Jump to content
Sign in to follow this  
Arsenal_RULES

Et umulig virusproblem

Recommended Posts

Ja, desverre gikk jeg på en av de idiotiske epostene, så nå har jeg fått et forferdelig virusproblem.

 

AVG-FREE greier ikke å fikse dette, noen som har noen idéer?

Om det har noen betydning står det at viruset er en hidden extension.exe

Share this post


Link to post

I håp om at det kanskje hadde noe og si om jeg restartet, valgte jeg å restarte dataen. Det som skjedde nå var at virusprogrammet ikke finner viruset lengre.

 

Antar at det ikke gjør saken noe bedre!

Share this post


Link to post

Hmm, hva med å først klasifisere hva det er for en type malware?

 

Virus, trojan, spyware, adware, worm eller en kombinasjon av disse og mer?

 

Å prøve å jakte adware med antivirus fungerer ofte dårlig og det samme gjelder det motsatte.

 

Start med en hijackthislogg limt inn her i en spoiler.

Share this post


Link to post

Det var virusprogrammet som merket problemet. Jeg åpnet en sånn tragisk epost, som jeg tvilte veldig på at var noe annet enn et slags virus. Så etter at jeg restartet kjørte jeg spybot for å se om det var et problem den kunne løse, men det var ingen problemer på dataen min i følge spybot. Avg-free fant heller ingen problemer på dataen min.

 

Så jeg er ikke helt sikker på hva det er for noe med andre ord! Hvordan starter jeg med en hijackthislogg (limt inn her i en spoiler?!)?

Edited by Arsenal_RULES

Share this post


Link to post

Jeg tror du bør forklare steg for steg hva du gjorde og hva som har skjedd for å "åpne en tragisk epost" høres ikke alvorlig ut for meg.

 

Hijackthis laster du ned her. Kjør og lagre logg, kopier den og lim den inn i en [spoiler}[/spoiler} tag her.

Share this post


Link to post

Ja, det er sikkert ikke så alvorlig.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:32:06, on 22.07.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\LckFldService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\WinAce\WinAce.exe

C:\DOCUME~1\NoXstar\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F3 - REG:win.ini: run=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Opera.lnk = C:\Programfiler\Opera\Opera.exe

O4 - Startup: Snarvei til winamp.lnk = C:\Programfiler\Winamp\winamp.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office Outlook 2003 (2).lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp04.photoprintit.de/microsite/502...geUploader3.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2 - Unknown owner - C:\Documents and Settings\NoXstar\Skrivebord\xampp\apache\bin\apache.exe" -k runservice (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Aztlant - ATI Technologies Inc. - C:\WINDOWS\system32\drivers\atinxsxx.sys

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

Share this post


Link to post

Hei,

 

Det ser ut som at AVG fikset biffen.

 

Men du kan slette følgende med hijackthis:

 

F3 - REG:win.ini: run=

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...