MyCity » Ambulanta -> Arhiva Ambulante » Pomoc---kompjuter izgleda pun virusa

Pomoc---kompjuter izgleda pun virusa

Napisano na dan: 24.12.2009
3

Pomoc---kompjuter izgleda pun virusa
Pagination Prethodna strana

Idi na vrh

Poslao: 26 Dec 2009 17:19
Idi na vrh
offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

aha --- uradila sam ...

Poslao: 26 Dec 2009 18:58
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Pokrenuti USBNoRisk i sacekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{76576865-caf1-11de-b41f-00c0a8bb9012}
f_delete:%DRIVE%wsqaj.exe
f_delete:%DRIVE%wsqaj.scr
f_delete:%DRIVE%VIDEO~1.LNK
f_delete:%DRIVE%DOCUME~1.LNK
f_delete:%DRIVE%MUSIC~1.LNK
f_delete:%DRIVE%NEWFOL~1.LNK
f_delete:%DRIVE%PASSWO~1.LNK
f_delete:%DRIVE%PICTUR~1.LNK
folder_delete:%DRIVE%RECYCLER


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Poslao: 26 Dec 2009 19:26
Idi na vrh
offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

a ovaj ostaje: "System Volume Information"?



USBNoRisk 2.5 (26 July 2009) by bobby

Started at 12/26/2009 7:21:51 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {243a09e9-763b-11de-a0f6-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 243a09e9-763b-11de-a0f6-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\E\autorun.inf.vir
----------------------------------------
[aUtoRuN]
ACTIoN=Open folder to view files
sHelleXEcutE=wsQaj.eXE
ICON=%sYsTEMRoOt%\SysTem32\sHeLL32.DlL,4
usEAuToPLay=1
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 12/26/2009 7:22:34 PM

Scanning for connected USB mass storage...
----------------------------------------
E: {76576865-caf1-11de-b41f-00c0a8bb9012}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 76576865-caf1-11de-b41f-00c0a8bb9012
----------------------------------------

No Desktop.ini files found on E:
----------------------------------------

No mimics found on drive E:
========================================


Processing script
----------------------------------------
76576865-caf1-11de-b41f-00c0a8bb9012
Drive letter for GUID: E:
SectionStart = 0
SectionEnd = 9
f_delete:
file "E:\wsqaj.exe" deleted successfully
f_delete:
file "E:\wsqaj.scr" deleted successfully
f_delete:
file "E:\VIDEO~1.LNK" deleted successfully
f_delete:
file "E:\DOCUME~1.LNK" deleted successfully
f_delete:
file "E:\MUSIC~1.LNK" deleted successfully
f_delete:
file "E:\NEWFOL~1.LNK" deleted successfully
f_delete:
file "E:\PASSWO~1.LNK" deleted successfully
f_delete:
file "E:\PICTUR~1.LNK" deleted successfully
----------------------------------------
Delete folder tree E:\RECYCLER:
----------------------------------------
Delete: E:\RECYCLER\S-1-5-21-1078081533-1580436667-725345543-1004\INFO2 > Done!
Delete: E:\RECYCLER\S-1-5-21-1078081533-1580436667-725345543-1004\desktop.ini > Done!
Delete: E:\RECYCLER\S-1-5-21-1078081533-1580436667-725345543-1004 > Done!
Delete: E:\RECYCLER > Done!
----------------------------------------

Poslao: 26 Dec 2009 20:37
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Taj folder ostaje, legitiman je.


Kakvo je sada stanje?

Poslao: 26 Dec 2009 20:45
Idi na vrh
offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

sad dobro radi ... sve ...
ali obrisem nesto sto mi ne treba na externom hd ... i opet se pojavi RECYCLER. to verovatno uvek mora da bude!!!

nego, otkud tako da se zarazi?? odjednom???

Poslao: 26 Dec 2009 21:22
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Vezano za RECYCLER, tako mora da bude.

Ova vrsta infekcije se najčešće prenosi usb uređajima sa zaraženog kompjutera, mada ima i drugih načina.


Isprati još sledeće uputstvo...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Poslao: 26 Dec 2009 22:28
Idi na vrh
offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

uradjeno ...

hvala na pomoci ... nadam se da je sad sve ok!!!

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc---kompjuter izgleda pun virusa

Ko je trenutno na forumu
 

Ukupno su 704 korisnika na forumu :: 8 registrovanih, 0 sakrivenih i 696 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: darkojbn, doloress, ILGromovnik, Japidson, Koridor, Kriglord, UAV operator, wizzardone