Worm32.Netsky
Prikazujem rezultate 1 do 16 od 16

Tema: Worm32.Netsky

  1. #1
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Worm32.Netsky

    Komp mi je poludeo!
    Dobijam obavestenje u prozorcicu kako sam zarazen virusima i da treba sa neta da skinem program kojim cu ih ukloniti.Takodje mi se na desktopu pojave 3 ikonice (precice ) i ne mogu da ih pronadjem gde su usnimljene(Find target).Na desktopu mi se pojavio cudni Wallpaper.
    Inace racunar je Intel 2GHz,512RAM ,NOD 32 Antivirus ,Ad Aware ,Registry mechanicks.
    Pokusao sam da sredim viruse u safe modu i sto je AV pronasao to sam i obrisao.Resetovao komp kad ono opet isto.

    Stalno iskace prozor opomene.
    Evo saznao sam u pitanju je :Worm32.Netsky
    Kako ga se resiti,i dovesti komp u normalu?
    Pomagajte !
    Poslednji put ažurirao/la mexxx : 17.11.2007. u 23:36 Razlog: Greska



  2. #2
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: Worm32.Netsky

    http://forum.krstarica.com/showthread.php?t=167305
    Da li si procitao ovu temu???
    Ako nisi, onda procitaj i uradi kako je tamo napisano..

  3. #3
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Re: Worm32.Netsky

    Da ,Da sve sam uradio.
    Skenirao sam sa azuriranim NOD 32 i AdAware u safe modu nesto je pronasao obrisao sam ali ne pomaze.
    Na desktopu se pojavila cudna slika i tri ikonice koje ne mogu da nadjem gde su instalirane(ovo su
    samo precice)
    Sta dalje?
    Poslednji put ažurirao/la mexxx : 18.11.2007. u 00:13 Razlog: dopuna

  4. #4
    kolik nije na forumu
    Nemam sta pametno za reci, al reko ipak nesto da napisem
    Zainteresovan član
    Učlanjen
    06.06.2004.
    Pol
    muški
    Lokacija
    sm
    Poruke
    489
    Reputaciona moć
    54

    Podrazumevano Re: Worm32.Netsky

    ja sam ga sinoc zaradio ....... skini program SMITFRAUDFIX nije veliki, idi redom po stavkama brisi obavezno u safemodu kao u programu i trebalo bi da ga obrise tj ta 3 programa. medjutim kad sam se ponovo nakacio na net on se povratio ,skeniro sam sa S&D i nodom nesto malo naso ,pa cemo da vidimo kako sad radi .

    @mexxx
    ako nest novo nadjes javi .....da cujem ...poz
    ne

  5. #5
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Worm32.Netsky

    @mexx:

    Ako/kad opet pročitaš onu temu, videćeš da si trebao da postaviš logfile programa HijackThis.

    A sad odradi sledeće: prvo privremeno isključi NOD32, tj. deaktiviraj module AMON i IMON kako bi mogao da downloaduješ program sa donjeg linka.

    Preuzmi SmitfraudFix.

    • Restartuj kompjuter u Safe Mode (pritiskuj F8 pri paljenju kompjutera i izaberi Safe Mode iz menija)
    • Dvoklikom pokreni SmitfraudFix.exe
    • Izaberi opciju #2 - Clean kucajući 2 i Enter
    • Sačekaj da se čišćenje i Disk Cleanup završe
    • Biće ti postavljeno pitanje: "Registry cleaning - Do you want to clean the registry ?" odgovori "Yes" kucajući Y i Enter
    • Program će takođe proveriti da li je wininet.dll inficiran. Ukoliko jeste, bićeš upitan(a) oko zamene wininet.dll. Odgovori "Yes" na pitanje "Replace infected file ?" kucajući Y i Enter


    Možda će biti potreban restart da bi se završio proces čišćenja; ukoliko se kompjuter automatski ne restartuje, ti to učini.
    Ovaj program će napraviti logfile C:\rapport.txt koji je potrebno iskopirati u temu na forumu.


    Znači, odradi ovo, postavi log koji ti ovaj program napravi i postavi HT log (isprati uputstvo!).

  6. #6
    kolik nije na forumu
    Nemam sta pametno za reci, al reko ipak nesto da napisem
    Zainteresovan član
    Učlanjen
    06.06.2004.
    Pol
    muški
    Lokacija
    sm
    Poruke
    489
    Reputaciona moć
    54

    Podrazumevano Re: Worm32.Netsky

    @dr_bora
    mozes li da vidis moj log ,da kazes o cemu se radi ??
    SmitFraudFix v2.253

    Scan done at 21:51:32.23, 17-Nov-07
    Run from D:\SOFTWARE\PROGRAMI\Internet\SmitFraud Fix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\mile\FAVORI~1\Error Cleaner.url Deleted
    C:\DOCUME~1\mile\FAVORI~1\Privacy Protector.url Deleted
    C:\DOCUME~1\mile\FAVORI~1\Spyware?Malware Protection.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
    ne

  7. #7
    kolik nije na forumu
    Nemam sta pametno za reci, al reko ipak nesto da napisem
    Zainteresovan član
    Učlanjen
    06.06.2004.
    Pol
    muški
    Lokacija
    sm
    Poruke
    489
    Reputaciona moć
    54

    Podrazumevano Re: Worm32.Netsky

    a evo i hijack

    Logfile of HijackThis v1.99.1
    Scan saved at 00:58:36, on 11/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\SOFTWARE\PROGRAMI\Internet\HijackThis\hijackthi s\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {7280EE0E-0504-43BA-8DEA-A63490C936B2} - C:\WINDOWS\system32\dmcompo.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - Startup: Shortcut to speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0B2A51C-8AF1-4AAF-B4B4-49A0E5655FBA}: NameServer = 80.74.160.38 80.74.160.12
    O21 - SSODL: nopctrl - {E3A52FBE-3F6A-4C19-AC05-6C073B7A9A7E} - C:\WINDOWS\nopctrl.dll
    O21 - SSODL: ddkret - {3F185FBD-00BA-4FF0-8CF9-51E51929DA38} - C:\WINDOWS\ddkret.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    ne

  8. #8
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Worm32.Netsky

    Vidim u čemu je problem. No, ovo je ''mexxx-ova'' tema...

    Molim te, otvori drugu temu i tamo postavi ove logove a poruke iz ove teme obriši.

  9. #9
    kolik nije na forumu
    Nemam sta pametno za reci, al reko ipak nesto da napisem
    Zainteresovan član
    Učlanjen
    06.06.2004.
    Pol
    muški
    Lokacija
    sm
    Poruke
    489
    Reputaciona moć
    54

    Podrazumevano Re: Worm32.Netsky

    uradio sam za 90 min reinstall win , i evo leti sistem .ja sam kriv jer me je nod upozorio al sam
    ignorisao, tako da od sada slusam machinu ......

    poz
    ne

  10. #10
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Re: Worm32.Netsky

    Uradio sam sve prema uputstvu dr_Bore,ali pre toga sam u safe modu obavio scan sa NOD-om,Ad-Awerom(ocistio 92 mala djubreta) i procesljao sa Registry Mechanicom i poravio greske koje je nasao.Evo logova posle svega uradjenog : .

    SmitFraudFix v2.253

    Scan done at 17:32:14,34, ned 18.11.2007
    Run from C:\Documents and Settings\Sinisa\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Logfile of HijackThis v1.99.1
    Scan saved at 17:36:15, on 18.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Sinisa\Desktop\hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: The bonsws - {3FDA21ED-312C-44DD-9030-A2DC90FD1CCD} - C:\WINDOWS\bonsws.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O21 - SSODL: ddkret - {EC985BB0-DE24-4E6F-AD93-3B98BA1BCA90} - C:\WINDOWS\ddkret.dll
    O21 - SSODL: nopctrl - {48866F1A-3BA8-462D-A054-6027AF395326} - C:\WINDOWS\nopctrl.dll
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  11. #11
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Worm32.Netsky

    Preuzmi The Avenger.
    Preuzmi file skripta.txt koji je priložen uz poruku.
    • Raspakuj arhivu u neki folder
    • Dvoklikom pokreni avenger.exe
    • Klikni na taster OK u prozoru koji se otvori
    • Klikni na taster - pronađi file skripta.txt, obeleži ga i klikni na taster Open
    • Klikni na taster , a zatim klikni na taster Yes u sledeća dva prozora koji će se otvoriti
    • Kompjuter će se automatski restartovati.
    • Kada proces bude gotov, logfile c:\avenger.txt će se otvoriti u Notepad-u
    • Iskopiraj sadržaj tog loga u temu na forumu


    Takođe postavi i novi HT log (prethodno promeni naziv file-a iz ''hijackthis'' u ''123'').
    Priloženi fajlovi Priloženi fajlovi

  12. #12
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Re: Worm32.Netsky

    Sve uradjeno po uputstvu :

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\ckpsqwkt

    *******************

    Script file located at: \??\C:\WINDOWS\umcaptax.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\oprevgkx.dll deleted successfully.
    File C:\WINDOWS\bonsws.dll deleted successfully.
    File C:\WINDOWS\ddkret.dll deleted successfully.
    File C:\WINDOWS\nopctrl.dll deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.



    Logfile of HijackThis v1.99.1
    Scan saved at 18:56:13, on 18.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sinisa\Desktop\hijackthis\123.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O3 - Toolbar: The bonsws - {3FDA21ED-312C-44DD-9030-A2DC90FD1CCD} - C:\WINDOWS\bonsws.dll (file missing)
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O21 - SSODL: ddkret - {EC985BB0-DE24-4E6F-AD93-3B98BA1BCA90} - C:\WINDOWS\ddkret.dll (file missing)
    O21 - SSODL: nopctrl - {48866F1A-3BA8-462D-A054-6027AF395326} - C:\WINDOWS\nopctrl.dll (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  13. #13
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Worm32.Netsky

    Pokreni HT, skeniraj i čekiraj sledeće linije:

    O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll (file missing)
    O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
    O3 - Toolbar: The bonsws - {3FDA21ED-312C-44DD-9030-A2DC90FD1CCD} - C:\WINDOWS\bonsws.dll (file missing)
    O21 - SSODL: ddkret - {EC985BB0-DE24-4E6F-AD93-3B98BA1BCA90} - C:\WINDOWS\ddkret.dll (file missing)
    O21 - SSODL: nopctrl - {48866F1A-3BA8-462D-A054-6027AF395326} - C:\WINDOWS\nopctrl.dll (file missing)

    Klikni Fix Checked.

    ----------------------------------------------------------------------------------------------------------------------------------

    Restartuj kompjuter i postavi novi HT log.

    Takođe, ako ti nije prevelika gnjavaža, bio bih ti zahvalan da mi uploaduješ file:
    C:\avenger\backup.zip
    Maogao bi na RapidShare da ga uploaduješ (ako je prevelik da se priloži uz poruku).

  14. #14
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Re: Worm32.Netsky

    Ma kakva gnjavaza!Naravno da cu uploadovati taj file!
    Da li je sada ovo OK ? Da li je potrebno da svojoj "odbrambenoj liniji" (imam NOD 32 v2665,Ad aware,i registry mechanic )dodam neki novi AV,Firewall... ?Ako se ne varam ovaj me je virus (Worm32.Netsky) mucio pre mozda 3 meseca ,ali sam tada izgubio zivce brzo pa sam ceo sistem reinstalirao i formatirao hard.Doduse tada sam imao samo XP SP1 a sada sam dodao "dvojku".
    U svakom slucaju MNOGO HVALA na pomoci i ulozenom trudu!

    Avenger\backup.zip :
    http://rapidshare.com/files/70658568/backup.zip.html

    Logfile of HijackThis v1.99.1
    Scan saved at 22:36:02, on 18.11.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Documents and Settings\Sinisa\Desktop\Programi\Malware fix tool\hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
    O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  15. #15
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Worm32.Netsky

    Hvala na file-ovima. Log je sada čist.

    Što se tiče infekcije... Nije bio Worm32.Netsky u pitanju već SmitFraud.
    Poenta ove infekcije je da te ubedi kako imaš gomilu virusa i da kupiš neki lažni AV.
    Inače, najveći broj ovih infekcija nastaje na sajtovima za odrasle ( 8-), ne kažem da je to i ovde bio slučaj, već samo napominjem )

    Što se tiče softvera, mogao bi eventualno da instaliraš firewall ili bar drži Win. FW aktiviran.

  16. #16
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Re: Worm32.Netsky

    Citat Original postavio dr_Bora Pogledaj poruku
    Hvala na file-ovima. Log je sada čist.

    Što se tiče infekcije... Nije bio Worm32.Netsky u pitanju već SmitFraud.
    Poenta ove infekcije je da te ubedi kako imaš gomilu virusa i da kupiš neki lažni AV.
    Inače, najveći broj ovih infekcija nastaje na sajtovima za odrasle ( 8-), ne kažem da je to i ovde bio slučaj, već samo napominjem )

    Što se tiče softvera, mogao bi eventualno da instaliraš firewall ili bar drži Win. FW aktiviran.
    Windows firewall mi je aktiviran , mozda cu instalirati neki drugi ,mozda Zone Alarm.Videcu .
    Jos jednom HVALA!

Slične teme

  1. Problem sa win32/netsky.z.worm
    Autor zorba2907 u forumu Sigurnost i zaštita
    Odgovora: 3
    Poslednja poruka: 27.04.2005., 13:59
  2. NetSky worm problem
    Autor peleplay u forumu Sigurnost i zaštita
    Odgovora: 5
    Poslednja poruka: 06.06.2004., 23:18
  3. Win32:Netsky-D.wrm
    Autor dd u forumu Sigurnost i zaštita
    Odgovora: 3
    Poslednja poruka: 01.04.2004., 08:16

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •