Virtumonde virus
Prikazujem rezultate 1 do 5 od 5

Tema: Virtumonde virus

  1. #1
    Početnik
    Učlanjen
    11.01.2007.
    Pol
    muški
    Lokacija
    Leskovac
    Poruke
    13
    Reputaciona moć
    0

    Podrazumevano Virtumonde virus

    koristim WIN XP SP2, takodje i avast koji mi prijavljuje sledecu infekciju:
    c:/windows/system32/jkklbtrl.dll
    Win32:Virtumonde-JA
    molim za pomoc! hvala

    Logfile of HijackThis v1.99.1
    Scan saved at 8:42:38, on 27.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\Config\csrss.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svehost.exe
    C:\WINDOWS\Config\csrss.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\lxdccoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\ana i andjela\Desktop\provera\provera.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {3AB79C07-8DB4-4A8F-ABF6-74839DF9590A} - C:\WINDOWS\system32\jkkLBtRl.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
    O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\tuvUNecA.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [684dcbcd] rundll32.exe "C:\WINDOWS\system32\mxnmeufm.dll",b
    O4 - HKLM\..\Run: [BM6b7ef851] Rundll32.exe "C:\WINDOWS\system32\mexicprq.dll",s
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\PROGRA~1\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\PROGRA~1\FLASHGET\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: tuvUNecA - C:\WINDOWS\SYSTEM32\tuvUNecA.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe



  2. #2
    Zainteresovan član Chvoro (avatar)
    Učlanjen
    23.10.2007.
    Pol
    muški
    Lokacija
    Kilimandzaro
    Poruke
    134
    Reputaciona moć
    39

    Podrazumevano Re: virtumonde virus

    Win32:Virtumonde-JA - trojanac
    Probaj sa Adware da ocistis www.lavasoftusa.com

  3. #3
    Početnik Rothschild (avatar)
    Učlanjen
    24.01.2008.
    Poruke
    46
    Reputaciona moć
    0

    Podrazumevano Re: virtumonde virus

    Evo nekoliko saveta:


    Pokreni HijackThis program, zatvori sve aktivne programe, kada zavrsi sa skeniranjem cekiraj ove linije i klikni "Fix Checked":

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    O2 - BHO: (no name) - {3AB79C07-8DB4-4A8F-ABF6-74839DF9590A} - C:\WINDOWS\system32\jkkLBtRl.dll (file missing)
    O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\tuvUNecA.dll
    O4 - HKLM\..\Run: [684dcbcd] rundll32.exe "C:\WINDOWS\system32\mxnmeufm.dll",b
    O4 - HKLM\..\Run: [BM6b7ef851] Rundll32.exe "C:\WINDOWS\system32\mexicprq.dll",s
    O20 - Winlogon Notify: tuvUNecA - C:\WINDOWS\SYSTEM32\tuvUNecA.dll



    Skini program "Vundofix" odavde-> http://vundofix.atribune.org/ i sacuvaj ga na Desktopu.
    Pokreni skeniranje sa Vundofixom, kada zavrsi klkni "Fix Vundo".
    Nakon zavrsenog skeniranja Vundofix ce sacuvati tekstualni fajl "vundofix.txt", potrazi ga i iskopiraj njegov sadrzaj ovde, obicno se nalazi ovde "C:\vundofix.txt".

    Skeniraj komp. sa BitDefender Online Scanner-> http://www.bitdefender.com/scan8/ie.html
    Da bi skenirao sistem moras da koristis Internet Explorer i da aktiviras "ActiveX Control".


    Restartuj kompjuter i postavi novi HijackThis log zajedno sa vundofix logom.
    Poslednji put ažurirao/la Rothschild : 27.04.2008. u 20:31

  4. #4
    Početnik
    Učlanjen
    11.01.2007.
    Pol
    muški
    Lokacija
    Leskovac
    Poruke
    13
    Reputaciona moć
    0

    Podrazumevano Re: virtumonde virus

    hvala na savetu i pomoći!

    Logfile of HijackThis v1.99.1
    Scan saved at 17:20:31, on 28.4.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\lxdccoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svehost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Documents and Settings\ana i andjela\Desktop\provera\provera.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0E830E77-4E2F-466B-8F15-BDAB464F170B} - C:\WINDOWS\system32\geBqPIbY.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
    O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\tuvUNecA.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtim e.dll,_RunDLLEntry@16
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\PROGRA~1\FLASHGET\jc_link.htm
    O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\PROGRA~1\FLASHGET\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: tuvUNecA - C:\WINDOWS\SYSTEM32\tuvUNecA.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

    a evo i vundoffix loga
    VundoFix V7.0.3

    Scan started at 21:14:08 27.4.2008

    Listing files found while scanning....

    C:\WINDOWS\system32\iilkxjwq.dll
    C:\WINDOWS\system32\qhaklnxw.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\iilkxjwq.dll
    C:\WINDOWS\system32\iilkxjwq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qhaklnxw.dll
    C:\WINDOWS\system32\qhaklnxw.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qhaklnxw.dll
    C:\WINDOWS\system32\qhaklnxw.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ovu liniju
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
    nisam uspeo da nadjem!
    da li sam ovo dobro odradio i šta dalje?
    pozz

  5. #5
    Početnik Rothschild (avatar)
    Učlanjen
    24.01.2008.
    Poruke
    46
    Reputaciona moć
    0

    Podrazumevano Re: virtumonde virus

    Odlicno, pa da nastavimo.

    Da li si skenirao sa BitDefender Online Scannerom i da li je nesto nasao?

    Skini SDFix odavde-> http://download.bleepingcomputer.com/andymanchesta/SDFix.exe i sacuvaj ga na Desktopu, ne pokreci ga jos.

    Moras da budes logovan kao administrator prilikom instaliranja ovog programa. Zatvori sve aktivne programe.

    Pokreni "SDFix.exe" i instaliraj program. Program ce se instalirati u "C:\SDFix".

    Restartuj kompjuter u Safe Mode sa administratorskim ovlascenjima. Ovde imas uputstvo za ulazak u Safe Mode-> http://forum.krstarica.com/showthread.php?t=58317

    Kada si usao u Safe Mode idi na Start -> Run -> i ukucaj ovo C:\SDFix\RunThis.bat i potvrdi sa OK. Pitace te da li zelis nastavis, ukucaj Y i lupi Enter na tastaturi.

    Program ce zapoceti skeniranje, ovo moze da potraje, na kraju ce ti program traziti da pretisnes bilo sta na tastaturi kako bi se restartovao.

    SDFix log (Report.txt) iskopiraj i postavi ovde zajedno sa novim HijackThis logom na kraju.


    Pokreni HijackThis program opet, zatvori sve aktivne programe, kada zavrsi sa skeniranjem cekiraj ovu liniju i klikni "Fix Checked":

    O2 - BHO: (no name) - {0E830E77-4E2F-466B-8F15-BDAB464F170B} - C:\WINDOWS\system32\geBqPIbY.dll

    Restartuj komp. i postavi novi HijackThis log sa SDFix logom.

    Pozdrav
    Poslednji put ažurirao/la Rothschild : 28.04.2008. u 21:39

Slične teme

  1. MSN virus
    Autor Maki_i_Boki u forumu Sigurnost i zaštita
    Odgovora: 2
    Poslednja poruka: 10.08.2008., 00:52
  2. virus ili..
    Autor nipikopolapafu u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 18.11.2007., 14:37
  3. Problem sa VIRTUMONDE trojancem pomagajte
    Autor jocazmaj u forumu Sigurnost i zaštita
    Odgovora: 13
    Poslednja poruka: 08.11.2007., 13:16
  4. šta je virus..int.
    Autor Pirat u forumu Sigurnost i zaštita
    Odgovora: 3
    Poslednja poruka: 29.02.2004., 18:33
  5. Da li je ovo virus ili....
    Autor absonic u forumu Sigurnost i zaštita
    Odgovora: 0
    Poslednja poruka: 29.02.2004., 13:00

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •