Facebook locked - Chrome malware

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U prilogu su izvještaji po koracima:


Korak 1.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by WINXPSP3 at 2013-10-09 17:37:44 Run:1
Running from C:\Documents and Settings\WINXPSP3\Desktop\sajt
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
MountPoints2: {73cd245f-d73e-11e1-a02f-00e07d9768df} - F:\silent.exe
C:\Documents and Settings\Administrator\NEWB5E.tmp.exe
C:\Documents and Settings\Default User\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\NEWB5E.tmp.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\18vwc9qb.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Execute2App.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Kies2RemoveAll.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\ONAIRSetup4.0.0.905.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\vlc-2.0.7-win32.exe
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
CMD: ipconfig /flushdns
*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cd245f-d73e-11e1-a02f-00e07d9768df} => Key deleted successfully.
HKCR\CLSID\{73cd245f-d73e-11e1-a02f-00e07d9768df} => Key not found.
C:\Documents and Settings\Administrator\NEWB5E.tmp.exe => Moved successfully.
C:\Documents and Settings\Default User\NEWB5E.tmp.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\NEWB5E.tmp.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\18vwc9qb.dll => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Execute2App.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Kies2RemoveAll.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\ONAIRSetup4.0.0.905.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\SpOrder.dll => Moved successfully.
C:\Documents and Settings\WINXPSP3\Local Settings\Temp\vlc-2.0.7-win32.exe => Moved successfully.
"C:\WINDOWS" => ":nlsPreferences " ADS not found.
C:\Documents and Settings\All Users\Application Data\Temp => ":D1B5B4F1 " ADS removed successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


==== End of Fixlog ====

Korak 2.

Failed.

Pokrenut Combofix, izvršena instalacija Recovery Console, nešto više od 10 minuta je trajala. Računar se restartovao 2 puta, svaki put uz blue screen. Nakon pokretanja, nema izvještaja o skeniranju. Tada sam ga i ja 2 puta restartovao, međutim izvještaj ne dolazi. Takođe izvještaja nema ni na C ni na D particiji.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix nece da radi, zato sto imas modifikovanu verziju Windows-a. Inace, u prilozenim izvestajima nema tragova malware-a, koji ukazuju na problem sa Chrome-om. No izvrsicemo jos jednu proveru:



Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poštovani,

u nastavku je MBAM izvještaj:

Malwarebytes Anti-Malware 1.75.0.1300
malwarebytes.org

Database version: v2013.10.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
WINXPSP3 :: PC-E1A9268535A6 [administrator]

10.10.2013 18:57:27
mbam-log-2013-10-10 (18-57-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262912
Time elapsed: 29 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
D:\My Documents\Downloads\ADBE_CS5_MasterKeygen.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Flash_Menu_Factory_1.1.rar (Trojan.Agent.gen) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Flash_Menu_Factory_1.1Patch.rar (Trojan.Agent.gen) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Wondershare_QuizCreator_4.0.1+Patch_AZD.rar ((zabranjeno)Tool.Agent) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\Real Hide IP v4.2.9.2.rar (PUP.Riskware.Patcher) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\CS5MasterKeygen.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\WINDOWS\AutoKMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kao sto rekoh, racunar je cist,.

Kakvo je sada stanje sa Facebook-om?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isto. I dalje prikazuje upozorenje. Pogasio sam sve dodatke (u slučaju da je do njih).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne znam kako da ti pomognem, tvoj sistem je cist, tako da to ne pravi problem. Vidi da li ti je se neko drugi logovao na nalog, mozda je kod njega problem. Ili sacekaj jos koji dan, obicno taj lock naloga traje 7 dana.




Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings

Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije mogao niko drugi s obzirom da sam uključio prepoznavanje browsera, slanje koda na telefon i trusted contacts.

Hvala na iscrpnoj pomoći.

Svako dobro,
pozdrav.