Tema: Setup.exe problem-virus
View Single Post
Staro 24.10.2006., 16:10   #7
reboot
Premium
 
Datum registracije: Jul 2005
Lokacija: Zgb
Postovi: 1,108
taman kad sam se isao pohvaliti da je sve okej, nije : hitthewa

problem se i dalje javlja. dakle probao sam skoro sve programe za koje sam znao ili koje ste preporucili.
na kraju sam odlucio vidjeti sto je uzrok pojavljivanja tog "setup.exe" filea koji je AV prepoznao kao virus.

S File monitorom sam pratio procese koji stvaraju ili mijenjaju fileove na hard disku i nasao sam, al nazalost ne znam sto znaci to sto sam dobio-

Citiraj:
3565391 14:41:34.945 System:4 FSCTL_REQUEST_BATCH_OPLOCK C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS
3565392 14:41:34.945 System:4 FASTIO_QUERY_NETWORK_OPEN_INFO C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS Attributes: Any
3565393 14:41:34.945 System:4 IRP_MJ_QUERY_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS FileEaInformation
3565394 14:41:34.945 System:4 IRP_MJ_QUERY_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS FileStreamInformation
3565395 14:41:34.945 System:4 IRP_MJ_QUERY_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS FileAttributeTagInformation
3565396 14:41:34.945 System:4 IRP_MJ_QUERY_SECURITY C:\Documents and Settings\All Users\Documents\setup.exe BUFFER OVERFLOW
3565397 14:41:34.945 System:4 IRP_MJ_QUERY_SECURITY C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS
3565398 14:41:35.005 System:4 IRP_MJ_QUERY_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS FileInternalInformation
3565399 14:41:35.075 System:4 IRP_MJ_QUERY_VOLUME_INFORMATION C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS SUCCESS FileFsAttributeInformation


3565544 14:41:35.626 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset: 68112384 Length: 65536
3565545 14:41:35.626 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset: 68177920 Length: 65536
3565546 14:41:35.626 System:4 IRP_MJ_SET_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS Length: 40960
3565547 14:41:35.646 System:4 IRP_MJ_WRITE* D:\pagefile.sys SUCCESS Offset: 69328896 Length: 65536


3565544 14:41:35.626 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset: 68112384 Length: 65536
3565545 14:41:35.626 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset: 68177920 Length: 65536
3565546 14:41:35.626 System:4 IRP_MJ_SET_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS Length: 40960
3565547 14:41:35.646 System:4 IRP_MJ_WRITE* D:\pagefile.sys SUCCESS Offset: 69328896 Length: 65536



3565669 14:41:35.986 System:4 FASTIO_WRITE C:\Documents and Settings\All Users\Documents\setup.exe FAILURE Offset: 0 Length: 4416
3565670 14:41:35.986 System:4 IRP_MJ_WRITE C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS Offset: 0 Length: 4416
3565671 14:41:35.986 System:4 FASTIO_CHECK_IF_POSSIBLE C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS Write: Offset: 4416 Length: 36544
3565672 14:41:35.986 System:4 FASTIO_PREPARE_MDL_WRITE C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS Offset: 4416 Length: 36544


3568045 14:41:39.301 System:4 FASTIO_MDL_WRITE_COMPLETE C:\Documents and Settings\All Users\Documents\setup.exe OK Offset: 4416


3568048 14:41:39.371 System:4 IRP_MJ_SET_INFORMATION C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS FileBasicInformation


3568050 14:41:39.431 System:4 IRP_MJ_CLEANUP C:\Documents and Settings\All Users\Documents\setup.exe SUCCESS
dakle ovo je proces koji je "stvorio" virus i uvijek ga nanovno stvara kad izbrisem sve primjerke virusa.
sta je to? koji program? driver?
reboot je offline   Reply With Quote