divx ;-) Codecs 2007-12-02 14:48 --------- d-----w C:\Programfiler\AliveMedia 2007-11-27 23:48 --------- d-----w C:\Documents and Settings\eripau\Programdata\Skype 2007-11-19 12:49 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-16 09:44 --------- d-----w C:\Programfiler\Apple Software Update 2007-11-16 09:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 22:12 --------- d-----w C:\Programfiler\Lavasoft 2007-11-11 22:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-11 22:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-26 06:43 111,464 ----a-w C:\WINDOWS\Fonts\sf_movie_poster.zip 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-11 08:04 64,534 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-10-11 08:04 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-10-11 08:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2004-08-04 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe 2007-06-29 08:04 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1E45498-D865-4E91-A579-D0AAD8D3B5A4}] 2007-01-08 03:17 155648 --a------ C:\Programfiler\Clue\Clue Add-in 7.0\Clue Addin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-26 18:30 94208] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 13:28 124928] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 19:36 827392] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 07:41 159744] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-06-27 11:25 185896] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960] "Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "mxomssmenu"="C:\Programfiler\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\eripau\Start-meny\Programmer\Oppstart\ CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 08:57:36] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02] R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35] R2 Maxtor Sync Service;Maxtor Service;C:\Programfiler\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-24 01:13] S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys [2006-10-19 00:23] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50] S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a3c4e7e-57a1-11dc-8171-001a4b599103}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{844751e5-5b77-11dc-817c-001a735a0d0a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e548f782-23dd-11dc-ab50-001a734a4008}] \Shell\AutoRun\command - E:\WD_Windows_Tools\setup.exe *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {C7099049-4779-1634-2C83-372EE984396F} /qb . Contents of the 'Scheduled Tasks' folder "2008-01-09 16:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-01-11 19:30:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 23:38:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-11 23:40:12 ComboFix-quarantined-files.txt 2008-01-11 22:39:27 . 2008-01-11 15:11:50 --- E O F --- Igjen, man bør opprette egen tråd da slike 'samletråder' blir veldig rotete. Men ... Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe Post loggen Kjenner du til denne filen: C:\chanrar.rar ? Endret 11. januar 2008 av norbat Lenke til kommentar
Patrish Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 Först vill jag be om ursäkt för att jag bara talar svenska.. Men jag har oxå fått de här viruset.. Och denna sida är det ända forumet jag kunde hitta via google! Jag har sökt med Norton, och de hittar viruset, tar bort det, och sen när jag startar om datorn så finns det iaf kvar! Filen heter ntmngr.exe och ligger i min windows-mapp, men jag lyckas inte hitta den manuelt. Om det inte finns några enkla alternativ så tror jag att jag väntar ett par dagar, tills norton har updateras och kan ta had om det självt :/ Lenke til kommentar
norbat Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 Först vill jag be om ursäkt för att jag bara talar svenska.. Men jag har oxå fått de här viruset.. Och denna sida är det ända forumet jag kunde hitta via google! Jag har sökt med Norton, och de hittar viruset, tar bort det, och sen när jag startar om datorn så finns det iaf kvar! Filen heter ntmngr.exe och ligger i min windows-mapp, men jag lyckas inte hitta den manuelt. Om det inte finns några enkla alternativ så tror jag att jag väntar ett par dagar, tills norton har updateras och kan ta had om det självt :/ Kjører du XP, kan du prøve følgende: Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe C:\445930.exe C:\WINDOWS\images.zip Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post loggen. Det kan hende at noen av filene ikke finnes. Deretter henter du Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) Lenke til kommentar
erikpau1 Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 jeg finner en fil som heter chanrar.rar når jeg søker. Hva med det? jeg laget den CDScript.txt, men når jeg skal legge den over combofix.exe, så kommer det sånn "utgiveren kan ikke verfiseres", så trykker jeg kjør. Da kommer det kjapt opp et svart lite vindu, der jeg ser det står combofix.exe, så forsvinner det igjen, og så skjer det ikke noe mer. Gjør jeg noe feil lagres loggen et sted uten å åpne, eller hva?? Lenke til kommentar
norbat Skrevet 11. januar 2008 Del Skrevet 11. januar 2008 Du mener sikkert at du lagrer fila som CFScript.txt? Og, chanrar.rar har jeg sett hos flere med denne msn-trojaneren så den mener jeg vi skal slette. Så, Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt (ikke CFScript.txt.txt) Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe C:\chanrar.rar Lenke til kommentar
erikpau1 Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Du mener sikkert at du lagrer fila som CFScript.txt? Og, chanrar.rar har jeg sett hos flere med denne msn-trojaneren så den mener jeg vi skal slette. Så, Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt (ikke CFScript.txt.txt) Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe C:\chanrar.rar Dette har jeg gjort, lagret som riktig filnavn, men det samme skjer. Det med verfiseringen kommer, fordi combofix ikke har gyldig signatur eller noe, mn så trykker eg på Kjør, og då kommer det kjapt et sort vidu som forsvinner, og så skjer det ikke noe mer. Gjør eg noe feil, eller e det sånn det skal være? kor finner eg isåfall loggen? skal det ikkje komme en logg? Lenke til kommentar
Patrish Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ukfgyren ******************* Script file located at: \??\C:\Program Files\htbootxy.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\lssas.exe not found! Deletion of file C:\WINDOWS\lssas.exe failed! Could not process line: C:\WINDOWS\lssas.exe Status: 0xc0000034 File C:\WINDOWS\ntmngr.exe deleted successfully. File C:\445930.exe not found! Deletion of file C:\445930.exe failed! Could not process line: C:\445930.exe Status: 0xc0000034 File C:\WINDOWS\images.zip deleted successfully. Completed script processing. ******************* Finished! Terminate. And combofix: ComboFix 08-01-11.3 - Prutte Lindell 2008-01-12 0:59:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.128 [GMT 1:00] Running from: C:\Documents and Settings\Prutte Lindell\Skrivbord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))) . 2008-01-12 00:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 23:07 . 2008-01-11 23:07 <KAT> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer 2008-01-11 22:43 . 2008-01-11 22:43 0 --a------ C:\WINDOWS\vpc32.INI 2008-01-11 22:38 . 2008-01-11 22:38 <KAT> dr------- C:\Documents and Settings\LocalService\Favoriter 2008-01-11 22:36 . 2008-01-11 23:14 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-01-11 21:41 . 2008-01-11 21:41 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-11 21:41 . 2008-01-11 21:41 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-11 21:41 . 2008-01-11 21:41 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-11 21:41 . 2008-01-11 21:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-11 21:40 . 2008-01-11 21:41 <KAT> d-------- C:\Program\Symantec 2008-01-11 21:39 . 2008-01-12 00:53 <KAT> d-------- C:\Program\Symantec AntiVirus 2008-01-11 21:39 . 2008-01-11 21:42 <KAT> d-------- C:\Program\Delade filer\Symantec Shared 2008-01-11 21:39 . 2008-01-11 21:40 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-31 18:52 . 2007-12-31 18:52 <KAT> d-------- C:\Program\Keyboard Express 3 2007-12-31 18:52 . 2007-12-31 18:52 <KAT> d-------- C:\Program\Delade filer\Insight Software Solutions 2007-12-31 18:52 . 2007-12-31 18:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions 2007-12-31 18:52 . 2007-12-31 18:52 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software 2007-12-31 18:25 . 2007-12-31 18:25 <KAT> d-------- C:\Program\Softrun 2007-12-30 23:22 . 2007-12-30 23:22 <KAT> d-------- C:\Program\gmid 2007-12-23 13:44 . 2007-12-23 13:44 <KAT> d-------- C:\temp\Sample 2007-12-14 20:52 . 2007-12-14 20:52 <KAT> d-------- C:\EyEé 2007-12-14 20:33 . 2007-12-14 20:33 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm 2007-12-14 20:32 . 2008-01-04 10:13 <KAT> d-------- C:\Program\Last.fm 2007-12-14 20:19 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-12-14 20:19 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 23:54 --------- d-----w C:\Documents and Settings\Prutte Lindell\Application Data\Skype 2008-01-06 18:25 --------- d-----w C:\Program\2mIRC 2008-01-06 16:33 --------- d-----w C:\Documents and Settings\Prutte Lindell\Application Data\uTorrent 2008-01-06 13:28 --------- d-----w C:\Program\StepMania 2007-12-31 01:39 --------- d-----w C:\Program\Windows Live Toolbar 2007-12-31 01:39 --------- d-----w C:\Program\TweakNow RegCleaner 2007-12-31 01:39 --------- d-----w C:\Program\TPTEST5 2007-12-31 01:39 --------- d-----w C:\Program\DivX 2007-12-15 12:23 --------- d-----w C:\Program\Google 2007-12-14 19:33 --------- d-----w C:\Program\iTunes 2007-12-02 21:07 --------- d-----w C:\Program\Picasa2 2007-12-02 01:03 --------- d-----w C:\Documents and Settings\Prutte Lindell\Application Data\Apple Computer 2007-11-30 20:44 --------- d-----w C:\Program\BitComet 2007-11-17 13:00 --------- d-----w C:\Program\iPod 2007-11-17 12:59 --------- d-----w C:\Program\QuickTime 2007-11-17 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-17 12:57 --------- d-----w C:\Program\Apple Software Update 2007-11-17 12:56 --------- d-----w C:\Program\Delade filer\Apple 2007-11-17 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,289,728 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-19 15:28 219,952 ----a-w C:\utorrent.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "LDM"="C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-23 22:49 67128] "MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360] "Skype"="C:\Program\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 17:15 221184] "ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008] "nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 15:54 77824 C:\WINDOWS\soundman.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 22:25 28160 C:\WINDOWS\KHALMNPR.Exe] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [1999-03-22 04:41 185896] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840] "vptray"="C:\Program\SYMANT~1\VPTray.exe" [2007-10-07 20:48 125368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360] "Picasa Media Detector"="C:\Program\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] C:\Documents and Settings\All Users\Start-meny\Program\Autostart\ Adobe Gamma Loader.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 12:33:51] Keyboard Express 3.lnk - C:\Program\Keyboard Express 3\keyexp.exe [2007-12-31 18:52:08] Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-23 22:49:57] Logitech SetPoint.lnk - C:\Program\Logitech\SetPoint\SetPoint.exe [2006-05-19 18:31:27] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program\Qualcomm\Eudora\EuShlExt.dll [ ] S1 PinnacleMicroTV;Pinnacle Systems MicroTV Device;C:\WINDOWS\system32\DRIVERS\MicroTV.sys [2005-07-12 11:51] S3 gAGP440p;gAGP440p;C:\DOCUME~1\PRUTTE~1\LOKALA~1\Temp\gAGP440p.sys [] S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2006-02-19 16:47] S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2006-06-11 07:44] S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2006-06-11 07:44] S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2006-02-19 16:48] S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2006-02-19 16:48] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-02 14:44:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-01-11 23:26:22 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 01:02:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 1:03:58 . 2008-01-10 10:24:19 --- E O F --- Där var dom, tack för du tar dig tid! Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Loggen din ser fin ut Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Kjører MSN ok? Lenke til kommentar
Patrish Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Jadu, nu funkar allt fint, scanade med norton en gång för säkerhets skull, men det hittade inte nåt, så nu känner jag mig säker! Tack så hemskt mkt för all hjälp! Lenke til kommentar
Xoduz Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Jeg fikk en link fra en kompis på MSN i dag (gjennom Trillian), tilsynelatende fra imageshack - som vi ofte bruker til å laste opp screenshots fra diverse spill o.l. - og nå ser det ut til at jeg har fått samme viruset/trojanen, eller en variant. Hva jeg har gjort for å fjerne det hittil: Stanset prosessen lssas.exe (ikke lsass.exe, det er en windows-prosess) og fjernet den fra oppstarten (HKLM/RUN) hvor den lå ved navnet "MSN". Identifisert og fjernet følgende filer: c:\windows\lssas.exe c:\windows\images.zip c:\windows\prefetch\DC49380.JPG*.* c:\windows\prefetch\lssas.exe*.* Ellers, så har jeg: -Tømt cache4 katalogen under Opera-profilen min (documents and settings\user\application data\opera\opera 9\profiles\cache4\) -Slettet midlertidige internett filer (documents and settings\user\local settings\temporary internet files\) -Tømt TEMP katalogen (documents and settings\user\local settings\temp\) Følgende filer har jeg ikke funnet på min maskin, hverken med dos-prompt kommandoen dir (med /a og /s) eller i explorer (viser alle filer, både skjulte og systemfiler): C:\445930.exe C:\WINDOWS\ntmngr.exe C:\chanrar.rar Hm. Har jeg glemt/oversett noe? Åja, jeg har system restore avskrudd på alle partisjoner, så jeg trengte ikke skru det av før jeg begynnte denne prosessen - men det kan hende det må gjøres på andre maskiner for at ikke de ulumske filene skal bli gjenopprettet? Lenke til kommentar
Pjunin Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Yo. Jeg fikk en sånn link fra en kompis i dag, gjennom msn messenger. Har lastet ned Avenger og Combofix. Men før jeg gjor det, slettet jeg; c:\windows\lssas.exe c:\windows\images.zip c:\windows\prefetch\DC49380.JPG*.* c:\windows\prefetch\lssas.exe*.* og ellers gjort det samme som Xoduz har gjort Fekk lest litt her, så jeg har kjørt combofix og fekk følgende rapport: ComboFix 08-01-11.3 - Eldar Godø 2008-01-12 2:42:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT 1:00] Running from: C:\Documents and Settings\Eldar Godø\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Eldar Godø\Application Data\STEM~1 C:\Documents and Settings\Eldar Godø\Application Data\STEM~1\??stem\ C:\WINDOWS\system32\smbols~1 . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 02:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 02:36 . 2008-01-12 02:36 126,976 --a------ C:\zip.exe 2008-01-12 02:36 . 2008-01-12 02:36 60,416 --a------ C:\WINDOWS\system32\drivers\qbqydcex.sys 2008-01-12 02:36 . 2008-01-12 02:36 1,080 --a------ C:\ojbehyqa.bat 2008-01-12 02:34 . 2008-01-12 02:34 <DIR> d-------- C:\Program Files\Avenger 2008-01-12 01:52 . 2008-01-12 01:52 <DIR> d-------- C:\Program Files\Opera 2008-01-11 22:45 . 2008-01-11 22:46 <DIR> d-------- C:\Program Files\Crimson Editor 2008-01-07 15:57 . 2008-01-11 14:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-07 15:57 . 2008-01-07 15:57 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 20:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-01-11 20:58 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2008-01-11 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-11 20:57 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-11-30 15:25 --------- d-----w C:\Documents and Settings\Eldar Godø\Application Data\Ventrilo 2007-11-14 16:43 --------- d-----w C:\Program Files\Ventrilo 2007-11-14 16:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-03-02 00:25 21,822,168 ----a-w C:\Program Files\AdbeRdr80_en_US.exe 2007-03-02 00:19 7,050,552 ----a-w C:\Program Files\psa30se_en_us.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 12:52 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 19:54 65536 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 10:31 335872] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 08:41 35328] "MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-06-12 22:50 167936] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-22 17:59 921600] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ] "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304] "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "aycfsbei"="C:\ojbehyqa.bat" [2008-01-12 02:36 1080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Wireless Config.lnk - C:\Program Files\Wireless Technology Corporation\Wireless LAN 802.11b USB\ZDConfig.exe [2006-09-22 17:51:37] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32] winzzd32.dll R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [2005-12-30 12:12] R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02] R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41] R3 ZD1201U(ZyDAS);ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-07-31 16:41] R3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 10:43] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92bb3f4d-c08e-11dc-82a9-000e8e000fc2}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-12 01:38:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 02:43:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 2:43:30 . 2007-07-11 15:48:16 --- E O F --- Er det noe rart med denne raporten? Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Pjunin: Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for sjekk: C:\WINDOWS\system32\drivers\qbqydcex.sys (Du må antakelig slå på "Vis skjulte filer og mapper" og slå av "Skjul beskyttede operativsystemfiler" for å se den). Gi tilbakemelding på om de ble funnet noe. Åpne deretter notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\ojbehyqa.bat Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "aycfsbei"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32] Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Frichasse: Et alt. prog. som kan sjekke hvilke filer som er opprettet nylig etc. og som du kunne ha prøvd er: DSS Hent DSS, legg det på skrivebordet Kjør dss.exe og følge veiledningen. Har du ikke hijackthis installert vil du få spm. om du vil installere det. Når scanningen er ferdig, åpnes det en logg (main.txt). Den kopierer du og poster. Hvis de foreslåtte prog. ikke fungerer, så kan du forsøke å søke etter filer som er typiske for de som har denne infeksjonen. De tre øverste i lista under tilhører trojanen, mens de to nederste kan jeg ikke si noe særlig om da det finnes ingen info om dem, sp. chanrar.rar: C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe C:\WINDOWS\images.zip C:\445930.exe C:\chanrar.rar I en post lengre oppe, tyder det på at man bør sjekke i prefetch-mappa til windows (søkeresultatet vil fortelle) lssas.exe legger seg også i oppstartsregisteret. Du vil antakelig se den i oppgavebehandlingen. Ved å bruke hijackthis, så vil den ligge som O4 - HKLM\..\Run: [MSN] lssas.exe I cache/temp.filer kan oppføringen: PIC****.jpg-photobucket.com, ligge. Endret 12. januar 2008 av norbat Lenke til kommentar
hardkjerne Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Jeg lurer på om det er noe standardmåte/smørbrødsliste for hvordan å identifisere at en har fått viruset, og deretter for fjerning. Eventuellt om det er noen av anti-virus-programmene som tar dette? Dette fordi det ser ut til at en god del har fått dette, og hadde vært fint å sende til evt de som har fått dette viruset pga av meg. Disse har gjerne ikke noe særlig datakunnskaper, så hadde vært best med et program som gjorde hele greien. Ser ut som om du har peil norbat, noen innspill? Lenke til kommentar
NorwegianAssassin Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Har fått et virus fra en youtube fil, jeg sletta den ntmngr.exe fila. Jeg tror det er bra men hver gang jeg starter opp maskinen så kommer vil du kjøre ntmngr.exe filen? hva skal jeg gjøre? er 11 år og er på gråten her (drit redd) Edit: Kjører avast på grundig skanning nå! Endret 12. januar 2008 av NorwegianAssassin Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå