Imam virus - kako da ga uklonim

[hercules]

Ovaj topik sam zamislio da forumasi postuju koji problem imaju sa vuirusima a ostali forumasi i moderatori pomognu kako da se uklone. Ja evo 3-4 dana dobijam poruku pokazanu na slici. Napominjem da skeniranje u safe modu sa notronom 2005, nod32, pestpatrolom, ad-awerom i spybot nisu pomogli. Naravno svi su updateovani. Naravno nisam bio lijen pa sam skinuo HDD ponio kod druga skenirao ga kasperskim i nije nasao nista. Sto da radim?Evo kako to isgleda

[Hari Krisna]

http://securityresponse.symantec.com...yteverify.html

[hercules]

Hari zahvaljujem reci mi skodi li ako system restore mi stoji stalno iskljucen. Jesam li na gubitku velikom i moze li mi to koliko pomoci. Tvoje misljenje?
Hvala jos jednom

[NAGUAL]

Ajde osjetih se pozvan, poslije gomile servisiranih kompjutera i mreza, da te posavjetujem: drzi system restore aktivnim, ponekad izvadi iz nevolje da ne mozes da vjerujes kako lijepo)
I sto je najvaznije - brzo!
Kad uklanjas viruse, iskljucis, kad nemas problema ukljuci.

[Undead]

E owako ja sam imao prije reinstalacije windowsa jedan virus ali me i sad zanima moze li se kako `trajno` mac.
Instalira sam ga neđe s interneta i nisam ga mogao nikako obrisat. Maknem sve fajlove i ocitim iz registry baze ali se on nakon paljenja kompjutera ponovo sam instalira?

[Hari Krisna]

Tesko je precizno reci ako ne kazes koji je bio virus, a nesto se ne mogu sjetiti koji se ne moze se trajno skinuti.

[hercules]

Momcovi, ovo nije pomoglo. Naime updateovani Norton imam i Nod32 isto. Iskljucio sam system restore i scan uradio u safe mode i zavrsilo se sve i na kraju kad sam upalio kompjuter opet mi se isto javilo
Ima li pomoci, da li da hijckthis log izbacim?
Hvala unaprijed svima
Pozdrav
Milos

[Ravell]

Heh, trojanci, je li Hoce oni da koriste _restore, pa znaju da budu prava napast.

Hijack this uvijek dobro dodje. Ne bih da stvaram pometnju, ali Kav ubija namrtvo

Hajde ti postuj HijackThis, pa cemo dalje da radimo.
G.

[djbojan]

bogami sam ja taj virus ocistio sam pandicom i to onom najstarijom

www.pandasecurity.com probaj online ciscenje. ne moze da skodi, a uz to je i besplatno.

[hercules]

Nadam se da sam dobro uradio ovaj log. A ono sto me zabrinjava da me sad na sve vise i vise fajlova podsjecaju ove notifikacije. Kao da se razmnozava kao mravi

Logfile of HijackThis v1.97.7
Scan saved at 3:48:08 PM, on 4/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Atguard\iamserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Sa RW\programi\Programi\Antivirusi&Adawers&Windows\Pe st patrol\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cg.yu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Desktop Currency Converter (HKCU)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .avi: C:\Program Files\Opera\PLUGINS\NPFgc2.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .msi: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107299665781
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...395.6301157407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/downlo...IDGatherer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{924E669C-62A6-4F01-B987-595E9BA9E660}: NameServer = 195.66.160.1 195.66.160.2

[Ravell]

- Ukoliko imas neke elemente disable-ovane u startup-u, enable-uj ih.
- ukljuci opciju "show hiden files and folders" (folder options>view)

1.) Iskljuci system restore

2.) iskoristi "disc cleanup" da ocistis racunar (posebno temporary internet files)

3.) Update-uj antivirus(e) i antyspyware(e)

4.) Sa HijackThisom pobi ove ulaze:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

5.) restartuj racunar u safe mode-u

6.) preskeniraj racunar sa AVom i ukloni sve sto nadje

7.) preskeniraj racunar sa Ad-Aware SE (perform full system scan!)

8.) pokusaj da lociras ovae fajlove i obrisi ga rucno:
- C:/windows/temp/tmpBOA.tmp,
- C:/windows/nwiz.exe ili
- C:/windows/system32/nwiz.exe ili
- C:/windows/temp/nwiz.exe
TAKODJE MOZES KORISTITI WINDOWS SEARCH OPCIJU

9.) restartuj racunar

10.) ukljuci system restore.

11.) postuj novi HJT log.

[hercules]

Momcadi probao sam ovo i uradio sve kako pise ali opet isti problem. Danas nisam opet pokusavao jer su mi operisali zub, nisam ni za sta a kamoli za ovo. Javljam se sjutra.
Budite pozdravljeni.
P.S. Ravell ovaj fajl nwiz.exe je od graficke kartice, makar njena slika stoji na to mjesto. Zasto bih to brisao?

[Ravell]

Pa prosto, radi onoga sto stoji poslije tog fajla... /instal. Ali, ako ti je muka, ili ako mislis da ce ti to nesto s'ebati na racunaru, onda nemoj

Imas dva antivirusa, milion antispajvera, pa opet nista. Probaj ovo: http://www.topspywarereview.com/main...sloader.b.html

[hercules]

Evo najnovijeg hijackthis loga sve je enabled sto je moguce bilo. Ravell probacu ovo pa se javljam sjutra. Nadam se da ce ovo pomoci, a i ovaj moj hijackthis log
Logfile of HijackThis v1.97.7
Scan saved at 12:09:58 AM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Atguard\iamserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Wincmd\TOTALCMD.EXE
D:\Sa RW\programi\Programi\Antivirusi&Adawers&Windows\Pe st patrol\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cg.yu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RAMSaverPro] c:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Desktop Currency Converter (HKCU)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .avi: C:\Program Files\Opera\PLUGINS\NPFgc2.dll
O12 - Plugin for .exe: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .msi: C:\Program Files\Opera\PLUGINS\NPFgc1.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1107299665781
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...395.6301157407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/downlo...IDGatherer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{924E669C-62A6-4F01-B987-595E9BA9E660}: NameServer = 195.66.160.1 195.66.160.2

[Ravell]

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) - Ovaj ti ni za sta ne treba!

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime - ovaj ti je u startupu, od quicktimea, ako ti ne treba, ukoni ga, jede ti ram. QuickTime se instalira putem websajtova, nekada uz dozvolu, nekada svojevoljno. Ti odluci.

O10 - Broken Internet access because of LSP provider 'imon.dll' missing - Ovaj neka te ne buni, to je od NODa. Ako ga uklonis, nece ti raditi mail protection.

Ovo je sve sto sam ja nasao, a nema nikakve veze sa trojancima. Ne znam sta bih ti rekao, imas dva AV programa, pest patrol, norton internet security i AT Guard. Mnogo je druze, bas mnogo. Zivo me zanima kako ti radi racunar. Da li se bootuje dugo, ili da li ti se nekada ranije desilo da ti se ODJEDNOM poveca boot time racunara.

Ludnica brate

U procesima isto tako nisam nasao nista sumnjivo. Po meni, mozda imas trojanca na racunaru, ali nije aktivan. Inace, trojanci nisu opasni ukoliko koristis firewall. Bez obzira, treba da se ukone! Takodje me buni sto na symantecovom sajtu taj virus smatraju "virusom koji se lako uklanja". NOD, NAV, Panda, KAV, svi bi trebali da ga uklone iz Safe Mode-a. No dobro.

A uklonicemo ga, pa makar i za godinu dana Probaj sa XoftSpy+AdAware.

[Ravell]

- Jesi li ti pokusao da obrises virus?

- Probaj ovo: posto ti ne koristis IE, samo cu ti reci da pobrises cookies i History (Delete all offline content). Kada uklonis cookies, pazi da imas sva login imena i passworde za sajtove na koje se logujes i sl.

- Takodje, idi Start>Run> u polje ukucaj: %temp% i obrisi sve sto tamo nadjes.

- Probaj i ovo, ovo bi bas moglo da pomogne: Control Panel, pa nadji Java ili WebPlugin, otvori ga, nadji Cache tab... zatim, koristeci CLEAR buton isprazni Java cache (ili klikni ovdje za tutorial).

- A imas i ovo: http://www.misec.net/products/TrojanHunter.exe (5.93MB download). Ne zaboravi da ga updateujes nakon instalacije.

[hercules]

Uhhhh, danas sam definitivno penzionisao Norton 2005. Dao sam symnatec-u sanse vise nego iko ja mislim i pokusao sam da instaliram kaspersky i sve ide fino, i onda restartujem racunar i kad se sistem butuje upali se sve ucita sve ikonice i cuda i odjednom zablokira kompjuter. Sumnjam da je zbog kasperskog
E, sad imao sam ogromnihhhhhh muka sa windows-om i ponestaje mi strpljenja. U narednom periodu sam u skripcu sa vremenom zbog kolokvijuma i ispita i nesto mi se ne radi reinstalacija i back-up ovih podataka. Evo skidam najnoviji kasperky 5.0.20 dako sa njim bude mnogo bolje. Uhhhhh
E da prije mi je racunar odlicno radio. Sistem se podizao za oko minut i po Ravell
Imam 512 DDR koji rade na 266 Mhz cini mi se Ali kad me snadju opvakve muke dodje mi da polomim cijeli kompjuter
Javljam sjutra kako napr4eduje ovo sa kasperskim. Ali ovo sto mi bplora kompjuter kad njega instaliram me cudi....
Pozdrav i hvala svima.
Ravell kad ces biti u PG? Moram te vodit na pice i kolace makar :wink:

[Ravell]

Pa, ukoliko si ostavio Nod32, ne treba ti razmisljati dalje. A kada to sredis probaj i ovo zadnje sto sam ti rekao.

Podizanje sistema sa 512MB rama za 1,5 min. i nije bas pohvalno. I samo da znas, da je obrnuta situacija, npr. da si ti racunar, a da je racnar ti - mislim da on tebe ne bi toliko patio :P

Evo ovako, ukoliko se odlucis za Kasperskog, a imas ga vec instaliranog na racunaru, zajedno sa NOD-om:

- prvo deinstaliraj Kasperskog
- zatim deinstaliraj Nod32
- restartuj racunar
- iskoristi WinToolsPro da pocistis nepotrebne fajlove i da ocistis registri
- restartuj racunar
- insaliraj Kasperskog
- update!
- Scan!
(ako bude kakvih poruka o greskama, postuj ih ovdje).


Ukoliko si emotivno vezan za Nod32, ostavi samo njega, to je jedan jako dobar AV program.

[hercules]

Imao sam ludu srecu da mi je administratorka mreze pozajmila novi Wester Digital HDD i na njemu sacuvao podatke i odradio formatiranje i reinstalaciju windowsa. E sad instalirao sam kaspersky 5.0.20 personal pro, jos samo da nadjem neki kljuc koji radi i bice dobro. E da naporno li je skidat update na 56k uhhhh
Hvala svima koji su pomogli, ali ja ono nikako nisam mogao da rijesim. Cak mi je u kompjuter zablokirao bio. Jedino je u safe mode radio :roll:
Nadam se da sa kaspersky-im necu imat ovih muka. Javljam se sjutra i izbacit hijackthis nove instalacije da vidim sto mogu mac od nje odmah

[Ravell]

Samo nemoj opet da verglas sa dva AV programa, da te zamolim

[hercules]

Ne ne, necu ovaj put nikako
KAV 5.0.20, Ad-Awere, Spybot, Pest Patrol, Registry mecahnic i Wintools. Naravno ubacicu i At guard i trebalo bi da bude dovoljno.
Zezne li me kaspersky tesko vama
Ravell evo novog hijackthis loga. Sto moze da nestane odavde?
Logfile of HijackThis v1.97.7
Scan saved at 12:43:26 AM, on 4/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\PESTPA~1\PPUPDA~1.EXE
D:\Sa RW\programi\Programi\Antivirusi&Adawers&Windows\Pe st patrol\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cg.yu/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Desktop Currency Converter (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{192E9034-CE5B-4ACC-9803-9668A6903E2D}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{192E9034-CE5B-4ACC-9803-9668A6903E2D}: NameServer = 195.66.160.1 195.66.160.2

[Ravell]

Pod broj jedan ovo:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

To su redovi koji ne valjaju. A sada, veliko je pitanje startup-a, zavisi sta ti tamo treba. Ja ti mogu pokazati na mom primjeru:

O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

Samo ovo se nalazi kod mene u startupu. Ali, ovo je nesto sto ti sam moras da odlucis. Ja ti mogu reci sta ti definitivno nije potrebno:

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

Ima tu jos jedna opcija od nera, burn-on-fly, ali to moze biti korisno ponekad (to je ovaj inCD). Imas tu par stvari od graficke kartice, zatim ne znam da li ti treba HP diagnostic (to je ovaj StatusClient.exe /auto). Sve zavisi koliko ti sta treba, koliko sta zaista koristis. Dosta tih stvari mozes da disableujes preko interfejsa programa.

Naravno, sacekaj neko vrijeme, mozda ti jos neko da kakav korisan savjet. To je uvijek preporucljiva solucija - sacekati vise razlicitih odgovora.

[Desert Eagle]

Ljudi imam ludachki problem. Naime, trika nema da mogu promijeniti pozadinu na kompjuteru. Skenirao sam komp regularno, pa i u safe mode-u i opet ista stvar. Isto sam skenirao sa ad-awarom i spyware nukerom i opet ista stvar. Na pozadini mi pishe neshto kao a fatal erorr in IE occured.. Ima li mi pomochi bez formatiranja?

[Hari Krisna]

Probaj sa http://www.emsisoft.com/en/ ima dobru bazu trojana ili mozda http://www.windowsecurity.com/trojanscan/ ako ne pomogne daj hijckthis log jer je vjerovatno neki trojan u pitanju.

[Desert Eagle]

Skenirao sam sa oba ta i nishta mi nije prijavilo. Izbacicu log kad dodjem s posla.