PC Ekspert Forum

PC Ekspert Forum (https://forum.pcekspert.com/index.php)
-   Softverski problemi (https://forum.pcekspert.com/forumdisplay.php?f=42)
-   -   start/stop procesa explorer.exe (https://forum.pcekspert.com/showthread.php?t=72073)

rev01 14.06.2007. 20:23
start/stop procesa explorer.exe
 
pozdrav,

eto svaki put kad pokusam pokrenut proces explorer.exe (i kod botanja windowsa) traje 2-3 sec i onda jednostavno crkne..

upalim taskmanager i tamo idem na novi proces i upisem explorer.exe i opet tako u nedogled.. skenirao sam sa nodom32 i nasao je 2 trojanca koje sam maknuo ali to se i dalje desava zato bi zamolio ljude na ovom forumu za pomoc

http://www.gamer.hr/phpBB/images/smiles/icon_cheers.gif

ima neki proces koji se na kratko pojavljuje i onda nestaje - vercslid.exe probo sam malo guglat ali igleda bezopasno

moze pomoc? imam winxp sp2

thnx unaprijed.

WichitaQ 14.06.2007. 20:34
Jesi radio neki update slučajno? Nađi taj vercslid.exe i ako nekako moš samo ga premjesti ili preimenuj u vercslid.old.
Ovdje imaš nešto o tome, pa ako pomogne...

rev01 14.06.2007. 22:16
TROJ_CONHOOK.AE Details: This Trojan may be downloaded from the Internet or dropped by other malware programs on a machine. Installation and Autostart Upon execution, this Trojan drops a copy of itself as %System%\{5 random characters}.dll. (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) It injects itself to legitimate processes like WINLOGON.EXE and EXPLORER.EXE to avoid detection and to ensure its automatic execution at every system startup. It creates the following registry key to ensure its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon\Notify\{5 random characters} (Note: The registry key is the same as the malware file name) It also creates the following registy keys as part of its installation routine: HKEY_CLASSES_ROOT\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Payload This Trojan connects to the following Web sites in an attempt to download possibly malicious files: * http://{BLOCKED}huistov.net/cgi-bin/check/autoaff3 * http://202.67.{BLOCKED}.235/cgi-bin/check/autoaff3 However, as of this writing, the said URLs are inaccessible. Affected Platforms This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003. to bi trebalo bit to samo kako se rijesit toga..?http://forum.pcekspert.com/images/smilies/chears.gif :chears:

greenfly 14.06.2007. 22:30
Baci oko : OVDJE

rev01 14.06.2007. 22:46
da od tamo sam ja to copy/paste al me zanjima kako mogu rijesit to.. probao sam ovo da mi stopira a nemam cd od wina tu.. dakle prvo sam isao na onaj notify i tamo sam izbrisao one keyeve u regeditu i onda sam izbrisao ona ostala 3-4 kljuca i restartao da vidim ako ce mi se opet upalit ti keyevi i opet su bili upaljeni

greenfly 14.06.2007. 22:50
Možda bi mogao postat log od hijacka na forum ,,,netko će ti zasigurno pomoć----tutix, vjerovatno:goood:

rev01 14.06.2007. 23:06
Logfile of HijackThis v1.99.1
Scan saved at 23:04:00, on 14.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Programs\Nod32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Xfire\Xfire.exe
e:\Programs\Nod32\nod32.exe
e:\Programs\Nod32\nod32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [nod32kui] "e:\Programs\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3110CCFD-455F-45B7-88BD-C1768A29521B}: NameServer = 161.53.114.145 161.53.114.135
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - e:\Programs\Nod32\nod32krn.exe





inace skuzio sam koja 2 fajla su infectana e sad kako ih maknuti, htio bih neki programcic ili slicno uglavnom

WINDOWS/system32 - fccawxv.dll - variant of Win32/Generik Trojan
WINDOWS/system32 - jkhhh.dll - variant of Win32/adware.virtumonde.FP application


trebam ih izbrisat :)

greenfly 14.06.2007. 23:10
Jesi probao sa nodom , i spybotom i adaware-om u safe modu sa isključenim system restore,,,ako nisi - probaj. Možeš sa Unlockerom skužit koji ti proces koristi ta dva fajla u syst.32 ,,ugasit ga i obrisat fajlove .....!!!

Naravno ako ta dva fajla ne koriste neki procesi koji trebaju XP-u za rad,,,


Sva vremena su GMT +2. Sada je 06:47.

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© 1999-2024 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger