trojanac Krepper
Prikazujem rezultate 1 do 4 od 4

Tema: trojanac Krepper

  1. #1
    Početnik
    Učlanjen
    29.10.2004.
    Pol
    muški
    Lokacija
    Beograd
    Poruke
    16
    Reputaciona moć
    0

    Podrazumevano trojanac Krepper

    nedavno je komp sa XP-om poceo da brljavi, sam otvara konekciju, prijavljuje mi neispravan windows explorer, imao sam Norton ali on mi nije prijavljivao nista pa sam probao sa raznim spy cistacima i nista, ali nakon instalacije AVG-a i skeniranja katastrofa :shock: sve je on nasao ali ne moze da ga ocisti vec trazi startovanje AVG for Windows on mi i dalje izbacuje beskonacne ikone da ne moze da ocisti zarazene fajlove.
    Svaka pomoc bi mi dobrodosla !



  2. #2
    Iskusan codemaker (avatar)
    Učlanjen
    05.04.2004.
    Lokacija
    Beograd
    Poruke
    6.416
    Reputaciona moć
    0

    Podrazumevano

    O trojancu:
    Molim te da sve sto pise procitas pazljivo i nemoj da me krivis ako nesto podje naopako. Izgleda da je ovaj Trojanac veoma z*ban...
    Poseti i link:
    http://www.scanspyware.net/info/Krepper-G.htm
    gde ima neki program koji trojanca navodno uklanja.

    Postoji nekoliko podvrsta Krepper-a X,U,T,G,O,A i L
    Inace jedan od opisa je : "A hacker tool that is secretly installed on your PC and that allows the attacker to get almost complete control over your computer."
    Evo sta sam prikupio o tom trojancu:

    OVO JE PO MENI NAJSIGURNIJE ZA UKLANJANJE:
    *****************************
    Manual Removal:

    1. Kill these running processes with Task Manager:
    systemroot+\system\matrixhere.exe
    systemroot+\system\sysstartup.exe
    systemroot+\system32\matrixhere.exe
    systemroot+\system32\sysstartup.exe
    trojan.win32.krepper.a.exe
    trojan.win32.krepper.a_(120).exe

    2. Go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run.
    If you find the value HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\jopa, delete it and reboot the machine immediately.
    If you find the value HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\romahere, delete it and reboot the machine immediately.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\jopa, delete it and reboot the machine immediately.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\romahere, delete it and reboot the machine immediately.

    3. Unregister these DLLs with Regsvr32, then reboot:
    trojan.win32.krepper.o.dll
    trojan.win32.krepper.p.dll
    trojan.win32.krepper.p_(10).dll

    4. Remove these registry items (if present) with RegEdit:
    HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\jopa
    HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\romahere
    HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\jopa
    HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\romahere

    5. Remove these files (if present) with Windows Explorer:
    systemroot+\system\matrixhere.exe
    systemroot+\system\sysstartup.exe
    systemroot+\system32\matrixhere.exe
    systemroot+\system32\sysstartup.exe
    trojan.win32.krepper.a.exe
    trojan.win32.krepper.a_(120).exe
    trojan.win32.krepper.o.dll
    trojan.win32.krepper.p.dll
    trojan.win32.krepper.p_(10).dll
    ****************************




    Ima i daljih podataka na drugim mestima:
    **************
    This Trojan program is a Windows PE EXE file approximately 24KB in size, packed using PEC. The unpacked file is approximately 78KB in size.

    During the installation process, the Trojan creates a folder called 'inetdim' in the Windows root directory, and copies itself to this folder as 'services.exe'.

    The Trojan then registers itself in the system registry:

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "xp_system" = "%WinDir%\inetdim\services.exe"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "xp_system" = "%WinDir%\inetdim\services.exe"

    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "run" = "%WinDir%\inetdim\services.exe"

    This ensures that a copy of the Trojan will be launched each time the victim machine is rebooted.

    The Trojan also creates the following values in the system registry:

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Enable Browser Extensions = "yes"

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\(5321E378-FFAD-4999-8C62-03CA8155F0B3)]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains]

    The Trojan is capable of downloading and launching files from the Internet on the victim machine. It also downloads a program from the AdvWare class to the victim machine; this program then directs the Internet browser on the victim machine to a portal where other types of AdvWare and other versions of the Trojan will be downloaded to the infected system.

    ******




    A ima i ovih podataka na opet nekom drugom msetu:
    *********************
    winlogon.exe - Here is the scoop on Krepper-G Trojan. The big question: what is winlogon.exe and is it spyware, a trojan and if so, how do I get rid of Krepper-G Trojan?
    winlogon.exe (Krepper-G Trojan) - Details

    If a process named winlogon.exe is running on your computer, you have been infected with a strain of the Krepper-G trojan.

    winlogon.exe is considered to be a security risk, not only because antivirus programs flag Krepper-G Trojan as a trojan, but also because other sites consider it a Trojan as well.

    Krepper-G Trojan is likely a Trojan and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of winlogon.exe may cause serious harm to your system and will likely cause a number of problems, loss of data, loss of control or leaking private information.

    You should visit our free spyware removal page to make sure your system does not have other programs like winlogon.exe.
    WINLOGON.EXE - Disclaimer

    Every attempt has been made to provide you with the correct information for winlogon.exe or KREPPER-G TROJAN. If we missed the mark, we would greatly appreciate your help by dropping us a comment and we'll promptly correct it.

    **************



    ********** JOS JEDAN PRDLOG ZA UKLANJANJE
    Manual Detection & Removal
    of Krepper-G
    It is recommended to take a backup of Registry before following manual instructions. The best solution for taking backup is creating a System Restore Point before following the instructions below. Please note that ScanSpyware uses certain other rules for detection and removal of spyware from your PC, which results in 100% accuracy in removal process. Only use the below given information for spyware removal if you are sure about what you are doing.

    1. Delete the following directories:
    INETDATA
    Services

    2.Delete the following files:
    SERVICES.EXE
    Winlogon.exe

    3.Delete the folowing registr keys:
    {5321E378-FFAD-4999-8C62-03CA8155F0B3}
    {5321E378-FFAD-4999-8C62-03CA8155F0B3}
    {5321E378-FFAD-4999-8C62-03CA8155F0B3}

    4. Delete the following registry values:
    XP_System
    XP_System
    ***********

    Ajd' javi sta si uradio...

  3. #3
    Početnik
    Učlanjen
    29.10.2004.
    Pol
    muški
    Lokacija
    Beograd
    Poruke
    16
    Reputaciona moć
    0

    Podrazumevano

    U mom slucaju nije bilo pomoci jer kad sam probao ovo da uradim obavestava me da mi je ostecen neki fajl iz sistema32 tako da sam odmah ocistio ceo sistem i krenuo od pocetka.srecom neke podatke sam ranije skinuo tako da nije bilo strasno u svakom slucaju hvala i puno pozdrava !

  4. #4
    Iskusan codemaker (avatar)
    Učlanjen
    05.04.2004.
    Lokacija
    Beograd
    Poruke
    6.416
    Reputaciona moć
    0

    Podrazumevano

    Bolje i tako, bar ces "iz cistog" da krenes

Slične teme

  1. Trojanac
    Autor Zverko1986 u forumu Programiranje
    Odgovora: 9
    Poslednja poruka: 21.03.2006., 16:17
  2. trojanac problem
    Autor Zool u forumu Sigurnost i zaštita
    Odgovora: 13
    Poslednja poruka: 28.11.2005., 15:07
  3. TROJANAC
    Autor dejaj u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 10.10.2004., 00:38
  4. trojanac
    Autor someone* u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 16.06.2004., 00:06
  5. The trojanac
    Autor XL u forumu Sigurnost i zaštita
    Odgovora: 13
    Poslednja poruka: 03.05.2004., 18:27

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •