trojanci...

FERRYS · 11.07.2004., 23:01

TROJ_ALCEMIC.A
TROJ_AGENT.AE
i jos jedan imam gore, sam neke tri tockice, nema naziva
imam pc-cillin sa svim updatevima al nemoze ih uklonit.
kako ih najjednostavnije uklonit?

Costa · 11.07.2004., 23:18

Vjerovatno ih ne moze ukloniti jer su pokrenuti. Iskljuci sve sto mozes u TaskManageru pa probaj opet. Ili mozda pomogne bootanje u safe modu.

FERRYS · 11.07.2004., 23:28

ak mislis skeniranje u safe modu - odpada, nemogu pokrenut anti virus

Costa · 12.07.2004., 10:31

Ajd napravi scan HijackThisom, cisto da vidim sto ti radi i sto je stavljeno u startup.

HijackThis
Prikazuje sumnjive informacije te ih sredjuje ovisno o tome sto korisnik odabire - (Ak' se ne kuzite u software, najbolje je postati log na newse ili neki forum gdje ce vam drugi reci sto oznaciti za popravak) (154KB)

* Pokrenete HijackThis i stisnete SCAN
* Kad izlista podatke stisnete SAVE LOG
* Copy - pastate text iz log filea na PC Expert ili SpywareInfo
* Kazemo vam sto treba maknuti
* Opet pokrenete HT, oznacite nepozeljno i stisnete FIX CHECKED

Black Dragon · 12.07.2004., 11:15

http://www.a-2.org/ alat specijalizirn za lov na trojane (postoji free verzija) nasljednik starog i poznatog Ant-Trojana ...

FERRYS · 19.07.2004., 12:32

evo ovako stvari stoje;

Logfile of HijackThis v1.97.7
Scan saved at 12:28:44, on 19.7.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\znyqwu.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
C:\Documents and Settings\MARIN\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3441
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3441
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3441
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MARIN\Application Data\Mozilla\Profiles\default\8n4zgq35.slt\prefs.js)
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [rtmhaunxu] C:\WINDOWS\System32\znyqwu.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E42ACA56-3DE8-43DC-9F81-32A893E52FE8}: NameServer = 161.53.114.145 161.53.114.135

oyilla · 21.07.2004., 19:13

dodji sutra po uputnicu

Costa · 21.07.2004., 19:47

Najprije izgasi preko TaskManagera:
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\znyqwu.exe
C:\Program Files\WindowsSA\omniscient.exe

Zatim sredi:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3441
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3441
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3441
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O4 - HKLM\..\Run: [rtmhaunxu] C:\WINDOWS\System32\znyqwu.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab

FERRYS · 23.07.2004., 10:24

ljudi, ne trudite se, dao sam mu pravi lijek, format c:

Costa · 23.07.2004., 11:02

Citiraj:

Originally posted by FERRYS
ljudi, ne trudite se, dao sam mu pravi lijek, format c:

A sad pogledaj http://forum.pcekspert.com/showthrea...&threadid=9637 i ne daj se opet u tu situaciju.

BTW za to sto si imao je dovoljno da IE-om posjetis stranicu prilagodjenu nekim propustima

Bas sam probao jedan dan- Posjetis, dobijes dodatni program koji koji se malo kasnije pokrene.

Sve automatizirano da ne bi slucajno neki korisnik morao kliktati :clap:

11.07.2004., 23:01	#1
FERRYS AutoCad & Allplan expert Moj komp Datum registracije: Jan 2004 Lokacija: Zagreb-Karlovac i okilica Postovi: 2,159	trojanci... TROJ_ALCEMIC.A TROJ_AGENT.AE i jos jedan imam gore, sam neke tri tockice, nema naziva imam pc-cillin sa svim updatevima al nemoze ih uklonit. kako ih najjednostavnije uklonit? __________________ none

11.07.2004., 23:18	#2
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Vjerovatno ih ne moze ukloniti jer su pokrenuti. Iskljuci sve sto mozes u TaskManageru pa probaj opet. Ili mozda pomogne bootanje u safe modu. __________________ Duke Nukem 3D online igranje TUTORIAL

11.07.2004., 23:28	#3
FERRYS AutoCad & Allplan expert Moj komp Datum registracije: Jan 2004 Lokacija: Zagreb-Karlovac i okilica Postovi: 2,159	ak mislis skeniranje u safe modu - odpada, nemogu pokrenut anti virus __________________ none

12.07.2004., 10:31	#4
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Ajd napravi scan HijackThisom, cisto da vidim sto ti radi i sto je stavljeno u startup. HijackThis Prikazuje sumnjive informacije te ih sredjuje ovisno o tome sto korisnik odabire - (Ak' se ne kuzite u software, najbolje je postati log na newse ili neki forum gdje ce vam drugi reci sto oznaciti za popravak) (154KB) * Pokrenete HijackThis i stisnete SCAN * Kad izlista podatke stisnete SAVE LOG * Copy - pastate text iz log filea na PC Expert ili SpywareInfo * Kazemo vam sto treba maknuti * Opet pokrenete HT, oznacite nepozeljno i stisnete FIX CHECKED __________________ Duke Nukem 3D online igranje TUTORIAL

12.07.2004., 11:15	#5
Black Dragon Premium Moj komp Datum registracije: Dec 2002 Lokacija: Agram Postovi: 2,973	http://www.a-2.org/ alat specijalizirn za lov na trojane (postoji free verzija) nasljednik starog i poznatog Ant-Trojana ... __________________ Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. *Some men just want to watch the world burn*.

19.07.2004., 12:32	#6
FERRYS AutoCad & Allplan expert Moj komp Datum registracije: Jan 2004 Lokacija: Zagreb-Karlovac i okilica Postovi: 2,159	evo ovako stvari stoje; Logfile of HijackThis v1.97.7 Scan saved at 12:28:44, on 19.7.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\znyqwu.exe C:\Program Files\WindowsSA\omniscient.exe C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE C:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE C:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE C:\Documents and Settings\MARIN\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3441 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MARIN\Application Data\Mozilla\Profiles\default\8n4zgq35.slt\prefs.js) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [rtmhaunxu] C:\WINDOWS\System32\znyqwu.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E42ACA56-3DE8-43DC-9F81-32A893E52FE8}: NameServer = 161.53.114.145 161.53.114.135 __________________ none

21.07.2004., 19:13	#7
oyilla Soul Brother Datum registracije: Apr 2004 Lokacija: Split Postovi: 153	dodji sutra po uputnicu __________________ hp nx 7010

21.07.2004., 19:47	#8
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Najprije izgasi preko TaskManagera: C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\znyqwu.exe C:\Program Files\WindowsSA\omniscient.exe Zatim sredi: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3441 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing) O4 - HKLM\..\Run: [rtmhaunxu] C:\WINDOWS\System32\znyqwu.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab __________________ Duke Nukem 3D online igranje TUTORIAL

23.07.2004., 10:24	#9
FERRYS AutoCad & Allplan expert Moj komp Datum registracije: Jan 2004 Lokacija: Zagreb-Karlovac i okilica Postovi: 2,159	ljudi, ne trudite se, dao sam mu pravi lijek, format c: __________________ none

Oglasni prostor
PC Ekspert Forum Oglas