Tema za korisnike koji imaju zaražen računar

[bih123]

Dali mi moze neko pomoc u vezi ovog:
Secunia ID SA16137

Release Date 21 Jul 2005

Software zlib 1.x


Where From remote

"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network.

This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.

Impact DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.


Description Markus Oberhumer has reported a vulnerability in zlib, which can be exploited by malicious people to cause a DoS (Denial of Service) against a vulnerable application.

The vulnerability is caused due to the insufficient size of the code table declared in inflate.h, and can be exploited to cause an application using the zlib library to crash via a specially crafted input file.

The vulnerability has been reported in version 1.2.2. Prior versions may also be affected.

Solution Update to version 1.2.3.

Reported by Markus Oberhumer

Microsoft Word Two Code Execution Vulnerabilities
Secunia ID SA30143

CVE-ID CVE-2008-1091, CVE-2008-1434

Release Date 13 May 2008

Last Change 14 May 2008

Criticality Highly Critical

Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure.

Such vulnerabilities can exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers.

Solution Status Vendor Patch

Software Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Word 2007
Microsoft Office XP
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word Viewer 2003

Where From remote

"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network.

This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.

Impact System access
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.




Description Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

1) An error when parsing objects in rich text format (.rtf) files can be exploited to cause a heap-based buffer overflow e.g. when a user opens a specially crafted .rtf file containing malformed strings with Word or previews a specially crafted e-mail containing malformed strings as rich text or HTML.

2) An error exists in the processing of cascading style sheets (CSS) values and can be exploited to corrupt memory when a specially crafted HTML file is opened using Word.

Successful exploitation may allow execution of arbitrary code

Microsoft Excel Multiple Code Execution Vulnerabilities
Secunia ID SA28506

CVE-ID CVE-2008-0081, CVE-2008-0111, CVE-2008-0112, CVE-2008-0114, CVE-2008-0115, CVE-2008-0116, CVE-2008-0117

Release Date 16 Jan 2008

Last Change 14 Mar 2008

Criticality Extremely Critical

Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild.

These vulnerabilities can exist in services like FTP, HTTP, and SMTP or in certain client systems like email programs or browsers.

Solution Status Vendor Patch

Software Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007

Where From remote

"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network.

This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.

Impact System access
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.




Description Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

1) An error in the handling of macros can be exploited via a specially crafted Excel file to execute arbitrary code.

NOTE: According to Microsoft, this vulnerability is currently being actively exploited.

2) An error when processing data validation (DVAL) records can be exploited to corrupt memory via a specially crafted Excel file.

3) An error when importing files into Excel can be exploited via a specially crafted .slk file.

4) An error in the handling of style records can be exploited to corrupt memory via a specially crafted Excel file.

5) An error in the parsing of formulas can be exploited to corrupt memory via a specially crafted Excel file.

6) An error in the handling of rich text values can be exploited via a specially crafted Excel file.

7) An error in the handling of conditional formatting values can be exploited via a specially crafted Excel file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

[bih123]

Ako ima neko da mi pomogne oko ovog ja stvarno nemam pojma oko hijackthis zahvaljujem unaprijed

[bih123]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:25, on 6.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~2\Office12\Groove.exe
C:\Users\03072008\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...PUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9DD598C-FC2D-4741-9AE9-75857C6C93A0}: NameServer = 77.74.231.115
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe

--
End of file - 5709 bytes

[loznicanin]

Jednom mi windows izbaci upozorenje da je zarazen i ostecen i dok sam shvatio sta se desava preuzeo je neki IE antivirus.On je skenirao nasao svakakvi zivotinja ali nije mogao da brise trazio je registraciju programa.Onda mi je neko rekao da da je to navlakusa i da izbrisem taj program.Inace koristim kasper sedam kao zastitu i jos neki spuvare terminator.Posle brisanja tog IE antivirusa mi je radio komp solidno nekih 7 meseci i pre neki dan dobijem isto upozorenje i isto ide na skidanje tog programa.Za nekih pola sata nekakva zivotinja mi je unistila komp.Kasperski nista nije nalazio a ja nisam mogao da otvorim ni jednu fasciklu odma Windows upozorenje i krece na internet.Posle deset minuta sistem pao sve particije razj...ne i nisam mogao da dignem sistem samo prodje prvo ucitavanje mesto da prvi put pokrene sistem on me vrati na pocetak.Formatiro sam sve particije napravio nove i uspeo neki stari bekap da postavim.Sad radi i probo sam sad mogu da dignem sistem na bilo koju particiju.Posto sam tek veceras nasao ovo pregledao ljudi koji imaju dosta iskustva znace da mi odgovore kakvu sam to zivotinju pokupio.

[skorpija49]

Instalirala sam AVG Free 8.0 i aktivirala skeniranje celog racunara. Pronasao je 3 razlicita virusa, a 14 zarazenih fajlova. Virusi koje je pronasao su: Win32/PolyCrypt, HTML/Framer. AK i JS/Psyme. Sva tri se nalaze na lokaciji C/Documents and settings/Local settings/Teporary Internet files. Problem je sto, kada udjem u Documents and settings, ne postoji folder Local settings. Gde to moze da bude smesteno, i koliko su opasni ovi virusi? Da li je dovoljno baciti ih u karantin, ukoliko nece da se obrisu?:???:

[Sami_91]

znaci ovako ja sam prvo koristio ESET NOD 32 i sve je bilo uredu,medzutim sada su mi se pojavili spyweri,dialer,trojan,rogue,adware,worm(tipovi necega veze nemam cega koje je otkrio antivirus 20099veze nemam odaklemi mozda doce uz windows:???
i sada mi konstantno prave probleme izbacujemi one glupe baloncice stalno,konekcija mi je sporija ali je nema nikako,.....e sad sam malo pronjuskao po netu i naisao na neki anti spywer ili nesto tako(neznam kako se tacno zove) ali nije puno pomogo nakon skeniranja on je pobrisao par tih fajlova i nista vise da nadze.Antivirus 2009 je u pocetku nasao 47 ovih glupih stvarcica ali nakon skeniranja sa onim antispywerom sad ih ima 36.Ali problemi jos nisu nestali naravno pokadzate sporija konekcija i sporiji rad kompa uopste.
pa posto se nerazumijem u ove stvari puno zamolio bih nekoga da mi preporuci neki program da pobrisem ova sranja,hvala

[zeksiv]

Kada ukljucim komp, cim se pokrene sistem, odmah mi se na desktopu ukljuci My Documents.....onda isto kada prikacim MP4 u svakom folderu na MP4 mi se pojavljuje jos jedan folder sa imenom foldera u kome se nalazi, a kada udjem u njega opet se aktivira My Documents. I jos nesto, nekoliko tokom dana, iz cista mira cuje se CONGRATULATIONS, YOU ARE.....Da li je ovo neki virus, i kako da ga uklonim? Unapred hvala.

[Southwind]

Imao je to moj drug u kompu,mnogo se jednostavno uklanja.
Imash li uopshte neki antivirus?
Mislim da beshe crv....

[zeksiv]

Instalirao sam Kaspersky 2009 i odmah mi prikazao crve. Bio neki trojanac.......

[Southwind]

Jesi reshio problem?

[zeksiv]

Jesam.......

[pain_killer]

da li neko zna kako zarobiti virus i usnimiti na flopy...

do pre par dana sam imao 2800 virusa u racunaru i radio nov sistem.... od tada imam jaku zelju da napravim kolekciju virusa ( pogotovo posto sam saznao odakle su dosli svi ti virusi)


posto nisam stalno na forumu zamolio bih nekog da mi odgovori na mail:
[email protected]

[Southwind]

Jedino neki zarazheni fajl da kopirash na flopy

[pain_killer]

moze li da se izdvoji samo virus pa da se on nalepi na instalaciju ....necega????

[Southwind]

To znaju iskusniji

[pain_killer]

ok

nadam se da ce neko od njih videti ove porukice ovih godina...

[GostM]

moze li da se izdvoji samo virus pa da se on nalepi na instalaciju ....necega????

A ti bi malo da budeš zločest?!

[Error]

poz imam mali problem
komp mi se gasi jednostavno kao da sam ga izvuko iz struje pokušao sam da reinstaliram c particiju i u toku reinstalacije se gasio par puta tako da sam jedva reinstalirao windows ali sve se dešava i dalje imam avast redovno nadograđivan

[pain_killer]

A ti bi malo da budeš zločest?!

ma neeeeeeeeee

[bojan-92]

Da li se nekom desilo da prilikom:

1) Igranja bilo koje igre
2) Pokretanjem programa za obradu video snimaka
3) Prilikom skeniranja virusa

Da li se nekom desilo da mu se tad kompjuter jednostavno restartuje, unapred hvala

[kreptoman]

jel mi verujesh da mi se desilo u sva 3 sluchaja

[GostM]

Da li se nekom desilo da prilikom:
1) Igranja bilo koje igre
2) Pokretanjem programa za obradu video snimaka
3) Prilikom skeniranja virusa
Da li se nekom desilo da mu se tad kompjuter jednostavno restartuje, unapred hvala

I kakve veze ovo pitanje ima sa gore pomenutom temom?! Bolje prestani da spam-uješ, jer si već 2 teme postavio sa istom problematikom!

[nissan]

Hoce li mi neko pomoci,instaliro mi se "antivirus XP 2008" ustvari virus(stalno me obavjestava da ima 2883 virusa) al nikako da ga se oslobodim niti da ga obrisem (add or remove programs) kako ? Imam antivirus AVIRA al ne pomaze hoce li mi neko pomoci oko toga i da li ja to sam tj. uz vasu pomoc mogu rijesiti ili da nosim racunar u servis, odma da napomenem vrlo malo znam o racunarima.Ako neko hoce da mi pomogne neka sto jasnije objasni postupak ili je to ipak nemoguce objasniti ovako preko foruma,onda mi ostaje samo servis.

[Rothschild]

Skini Malwarebytes' Anti-Malware izvrsi update i izaberi opciju perform full scan.

[bojan-92]

I kakve veze ovo pitanje ima sa gore pomenutom temom?!

Sumnjam da su virusi