CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Kaspersky – Super Spider

Kaspersky – Super Spider

Mam wirusa kaspersky pod nazwa Super spider jak to usunac pomocy!!!!Jakim programem ad aware nie pomaga spy bot nie pomaga ani nawet norton antivirus 2004

Odpowiedzi: 6

Napraw :
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=9
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem322O97LW~1.DLL
O20 – AppInit_DLLs: biug8hgipg92dbll~.dll


Przejdz w HJT na Config –> Misc Tools –> Deleted file on Reboot i wklej :

biug8hgipg92dbll.dll.dll.dll.dll.dll.dll.dll
.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.
dll.dll.dll.dll
Potwierdz usuwanie, Reboot.

To samo zrób z 2O97LW~1.DLL
Potwierdz usuwanie, Reboot.

Zobacz jakie nastąpiły zmiany.
McScr@by
Dodano
30.12.2004 15:48:20
to jest skan po tym wszystkim co mowiles

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton Antivirus avapsvc.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32wuauclt.exe
C:DownloadshijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=9
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem322O97LW~1.DLL
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntivirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRA~1GADU–G~1gg.exe" /tray
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O18 – Protocol: cetihpz – {CF184AD3–CDCB–4168–A3F7–8E447D129300} – C:Program FilesHPhpcoretechcomphpuiprot.dll
O20 – AppInit_DLLs: biug8hgipg92dbll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus – Symantec Corporation – C:Program FilesNorton SystemWorksNorton Antivirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE

to jest moze wina plikow tymczasowych ale nie chca sie usunąć
kalasty
Dodano
30.12.2004 10:57:48
nic nie pomaga..... :(
kalasty
Dodano
30.12.2004 00:10:02
Standartowo wyłącz przywracanie systemu,
Zakończ procesy jeśli występują :

ieloader.exe
Q678340.exe

Wyszukaj zaznaczając ukryte pliki, fodery, podfoldery :

ieloader.exe
Q678340.exe
2O97LW~1.DLL
xz2s2e4jzdbjrell.~dll

Dokonaj naprawy (Fix) :

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/hp.htm?id=31403
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=31403
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/hp.htm?id=31403
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem322O97LW~1.DLL
O16 – DPF: {10003000–1000–0000–1000–00000000000x} – ms–its~ieloader.exe
O16 – DPF: {11311111–1111–1111–1111–11111111115x} – file://C:RecycledQ678340.exe
O20 – AppInit_DLLs: xz2s2e4jzdbjrell.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 – Service: hpdj5100 – Unknown – C:DOCUME~1KalastyUSTAWI~1Temphpdj5100.exe (file missing)

Włącz przywracanie systemu i zobacz czy jest jakiś efekt.
McScr@by
Dodano
29.12.2004 20:50:54
Ja juź to czytałem i nic.....wysle ci skan z hijackthis..skanowalem wszystkimi programami ktore podales i nic nie dziala a z tą stroną startowa zmnienioną to nie moge zmienic wedlug twoich instrukcji
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesSpywareGuardsgmain.exe
C:Program FilesSpywareGuardsgbhp.exe
C:Program FilesTrojanHunter 4.0TrojanHunter.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWinampWinamp.exe
C:DownloadshijackthisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/hp.htm?id=31403
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=31403
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://win–eto.com/hp.htm?id=31403
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem322O97LW~1.DLL
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntivirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [Nero DriveSpeed] C:PROGRA~1AheadNEROTO~1DRIVES~1.EXE
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [AcctMgr] C:Program FilesNorton SystemWorksPassword ManagerAcctMgr.exe /startup
O4 – HKLM..Run: [F–Secure Manager] "C:Program FilesF–Secure Anti–VirusCommonFSM32.EXE" /splash
O4 – HKLM..Run: [F–Secure TNB] "C:Program FilesF–Secure Anti–VirusTNBTNBUtil.exe" /CHECKALL /WAITFORSW
O4 – HKLM..Run: [F–Secure Startup Wizard] "C:Program FilesF–Secure Anti–VirusFSGUIFSSW.EXE" /reboot
O4 – HKLM..Run: [THGuard] C:Program FilesTrojanHunter 4.0THGuard.exe
O4 – HKCU..Run: [Window Washer] C:Program FilesWebrootWasherwwDisp.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRA~1GADU–G~1gg.exe" /tray
O4 – Startup: SpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O16 – DPF: {10003000–1000–0000–1000–000000000000} – ms–its:mhtml:file://C:foo.mht!http://greg–tut.com/G7/chm10.chm::/ieloader.exe
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ678340.exe
O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} (GSDACtl Class) – http://launch.gamespyarcade.com/software/launch/alaunch.cab
O18 – Protocol: cetihpz – {CF184AD3–CDCB–4168–A3F7–8E447D129300} – C:Program FilesHPhpcoretechcomphpuiprot.dll
O20 – AppInit_DLLs: xz2s2e4jzdbjrell.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 – Service: F–Secure Anti–Virus 2005 – Unknown – C:PROGRA~1F–SECU~1ackweb4476822ProgramSERVIC~1.EXE
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: F–Secure Gatekeeper Handler Starter – Unknown – C:Program FilesF–Secure Anti–VirusAnti–Virusfsgk32st.exe
O23 – Service: fsbwsys – Unknown – C:Program FilesF–Secure Anti–Virusackweb4476822programfsbwsys.exe
O23 – Service: F–Secure Anti–Virus Firewall Daemon – F–Secure Corporation – C:Program FilesF–Secure Anti–VirusFWESProgramfsdfwd.exe
O23 – Service: F–Secure Management Agent – F–Secure Corporation – C:Program FilesF–Secure Anti–VirusCommonFSMA32.EXE
O23 – Service: hpdj5100 – Unknown – C:DOCUME~1KalastyUSTAWI~1Temphpdj5100.exe (file missing)
O23 – Service: Usługa Auto Protect programu Norton AntiVirus – Symantec Corporation – C:Program FilesNorton SystemWorksNorton Antivirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
kalasty
Dodano
29.12.2004 19:31:53
:arrow: http://www.pestpatrol.com/pestinfo/s/super–spider.asp
Zmieniła się Tobie strona startowa na super–spider com/sp htm?id=~ ?
McScr@by
Dodano
29.12.2004 18:55:11
kalasty
Dodano:
29.12.2004 17:20:56
Komentarzy:
6
Strona 1 / 1