spam bot na FB, help!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Help!

Pre sat vremena mi se na chat javila moja prijateljica i počela na engleskom da četuje sa mnom. Poslala mi je link Youtube na kome se nalazi nešto ''terible'' vezano za mene. Pokušao sam to da otvorim i Avira mi je prijavila virus.

Sada mi se javlja jedan moj drug i pita me - ''šta to četuješ na engleskom sa mnom?''. Očigledno je neko mene uzeo na nišan.

U međuvremnu, ne mogu preko Opere da pristupim FB, a sa Mozile mi kaže da imaju privremene sigurnosne probleme i da sačekam.

O čemu je reč?


Na mozili mi izbacuje ovo>

Sorry, we are experiencing temporary technical problem, please check back later.

...a na Operi ni da mrdne.




Zamolio sam prijatelja da sa svog kompa pokuša da uđe na moj nalog. Ušao je i na njemu našao krš i lom od poruka. Ostavio je u moje ime poruku izvinjenja drugima.

Inače, aviru ne mogu da aktiviram da skenira jer mi ona, kada kliknem na nju izbaci crveno upozorenje:

ENHANCHED PROTECTION MODE
Atention!

AviraAntivir operatles under enhanced ptotection mode. This is a temporary measure necessary for immediate response to the treat from virus.

No action is required from you.

PS
Kako sam naleteo, kao ovca...

• 4Ovo se svidja korisnicima: KlinkaPalacinka, Sirius, CyberSrbin032, ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Pa zar i ti sine Brute

Isprati ovo uputstvo i postavi odgovarajuce logove.
[Link mogu videti samo ulogovani korisnici]

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Jao, bruka moja, posle ovoliko frontovskih borbi, padnem na prozaičnom štosu.

Evo fajla:
[Link mogu videti samo ulogovani korisnici]

Vita jela, zelen bor...Nadam se da nije ništa strašno. Sa laptopa sam ušao na moj profil i imao sam šta da vidim - ljudi me ''gledaju'' belo, u stilu - šta nam ovo pišeš...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Na desktopu mora da se nalazi notepad sa imenom OTL.txt
Taj mi je potreban.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Jeste , izvini. Ovaj mi se prvi otvorio, a u ovoj guzvi od ikonica nisam OTL ni spazio. Evo ga.

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, idemo ovim redom.

Prvo deisntalacija:
ASk
Babylon
Conduit Engine

-------------------------------------------


Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

:processes
killallprocesses

:OTL
PRC - [2011-07-22 13:52:52 | 000,110,592 | ---- | M] () -- C:\Windows\l1rezerv.exe
PRC - [2011-07-22 13:52:44 | 000,114,176 | ---- | M] () -- C:\Windows\systemup.exe
PRC - [2011-07-22 13:49:41 | 000,249,344 | ---- | M] () -- C:\Windows\sysdriver32.exe
PRC - [2011-07-08 19:02:59 | 000,158,720 | ---- | M] () -- C:\Users\Dragi\AppData\Local\Temp\Adm.exe
PRC - [2011-07-08 19:02:57 | 000,152,064 | ---- | M] () -- C:\Windows\Agejaa.exe
O4 - HKLM..\Run: [11549374-loader2.exe] C:\Windows\Temp\11549374-loader2.exe ()
O4 - HKLM..\Run: [14829898-loader2.exe] C:\Windows\Temp\14829898-loader2.exe ()
O4 - HKLM..\Run: [2631744.exe] C:\Windows\Temp\2631744.exe ()
O4 - HKLM..\Run: [5684100.exe] C:\Windows\Temp\5684100.exe ()
O4 - HKLM..\Run: [7915717.exe] C:\Users\Dragi\AppData\Local\Temp\7915717.exe ()
O4 - HKLM..\Run: [989889.exe] C:\Windows\Temp\989889.exe ()
O4 - HKLM..\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-8-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKCU..\Run: [SQ4DY0FH7F] C:\Users\Dragi\AppData\Local\Temp\Adm.exe ()
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe




:files
C:\Windows\update.2
C:\Windows\update.5.0
C:\Windows\update.tray-8-0
C:\Windows\update.1

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[resethosts]
[Reboot]

Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.

---------------------------------------------------------------


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo dole si mi lepo opisao i to ću odratiti, već sam to par puta radio.

Međutim, ne znam korake za ovo što si mi rekao:

Prvo deisntalacija:
ASk
Babylon
Conduit Engine

Odakle da to deinstališem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odradi ti prvo ovo sto je potrebno, da se resimo malware-a, posle cemo deinstalirati te toolbare.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

All processes killed
========== PROCESSES ==========
No active process named :OTL was found!
No active process named l1rezerv.exe was found!
No active process named systemup.exe was found!
Process sysdriver32.exe killed successfully!
No active process named Adm.exe was found!
No active process named Agejaa.exe was found!
No active process named 11549374-loader2.exe was found!
No active process named 14829898-loader2.exe was found!
No active process named 2631744.exe was found!
No active process named 5684100.exe was found!
No active process named 7915717.exe was found!
No active process named 989889.exe was found!
No active process named l1rezerv.exe was found!
No active process named sysdriver32.exe was found!
No active process named sysdriver32_.exe was found!
No active process named systemup.exe was found!
No active process named Run: [tray_ico] File not found was found!
No active process named svchost.exe was found!
No active process named Run: [tray_ico1] File not found was found!
No active process named Run: [tray_ico2] File not found was found!
No active process named Run: [tray_ico3] File not found was found!
No active process named Run: [tray_ico4] File not found was found!
No active process named services32.exe was found!
No active process named Adm.exe was found!
No active process named Shell - "" = AutoRun was found!
No active process named Autorun.exe was found!
No active process named :files was found!
No active process named update.2 was found!
No active process named update.5.0 was found!
No active process named update.tray-8-0 was found!
No active process named update.1 was found!
No active process named :Commands was found!
No active process named [purity] was found!
No active process named [emptytemp] was found!
No active process named [EMPTYFLASH] was found!
No active process named [resethosts] was found!
No active process named [Reboot] was found!

OTL by OldTimer - Version 3.2.26.1 log created on 07222011_210156

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Drugi deo sa ComboFixom nisi odradio.