TROJAN W PLIKU SYSTEMOWYM
Mks vir wykryl mi w plikach sysytemowych trojana o nazwie "Trojan.Downloader.Dyfuca.Ei" oraz kilka podobnych ze zmienną końcówką Ei, Dt, Dp.
Zadna akcja nie powoduje jego usuniecia, Co radzicie drodzy uzytkownicy forum?
Zadna akcja nie powoduje jego usuniecia, Co radzicie drodzy uzytkownicy forum?
Odpowiedzi: 5
Do wywalenia napewno:
I jesli nie wiesz co to:
–––UPDATE–––
Jeśli wykrył w Quuzoii.exe to teź do wywalenia.
Aha przed wywaleniem wyłącz przywracanie systemu, a po wywalaniu usuń katalogi:
C:\Program Files\Internet Optimizer
C:\Program Files\Dgshlpp
C:\windows\system32\rlvknlg.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
O2 – BHO: (no name) – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll (file missing)
O4 – HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe –boot
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
I jesli nie wiesz co to:
C:\Program Files\Dgshlpp\Quuzoii.exe
O4 – HKLM\..\Run: [Vdwylwz] C:\Program Files\Dgshlpp\Quuzoii.exe
–––UPDATE–––
Jeśli wykrył w Quuzoii.exe to teź do wywalenia.
Aha przed wywaleniem wyłącz przywracanie systemu, a po wywalaniu usuń katalogi:
C:\Program Files\Internet Optimizer
C:\Program Files\Dgshlpp
Wykryl trojany w tych plikach:
C:\WINDOWS\wsem303.dll(1)
C:\Program Files\Internet Optimizer\optimize.exe(1)
C:\Program Files\Internet Optimizer\actalert.exe(1)
C:\Program Files\Dgshlpp\Quuzoii.exe(1)
Jeszcze raz prosze o pomoc.
C:\WINDOWS\wsem303.dll(1)
C:\Program Files\Internet Optimizer\optimize.exe(1)
C:\Program Files\Internet Optimizer\actalert.exe(1)
C:\Program Files\Dgshlpp\Quuzoii.exe(1)
Jeszcze raz prosze o pomoc.
Logfile of HijackThis v1.97.7
Scan saved at 20:37:47, on 2006–02–09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
D:\system\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Dgshlpp\Quuzoii.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SYSTEM\Winamp5\winamp.exe
D:\Internet\Mat\MOJE PLIKI\INNE\INSTALKI\Software\Hijack\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: (no name) – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll (file missing)
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 – HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 – HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 – HKLM\..\Run: [CTSysVol] d:\system\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 – HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 – HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe –boot
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Vdwylwz] C:\Program Files\Dgshlpp\Quuzoii.exe
O4 – HKCU\..\Run: [BgMonitor_{79662E04–7C6C–4d9f–84C7–88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Microsoft Office.lnk = D:\SYSTEM\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\SYSTEM\MICROS~1\Office10\EXCEL.EXE/3000
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
Scan saved at 20:37:47, on 2006–02–09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
D:\system\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Dgshlpp\Quuzoii.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\SYSTEM\Winamp5\winamp.exe
D:\Internet\Mat\MOJE PLIKI\INNE\INSTALKI\Software\Hijack\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: (no name) – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll (file missing)
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 – HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 – HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 – HKLM\..\Run: [CTSysVol] d:\system\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 – HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 – HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe –boot
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Vdwylwz] C:\Program Files\Dgshlpp\Quuzoii.exe
O4 – HKCU\..\Run: [BgMonitor_{79662E04–7C6C–4d9f–84C7–88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Microsoft Office.lnk = D:\SYSTEM\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\SYSTEM\MICROS~1\Office10\EXCEL.EXE/3000
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
Być moźe nie moźesz usunąć tych plików bo są w jakimś archiwum. W takim wypadku sprawdź co to za archiwum i je usuń jeśli nie jest ci potrzebne.
I faktycznie moźesz wkl;eić loga z HiJackThis
I faktycznie moźesz wkl;eić loga z HiJackThis
mkozlowicz:
Mks vir wykryl mi w plikach sysytemowych...
Jakich plikach? Jak piszesz, źe skaner coś wykrył, to pisz jeszcze gdzie. A w ogóle pokaź loga z HijackThis, to pogadamy jak to usunąć.
Strona 1 / 1