Dryper Skrevet 1. februar 2008 Del Skrevet 1. februar 2008 Heisann, jeg har hatt problemer med et virus som jeg ikke blir kvitt jeg har nå formatert 3 ganger men viruset blir ikke fjernet hvordan er dette mulig når jeg formaterer hele pcen? filen som lager dette helvettet heter kxvo.exe og ligger startup, fjerner jeg den så komer den tilbake med en gang. den ligger i system32. den har klart å deactivere Sjult mappe så jeg ikke finner det. noen som vet hvordan jeg kan klare å få fjernet alt.. jeg må minne på at jeg har fiber med fast ip. har dette noe med saken? Takker for alle svar. Hilsen Dryper Lenke til kommentar
norbat Skrevet 1. februar 2008 Del Skrevet 1. februar 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Dryper Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 ComboFix 08-02.03.1 - Administrator 2008-02-03 19:30:46.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0NVIDT2N\ComboFix[1].exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://www.download.windowsupdate.com hxxp://wwõj+|Cü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶À Î÷+È@™JŸ:®½‰Nêõj+|Cü¤Ì›vad S-1-5-18`€HT4?? 6ÚVwoQZC¬¬D¢HÿóMsC:\WINDOWS\SoftwareDistribution\Download\d7ad181e09f8f85be901c154d46c305e\3d55463bc1c6bf5abe1ecafc253c3e27b782ba33‚ . ((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))) . 2008-02-03 19:27 . 2008-02-03 19:27 152,563 -r-hs---- C:\0h3j2fn.com 2008-02-03 19:27 . 2008-02-03 19:27 69,632 -r-hs---- C:\WINDOWS\system32\fool1.dll 2008-02-03 19:26 . 2008-02-03 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-02-03 19:13 . 2005-06-29 00:43 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys 2008-02-03 19:13 . 2005-06-29 00:43 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2008-02-03 19:01 . 2008-02-03 19:01 <DIR> d-------- C:\WINDOWS\system32\URTTemp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 18:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-02-03 18:27 152,563 --sh--r C:\WINDOWS\system32\kxvo.exe 2008-02-03 17:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-03 17:49 --------- d-----w C:\Program Files\uTorrent 2008-02-03 17:30 --------- d-----w C:\Program Files\Intel 2008-02-03 17:02 --------- d-----w C:\Program Files\Windows Plus 2008-02-01 19:52 146,552 --sh--r C:\m36t.exe 2007-11-16 13:37 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-11-16 03:03 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-11-16 03:03 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-11-16 03:03 8,495,104 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-11-16 03:03 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-11-16 03:03 6,701,056 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-11-16 03:03 6,340,608 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-11-16 03:03 5,742,720 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-11-16 03:03 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-11-16 03:03 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-11-16 03:03 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-11-16 03:03 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-11-16 03:03 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-11-16 03:03 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-11-16 03:03 368,640 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-11-16 03:03 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-11-16 03:03 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-11-16 03:03 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-11-16 03:03 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-11-16 03:03 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-11-16 03:03 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-11-16 03:03 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-11-16 03:03 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-11-16 03:03 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-11-16 03:03 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-11-16 03:03 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-11-16 03:03 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-11-16 03:03 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-11-16 03:03 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-11-16 03:03 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-11-16 03:03 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-11-16 03:03 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-11-16 03:03 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-11-16 03:03 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-11-16 03:03 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-11-16 03:03 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-11-16 03:03 3,547,136 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-11-16 03:03 3,325,952 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-11-16 03:03 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-11-16 03:03 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-11-16 03:03 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-11-16 03:03 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-11-16 03:03 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-11-16 03:03 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-11-16 03:03 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-11-16 03:03 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-11-16 03:03 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-11-16 03:03 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-11-16 03:03 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-11-16 03:03 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-11-16 03:03 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-11-16 03:03 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-11-16 03:03 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-11-16 03:03 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-11-16 03:03 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-11-16 03:03 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-11-16 03:03 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-11-16 03:03 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-11-16 03:03 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-11-16 03:03 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-11-16 03:03 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-11-16 03:03 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-11-16 03:03 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-11-16 03:03 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-11-16 03:03 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-11-16 03:03 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-11-16 03:03 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-11-16 03:03 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-11-16 03:03 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-11-16 03:03 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-11-16 03:03 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-11-16 03:03 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-11-16 03:03 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-11-16 03:03 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-11-16 03:03 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-11-16 03:03 2,363,392 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-11-16 03:03 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-11-16 03:03 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-11-16 03:03 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-11-16 03:03 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-11-16 03:03 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-11-16 03:03 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-11-16 03:03 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-11-16 03:03 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-11-16 03:03 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-11-16 03:03 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-11-16 03:03 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-11-16 03:03 1,146,880 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-11-16 03:03 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll 2007-11-16 03:03 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-16 04:03 8495104] "nwiz"="nwiz.exe" [2007-11-16 04:03 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-16 04:03 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-10 06:00 388608 C:\WINDOWS\system32\cmd.exe] "nltide_3"="advpack.dll" [2004-08-10 06:00 99840 C:\WINDOWS\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) *Newly Created Service* - EHRECVR *Newly Created Service* - EHSCHED *Newly Created Service* - MCRDSVC . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 19:31:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-03 19:31:40 ComboFix-quarantined-files.txt 2008-02-03 18:31:32 Lenke til kommentar
norbat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:h3j2fn.com C:\WINDOWS\system32\fool1.dll C:\WINDOWS\system32\kxvo.exe Trenger ikke å se ny combofix-logg. Sjekk fila: C:\m36t.exe på følgende nettsted: http://virusscan.jotti.org/ (øverst på nettsiden laster du opp fila. Mulig du må slå på "Vis skjulte filer og mapper" for å se fila) Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå