MyCity » Ambulanta -> Arhiva Ambulante » Win32/Autoit.FL ...worm?

Win32/Autoit.FL ...worm?

Napisano na dan: 8.6.2009

Strana:
1
2
3

Win32/Autoit.FL ...worm?

Pagination

Prethodna strana

Odgovori

Strana:
1
2
3

maqdam Poslao: 09 Jun 2009 22:52 Idi na vrh
offline maqdam Novi MyCity građanin Pridružio: 08 Jun 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao. Da, na kraju sam to morala da uradim.. vratila sam ga 2 dana unazad. Manje zlo. Sad je sve ok, tj. nisam primetila da fali nesto od driver-a, nadam se da me nece ponovo ovako iznenaditi. Flash sam formatirala, neke "sigurne" file-ove sam spasila... Otprilike, to je sve...

Profil

bobby Poslao: 09 Jun 2009 22:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imas izvinjenje s nase strane zbog ove neprijatnosti. Greska je bila u programu ComboFix koji je koriscen. Greska je ispravljena u novoj verziji koja ce biti dostupna za par sati. Prijavili smo autoru ovaj tvoj ovde slucaj, i zahvaljujuci fajlovima koje si nam poslala, i zahvaljujuci jos jednom slucaju sa foruma (gde smo coveku takodje zeznuli sistem) uspeli smo da lokalizujemo gresku koja ispoljava iskljucivo kada je racunar zarazen ovom infekcijom koja je bila i kod tebe. Ja bih te samo zamolio da jos jednom proskeniras fleshke USBNoRiskom i da nam ovde postavis log, za svaki slucaj.

Profil

maqdam Poslao: 10 Jun 2009 02:20 Idi na vrh
offline maqdam Novi MyCity građanin Pridružio: 08 Jun 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 10 Jun 2009 2:18 USBNoRisk 2.4 (1 June 2009) by bobby Started at 10.6.2009 2:16:42 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {02d1c26b-c2ce-11dc-9ad4-806d6172696f} E: {02d1c26c-c2ce-11dc-9ad4-806d6172696f} C: {02d1c26e-c2ce-11dc-9ad4-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 02d1c26e-c2ce-11dc-9ad4-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 02d1c26b-c2ce-11dc-9ad4-806d6172696f ---------------------------------------- Desktop.ini found at D:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 02d1c26c-c2ce-11dc-9ad4-806d6172696f ---------------------------------------- Desktop.ini found at E:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 10.6.2009 2:16:54 Scanning for connected USB mass storage... ---------------------------------------- H: {e7ac10d1-996d-11dd-9ae0-00110963c2cd} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No Autorun.inf files found on H: Sanitized mountpoint for e7ac10d1-996d-11dd-9ae0-00110963c2cd ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- Mimics found on drive H: ======================================== Dopuna: 10 Jun 2009 2:20 A o kakvoj se to infekciji radi? Zarazen racunar ili samo flash... ili oboje? Evo loga...

Profil

bobby Poslao: 10 Jun 2009 05:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada cemo da vidimo da li je zarazen i racunar ili samo flash. Predji na karticu Script u USBNoRisku i tamo iskopiraj sledeci skript: `{e7ac10d1-996d-11dd-9ae0-00110963c2cd} delete_mimics: folder_list: %DRIVE%` Vrati se na karticu Monitor. Nakon toga prikljuci na komp taj flash i sacekaj da USBNoRisk automatski obavi skeniranje i ciscenje. Kada to odradis, snimi ponovo log i iskopiraj mi ga ovde.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Autoit.FL ...worm?

Ko je trenutno na forumu

Ukupno su 1269 korisnika na forumu :: 55 registrovanih, 5 sakrivenih i 1209 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aramis s, ArchaBasha, babaroga, Belac91, Bojadin Strumski, bozomotika, brundo65, cavatina, cenejac111, Centauro, Dannyboy, Denaya, djordje92sm, djuradj, Dorcolac, Draganeli, hyla, ikan, ILGromovnik, Insan, Klecaviks, Krusarac, kybonacci, Limeni91, ljuba, LUDI, Metanoja, MiGac, Miki01, mikki jons, Milos ZA, Miškić, mkukoleca, mnn2, nebojsag, Nemanja.M, Niko Bitan, pape, predragc, Romibrat, srbijaiznadsvega, styg, uruk, vathra, Vlada1389, vladulns, voja64, vranjanac29, wolf431, Wrangler, x9, YugoSlav, zlaya011, zodiac94, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by