פורסם 2008 במרץ 717 שנים הקספרסקי זיהה לי את הוירוס והוא הדביק לי את הקובץ של הווינדוס svchot ואני לא יכול למחוק אותו.כמו כן בתיקייה היכן שהקבצים מורדים מהאימיול שנמצאת בכונן אחר כל פעם בעת איתחול המחש מחדש מופיעים אלפי קבצי ראר של תוכנות כלשהם.
פורסם 2008 במרץ 717 שנים http://download.bleepingcomputer.com/sUBs/ComboFix.exeתוריד את זה ותפעיל אותו בSAFE MODE
פורסם 2008 במרץ 717 שנים מחבר זה לא עבד הוירוס עדיין ישנו הנה הקובץ לוגComboFix 08-03-07.1 - Koby 03/07/2008 17:40:01.3 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.1754 [GMT 2:00]Running from: C:\Documents and Settings\Koby\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-07 15:37 63,764 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2008-03-07 15:37 5,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx2008-03-07 15:37 4,368,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2008-03-07 15:37 34,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat2008-03-07 11:55 --------- d-----w C:\Program Files\eMule2008-03-07 11:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-03-07 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-03-07 11:49 --------- d-----w C:\Program Files\XoftSpySE2008-03-06 18:17 753,664 ----a-w C:\WINDOWS\system32\NTSpool.exe2008-03-06 18:17 37,888 ----a-w C:\WINDOWS\system32\rar.exe2008-03-04 19:54 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat2008-03-04 19:54 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat2008-03-04 19:43 --------- d-----w C:\Program Files\Kaspersky Lab2008-03-04 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg72008-03-01 01:47 --------- d-----w C:\Documents and Settings\Koby\Application Data\uTorrent2008-02-29 13:27 --------- d-----w C:\Documents and Settings\Koby\Application Data\AVG72008-02-28 14:36 --------- d-----w C:\Documents and Settings\Koby\Application Data\ZoomBrowser EX2008-02-28 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser2008-02-22 09:39 --------- d-----w C:\Program Files\AVI ReComp2008-02-15 12:00 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}2008-02-14 19:17 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys2008-02-14 19:17 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys2008-02-14 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-02-14 19:05 --------- d-----w C:\Program Files\DAEMON Tools2008-02-14 19:05 --------- d-----w C:\Documents and Settings\Koby\Application Data\DAEMON Tools2008-02-14 18:59 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-02-14 18:48 --------- d-----w C:\Program Files\Alcohol Soft2008-02-14 18:31 --------- d-----w C:\Documents and Settings\Koby\Application Data\Ahead2008-02-14 17:01 --------- d-----w C:\Documents and Settings\Koby\Application Data\Microsoft Games2008-02-10 10:56 --------- d-----w C:\Documents and Settings\Koby\Application Data\Bioshock2008-02-10 08:36 --------- d-----w C:\Program Files\ZoneAlarmSB2008-02-10 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier2008-02-10 08:28 --------- d-----w C:\Documents and Settings\Koby\Application Data\Comodo2008-02-10 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo2008-02-08 10:29 --------- d-----w C:\Program Files\SystemRequirementsLab2008-02-07 17:00 --------- d-----w C:\Program Files\DIFX2008-02-07 16:20 --------- d-----w C:\Documents and Settings\Koby\Application Data\InstallShield Installation Information2008-02-07 16:06 --------- d-----w C:\Program Files\AGEIA Technologies2008-02-07 16:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-02-01 18:07 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll2008-02-01 18:07 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll2008-02-01 18:06 --------- d-----w C:\Program Files\Futuremark2008-01-31 20:06 --------- d-----w C:\Program Files\Canon2008-01-31 20:03 --------- d-----w C:\Program Files\Common Files\Canon2008-01-25 13:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll2008-01-25 13:06 --------- d--h--r C:\Documents and Settings\Koby\Application Data\SecuROM2008-01-25 13:00 --------- d-----w C:\Program Files\Lavasoft2008-01-25 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft2008-01-19 10:33 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll2008-01-19 10:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG72008-01-19 10:24 --------- d-----w C:\Program Files\COMODO2008-01-19 10:21 --------- d-----w C:\Documents and Settings\Koby\Application Data\Hewlett-Packard2008-01-18 20:37 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS2008-01-18 20:37 --------- d-----w C:\Program Files\Hewlett-Packard2008-01-18 20:35 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard2008-01-18 17:06 --------- d-----w C:\Program Files\Common Files\LightScribe2008-01-18 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe2008-01-18 17:05 --------- d-----w C:\Program Files\Common Files\Ahead2008-01-18 17:01 --------- d-----w C:\Program Files\Nero2008-01-18 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero2008-01-18 12:08 --------- d-----w C:\Program Files\ICQLite2008-01-18 12:08 --------- d-----w C:\Documents and Settings\Koby\Application Data\ICQLite2008-01-18 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems2008-01-18 09:04 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared2008-01-18 09:04 --------- d-----w C:\Program Files\Common Files\Adobe2008-01-18 08:59 --------- d-----w C:\Program Files\Guitar Pro 52008-01-18 07:56 --------- d-----w C:\Program Files\Mv2Player2008-01-18 00:10 --------- d-----w C:\Documents and Settings\Koby\Application Data\Media Player Classic2008-01-18 00:06 --------- d-----w C:\Program Files\uTorrent2008-01-17 23:03 --------- d-----w C:\Program Files\K-Lite Codec Pack2008-01-17 21:26 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.12008-01-17 19:39 --------- d-----w C:\Program Files\ffdshow2008-01-17 18:41 --------- d-----w C:\Program Files\Mirsh2008-01-17 18:41 --------- d-----w C:\Program Files\Microsoft ActiveSync2008-01-17 18:41 --------- d-----w C:\Program Files\Common Files\InstallShield2007-01-17 11:32 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007011720070118\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]02/10/2008 10:36 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [02/10/2008 10:36 AM 262144][HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM 8523776]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"ShowDeskFix"="regsvr32 /s /n /i:u shell32" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]"Windows Security Tool"= WinSecure.exe"NTSpool"= NTSpool.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= ,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\Program Files\\uTorrent\\utorrent.exe"="E:\\Games\\World in Conflict\\wic.exe"="E:\\Games\\World in Conflict\\wic_online.exe"="E:\\Games\\World in Conflict\\wic_ds.exe"="E:\\Games\\FEAR\\FEAR.exe"="E:\\Games\\FEAR\\FEARMP.exe"="E:\\Games\\FEAR\\FEARXP\\FEARXP.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\eMule\\emule.exe"="E:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="E:\\Games\\Crysis\\Bin32\\Crysis.exe"="E:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="E:\\Games\\Unreal Tournament 3\\Binaries\\UT3.exe"="E:\\Games\\Universe At War Earth Assault\\UAWEA.exe"="E:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="E:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [01/17/2007 01:51 PM]S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe".Contents of the 'Scheduled Tasks' folder"2008-03-07 15:00:00 C:\WINDOWS\Tasks\XoftSpySE 2.job"- C:\Program Files\XoftSpySE\XoftSpy.exe"2008-03-07 11:46:44 C:\WINDOWS\Tasks\XoftSpySE.job"- C:\Program Files\XoftSpySE\XoftSpy.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-07 17:41:23Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 03/07/2008 17:41:51
פורסם 2008 במרץ 917 שנים תיכנס למצב בטוח , תמחק את זה :C:\WINDOWS\system32\NTSpool.exeתוריד את זה DR WEB CUREITftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
ארכיון
דיון זה הועבר לארכיון ולא ניתן להוסיף בו תגובות חדשות.