Показано с 1 по 8 из 8.

I've got some new nasties...

  1. #1
    Junior Member Репутация
    Регистрация
    12.02.2008
    Сообщений
    24
    Вес репутации
    59

    Exclamation I've got some new nasties...

    take a look see..
    Вложения Вложения
    jamesboucher.blogspot.com

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.09.2004
    Сообщений
    3,509
    Вес репутации
    1303
    Please turn off the system restore (how to do it - you can see in the rules).

    Then AVZ - File - Custom scripts
    Execute the following script (copy it, paste it in the script window of AVZ and execute):
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\Documents and Settings\HP_Owner\Local Settings\Temp\syswcc32.exe','');
     DelBHO('{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}');
     QuarantineFile('sockins32.dll','');
     DelBHO('{796D0543-75A7-444B-BED9-236FBBA5FA72}');
     QuarantineFile('C:\WINDOWS\system32\ssqOEWNE.dll','');
     QuarantineFile('C:\WINDOWS\system32\ulplqxjw.dll','');
     QuarantineFile('C:\WINDOWS\system32\sockins32.dll','');
     QuarantineFile('C:\WINDOWS\system32\qcntokdn.exe','');
     QuarantineFile('C:\WINDOWS\system32\jnwnw64o.exe','');
     QuarantineFile('C:\WINDOWS\SMINST\RECGUARD.EXE','');
     QuarantineFile('C:\WINDOWS\system32\wodUpdSv.exe','');
     QuarantineFile('C:\WINDOWS\b2new.exe','');
     QuarantineFile('c:\windows\system32\wodupdsv.exe','');
     DeleteFile('C:\WINDOWS\b2new.exe');
     DeleteFile('C:\WINDOWS\system32\jnwnw64o.exe');
     DeleteFile('C:\WINDOWS\system32\qcntokdn.exe');
     DeleteFile('C:\WINDOWS\system32\sockins32.dll');
     DeleteFile('C:\WINDOWS\system32\ulplqxjw.dll');
     DeleteFile('C:\WINDOWS\system32\ssqOEWNE.dll');
     DeleteFile('sockins32.dll');
     DeleteFile('C:\Documents and Settings\HP_Owner\Local Settings\Temp\syswcc32.exe');
    DelCLSID('66186F05-BBBB-4a39-864F-72D84615C679');
    BC_ImportALL;
    ExecuteSysClean;
    BC_DeleteSvc('MsSecurity1.209.4');
    BC_Activate;
    RebootWindows(true);
    end.
    Your computer will reboot.
    Upload the quarantined files according to the Appendix 3 of the rules. (upload here: http://virusinfo.info/upload_virus_eng.php?tid=22694 )

    Clear your temp folders and the internet cache.
    Make new logs.
    Месть - мечта слабых, прощение - удел сильных.
    Поддержать проект можно здесь

  3. #3
    Junior Member Репутация
    Регистрация
    12.02.2008
    Сообщений
    24
    Вес репутации
    59
    as requested...
    Вложения Вложения
    jamesboucher.blogspot.com

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Much better, but not enough

    Fix these lines in hijackthis:

    Код:
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: http://www.fighthype.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.amaena.com (HKLM)
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)
    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - (no file)
    Please make sure to disable your antivirus, firewall ( i mean your AVG ) and internet!
    Execute the following script @ avz
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    ClearQuarantine; 
     DelBHO('{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}');
     DelBHO('{c900b400-cdfe-11d3-976a-00e02913a9e0}');
     QuarantineFile('C:\WINDOWS\system32\wodUpdSv.exe','');
     QuarantineFile('C:\Documents and Settings\Administrator.CHOMPER\Local Settings\Temp\eqdssnp.exe','');
     QuarantineFile('C:\Documents and Settings\Administrator.CHOMPER\Local Settings\Temp\syswcc32.exe','');
     QuarantineFile('C:\Program Files\webHancer\programs\whiehlpr.dll','');
     DeleteFile('C:\Program Files\webHancer\programs\whiehlpr.dll');
     DeleteFile('C:\Documents and Settings\Administrator.CHOMPER\Local Settings\Temp\eqdssnp.exe');
     DeleteFile('C:\Documents and Settings\Administrator.CHOMPER\Local Settings\Temp\syswcc32.exe');
    BC_ImportAll;
    ExecuteSysClean;
    ExecuteRepair(6);
    ExecuteRepair(8);
    ExecuteRepair(11);
    ExecuteRepair(17);
    BC_Activate;
    RebootWindows(true);
    end.
    Your computer will reboot.
    Upload the quarantined files according to the Appendix 3 of the rules. (upload here: http://virusinfo.info/upload_virus_eng.php?tid=22694 )

    Clear your temp folders and the internet cache.
    Make a new logs.



    P.s. in previus quarantine we did get from you just a copy of the :
    C:\Documents and Settings\HP_Owner\Local Settings\Temp\syswcc32.exe not-a-virus:AdWare.Win32.WebHancer.423 (kaspersky )
    C:\WINDOWS\b2new.exe- Trojan-Downloader.Win32.Agent.otg ( kaspersky)
    C:\WINDOWS\system32\sockins32.dll- not-a-virus:AdWare.Win32.BHO.awz( kaspersky)
    Did you forget to disable an avg before executing our script?
    Последний раз редактировалось drongo; 12.05.2008 в 11:30. Причина: Добавлено

  5. #5
    Junior Member Репутация
    Регистрация
    12.02.2008
    Сообщений
    24
    Вес репутации
    59
    ok done.. no firewall was active and I was disconnected from the net...
    Вложения Вложения
    jamesboucher.blogspot.com

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Ok, i see you have also some web hancer infection. Very nice instructions in
    http://www.2-spyware.com/remove-webhancer.html

    Did you install by yourself the C:\Program Files\SKR\BrowserSniffer.dll - it is keylogger, did you know about it?

  7. #7
    Junior Member Репутация
    Регистрация
    12.02.2008
    Сообщений
    24
    Вес репутации
    59
    No I did not install that or know about it... I do not want a key logger...
    jamesboucher.blogspot.com

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    http://www.smartkeystrokerecorder.com/faq.htm#q7
    Q. How do I remove Smart Keystroke Recorder from my system?

    A. Simply uninstall it by 1) Clicking on Control Panel 2) Click on Add/Remove Programs 3) Choose Smart Keystroke Recorder.

    After cleaning, you can make another logs
    By the way, why you still using an administrator account? About 90 percent malware can't even install in limited user account. Read more: http://www.microsoft.com/protect/com...eraccount.mspx
    Последний раз редактировалось drongo; 13.05.2008 в 12:15.

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00548 seconds with 19 queries