start/stop procesa explorer.exe

rev01 · 14.06.2007., 20:23

pozdrav,

eto svaki put kad pokusam pokrenut proces explorer.exe (i kod botanja windowsa) traje 2-3 sec i onda jednostavno crkne..

upalim taskmanager i tamo idem na novi proces i upisem explorer.exe i opet tako u nedogled.. skenirao sam sa nodom32 i nasao je 2 trojanca koje sam maknuo ali to se i dalje desava zato bi zamolio ljude na ovom forumu za pomoc

ima neki proces koji se na kratko pojavljuje i onda nestaje - vercslid.exe probo sam malo guglat ali igleda bezopasno

moze pomoc? imam winxp sp2

thnx unaprijed.

WichitaQ · 14.06.2007., 20:34

Jesi radio neki update slučajno? Nađi taj vercslid.exe i ako nekako moš samo ga premjesti ili preimenuj u vercslid.old.
Ovdje imaš nešto o tome, pa ako pomogne...

rev01 · 14.06.2007., 22:16

TROJ_CONHOOK.AE Details: This Trojan may be downloaded from the Internet or dropped by other malware programs on a machine. Installation and Autostart Upon execution, this Trojan drops a copy of itself as %System%\{5 random characters}.dll. (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) It injects itself to legitimate processes like WINLOGON.EXE and EXPLORER.EXE to avoid detection and to ensure its automatic execution at every system startup. It creates the following registry key to ensure its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon\Notify\{5 random characters} (Note: The registry key is the same as the malware file name) It also creates the following registy keys as part of its installation routine: HKEY_CLASSES_ROOT\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Payload This Trojan connects to the following Web sites in an attempt to download possibly malicious files: * http://{BLOCKED}huistov.net/cgi-bin/check/autoaff3 * http://202.67.{BLOCKED}.235/cgi-bin/check/autoaff3 However, as of this writing, the said URLs are inaccessible. Affected Platforms This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003. to bi trebalo bit to samo kako se rijesit toga..?http://forum.pcekspert.com/images/smilies/chears.gif

greenfly · 14.06.2007., 22:30

Baci oko : OVDJE

rev01 · 14.06.2007., 22:46

da od tamo sam ja to copy/paste al me zanjima kako mogu rijesit to.. probao sam ovo da mi stopira a nemam cd od wina tu.. dakle prvo sam isao na onaj notify i tamo sam izbrisao one keyeve u regeditu i onda sam izbrisao ona ostala 3-4 kljuca i restartao da vidim ako ce mi se opet upalit ti keyevi i opet su bili upaljeni

greenfly · 14.06.2007., 22:50

Možda bi mogao postat log od hijacka na forum ,,,netko će ti zasigurno pomoć----tutix, vjerovatno

rev01 · 14.06.2007., 23:06

Logfile of HijackThis v1.99.1
Scan saved at 23:04:00, on 14.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Programs\Nod32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Xfire\Xfire.exe
e:\Programs\Nod32\nod32.exe
e:\Programs\Nod32\nod32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [nod32kui] "e:\Programs\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3110CCFD-455F-45B7-88BD-C1768A29521B}: NameServer = 161.53.114.145 161.53.114.135
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - e:\Programs\Nod32\nod32krn.exe

inace skuzio sam koja 2 fajla su infectana e sad kako ih maknuti, htio bih neki programcic ili slicno uglavnom

WINDOWS/system32 - fccawxv.dll - variant of Win32/Generik Trojan
WINDOWS/system32 - jkhhh.dll - variant of Win32/adware.virtumonde.FP application

trebam ih izbrisat

greenfly · 14.06.2007., 23:10

Jesi probao sa nodom , i spybotom i adaware-om u safe modu sa isključenim system restore,,,ako nisi - probaj. Možeš sa Unlockerom skužit koji ti proces koristi ta dva fajla u syst.32 ,,ugasit ga i obrisat fajlove .....!!!

Naravno ako ta dva fajla ne koriste neki procesi koji trebaju XP-u za rad,,,

14.06.2007., 20:23	#1
rev01 Registered User Datum registracije: Jun 2007 Lokacija: sadas Postovi: 8	start/stop procesa explorer.exe pozdrav, eto svaki put kad pokusam pokrenut proces explorer.exe (i kod botanja windowsa) traje 2-3 sec i onda jednostavno crkne.. upalim taskmanager i tamo idem na novi proces i upisem explorer.exe i opet tako u nedogled.. skenirao sam sa nodom32 i nasao je 2 trojanca koje sam maknuo ali to se i dalje desava zato bi zamolio ljude na ovom forumu za pomoc ima neki proces koji se na kratko pojavljuje i onda nestaje - vercslid.exe probo sam malo guglat ali igleda bezopasno moze pomoc? imam winxp sp2 thnx unaprijed.

14.06.2007., 20:34	#2
WichitaQ Soul Eater Datum registracije: Jan 2007 Lokacija: Isolated Postovi: 538	Jesi radio neki update slučajno? Nađi taj vercslid.exe i ako nekako moš samo ga premjesti ili preimenuj u vercslid.old. Ovdje imaš nešto o tome, pa ako pomogne...

14.06.2007., 22:16	#3
rev01 Registered User Datum registracije: Jun 2007 Lokacija: sadas Postovi: 8	TROJ_CONHOOK.AE Details: This Trojan may be downloaded from the Internet or dropped by other malware programs on a machine. Installation and Autostart Upon execution, this Trojan drops a copy of itself as %System%\{5 random characters}.dll. (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) It injects itself to legitimate processes like WINLOGON.EXE and EXPLORER.EXE to avoid detection and to ensure its automatic execution at every system startup. It creates the following registry key to ensure its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon\Notify\{5 random characters} (Note: The registry key is the same as the malware file name) It also creates the following registy keys as part of its installation routine: HKEY_CLASSES_ROOT\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Payload This Trojan connects to the following Web sites in an attempt to download possibly malicious files: * http://{BLOCKED}huistov.net/cgi-bin/check/autoaff3 * http://202.67.{BLOCKED}.235/cgi-bin/check/autoaff3 However, as of this writing, the said URLs are inaccessible. Affected Platforms This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003. to bi trebalo bit to samo kako se rijesit toga..?http://forum.pcekspert.com/images/smilies/chears.gif

14.06.2007., 22:30	#4
greenfly Od nonine sestre kunjado Moj komp Datum registracije: Dec 2006 Lokacija: (Vinjro) Postovi: 1,130	Baci oko : OVDJE

14.06.2007., 22:46	#5
rev01 Registered User Datum registracije: Jun 2007 Lokacija: sadas Postovi: 8	da od tamo sam ja to copy/paste al me zanjima kako mogu rijesit to.. probao sam ovo da mi stopira a nemam cd od wina tu.. dakle prvo sam isao na onaj notify i tamo sam izbrisao one keyeve u regeditu i onda sam izbrisao ona ostala 3-4 kljuca i restartao da vidim ako ce mi se opet upalit ti keyevi i opet su bili upaljeni

14.06.2007., 22:50	#6
greenfly Od nonine sestre kunjado Moj komp Datum registracije: Dec 2006 Lokacija: (Vinjro) Postovi: 1,130	Možda bi mogao postat log od hijacka na forum ,,,netko će ti zasigurno pomoć----tutix, vjerovatno

14.06.2007., 23:06	#7
rev01 Registered User Datum registracije: Jun 2007 Lokacija: sadas Postovi: 8	Logfile of HijackThis v1.99.1 Scan saved at 23:04:00, on 14.6.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe e:\Programs\Nod32\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Xfire\Xfire.exe e:\Programs\Nod32\nod32.exe e:\Programs\Nod32\nod32.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Admin\Desktop\HijackThis.exe O4 - HKLM\..\Run: [nod32kui] "e:\Programs\Nod32\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3110CCFD-455F-45B7-88BD-C1768A29521B}: NameServer = 161.53.114.145 161.53.114.135 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - e:\Programs\Nod32\nod32krn.exe inace skuzio sam koja 2 fajla su infectana e sad kako ih maknuti, htio bih neki programcic ili slicno uglavnom WINDOWS/system32 - fccawxv.dll - variant of Win32/Generik Trojan WINDOWS/system32 - jkhhh.dll - variant of Win32/adware.virtumonde.FP application trebam ih izbrisat

14.06.2007., 23:10	#8
greenfly Od nonine sestre kunjado Moj komp Datum registracije: Dec 2006 Lokacija: (Vinjro) Postovi: 1,130	Jesi probao sa nodom , i spybotom i adaware-om u safe modu sa isključenim system restore,,,ako nisi - probaj. Možeš sa Unlockerom skužit koji ti proces koristi ta dva fajla u syst.32 ,,ugasit ga i obrisat fajlove .....!!! Naravno ako ta dva fajla ne koriste neki procesi koji trebaju XP-u za rad,,,

Oglasni prostor
PC Ekspert Forum Oglas

Oglasni prostor
PC Ekspert Forum Oglas