lap top usporen

2

lap top usporen

offline
  • Pridružio: 23 Nov 2015
  • Poruke: 8

skinuo sam novi COMBO i odradi postupak

ComboFix 15-11-23.01 - Korisnik 24-Nov-15 13:20:42.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2196 [GMT 1:00]
Running from: c:\users\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\users\Korisnik\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\apsibc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\apsibc.exe
C:\autorun.inf
C:\extensions
c:\extensions\bingsearch.full@microsoft.com.xpi
C:\searchplugins
c:\users\Korisnik\AppData\Local\Temp\RtkBtMnt.exe
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2015-10-24 to 2015-11-24 )))))))))))))))))))))))))))))))
.
.
2015-11-24 12:26 . 2015-11-24 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-23 15:12 . 2015-11-23 16:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-11-23 15:12 . 2015-11-23 16:57 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-23 15:12 . 2015-11-23 16:56 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-23 12:18 . 2015-11-23 15:28 -------- d-----w- c:\programdata\NVIDIA
2015-11-23 00:14 . 2015-11-23 00:21 -------- d-----w- C:\FRST
2015-11-09 02:32 . 2015-11-09 02:35 -------- d-----w- c:\programdata\WinZip
2015-11-09 01:16 . 2015-11-09 13:23 -------- d-----w- c:\program files\iTunes
2015-11-09 01:15 . 2015-11-09 01:15 -------- d-----w- c:\program files\Bonjour
2015-11-09 01:15 . 2015-11-09 01:15 -------- d-----w- c:\program files (x86)\Bonjour
2015-11-09 01:14 . 2015-11-09 01:14 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-28 23:23 . 2015-10-30 17:41 -------- d-----w- C:\Ubisoft
2015-10-28 23:21 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2015-10-28 23:21 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2015-10-28 23:21 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2015-10-28 23:21 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2015-10-28 23:21 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2015-10-25 23:35 . 2015-10-25 23:35 -------- d-----w- c:\windows\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 12:02 . 2014-10-26 16:31 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 12:02 . 2014-10-26 16:31 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-10-05 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-10-05 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"="c:\users\Korisnik\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-19 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-06-01 3612672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe;c:\program files (x86)\Acer Bio Protection\BASVC.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe;c:\windows\SYSNATIVE\vfsFPService.exe [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-11 21:18 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26 12:02]
.
2015-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-05 22:02]
.
2015-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-05 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 16336416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1215272]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-12 6456352]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.2.46.1 84.2.44.1
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\p08os93m.default-1445816209802\
FF - prefs.js: browser.startup.homepage - yahoo.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
.
**************************************************************************
.
Completion time: 2015-11-24 13:31:44 - machine was rebooted
ComboFix-quarantined-files.txt 2015-11-24 12:31
ComboFix2.txt 2015-11-23 12:23
.
Pre-Run: 42,578,055,168 bytes free
Post-Run: 42,269,609,984 bytes free
.
- - End Of File - - EB44553D29287A40D80CFE5FB1DF3932
A36C5E4F47E84449FF07ED3517B43A31

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Gledaj, postoji verovatnoca da je tvoj racunar inficiran sa virusom kojeg mi zovemo file infector. U pitanju je maliciozni program koji je u stanju da ubaci svoj maliciozan kod u svaku izvrsnu datoteku na sistemu (u legitiman program, u deo programa, u deo sistema...) ... nesto sto se tesko leci.
Nasi alati nekada imaju poteskoce to detektovati, ComboFix poseduje okidace koji upozoravaju na tako nesto.


Nadam se da imas pristojnu internet konekciju jer moramo odraditi online scan, AV program je ovde jedino sto nam u ovom trenutku moze dati neki bolju sliku.


Sa donjeg linka preuzmi ESET Online Scanner;
http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

- Desnim klikom na esetsmartinstaller_enu.exe > run as administrator;
Stikliraj YES, I accept the Terms of Use potom klik na Start.
//pricekaj da se ESET komponente ucitaju ...

- Izaberi Enable detection of potentially unwanted applications.
- Klik Advanced Settings a zatim selektuj sledece opcije;
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

- Klik na Start da bi otpoceo skeniranje.
//biva zapoceto preuzimanje baze i potpisa, nastavlaj se skeniranje.

- Kada je skeniranje zavrseno, klik na List threats koje je dostupno samo ako je nastala neka detekcija.

- Klik Export i sacuvaj izvestaj na Desktop, taj izvestaj prikaci uz poruku.
// klik Back a zatim Finish da bi zavrsio sa alatom.

offline
  • Pridružio: 23 Nov 2015
  • Poruke: 8

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Sad

Ovoga sam se i plasio, ako malo bolje pogledas datoteke (fajlove) i sta je to detektovano, svaka izvrsna datoteka uglavnom legitimnih programa poseduje deo malicioznog koda (Win32/Sality.NBA virus) tkz. polymorphic varijante virusa. Sve te datotke su inficirane.
Ovo je kao rak za sistem. Tako ga shvati.

Tehnicki detalji ove varijante malware-a:
http://www.virusradar.com/en/Win32_Sality.NBA/description

Kako radi:
https://www.virusbtn.com/resources/glossary/polymorphic_virus.xml
https://www.virusbtn.com/resources/glossary/file_infector_virus.xml



Tvoji USB memorijski uredjaji su najverovatnije inficirani i odatle se siri malware. Memorijske uredjaje ne koristiti dok se ne resi pitanje ovog racunara.
Kada glavni OS bude slobodan od malware-a, MCShield ce na cistom sistemu ukloniti sav malware koji se nalazi na memorijskim uredjajima i koji pukusava da inficira glavni OS.
http://www.mcshield.net/


Imas dve opcije, izaberi jednu;

a) Pokusaj dezinfekcije sistema, male su sance da ce infekcija biti uklonjena bez ostecena operativnog sistema jer AV/AM programi nisu u stanju pravilno dezinfikovati bas svaki bitan file ili program.
- Nema garancije da ce infekcija biti pravilno uklonjena niti da nece doci do ponovne reinfekcije.
- Nema garanice da ce operativni sistem ostati stabilan po zavrsenoj dezinfekciji.


b) Potpuna reinstalacija operativnog sistema, sa formatiranjem sistemske particije. Po instalaciji, postarati se da sistem poseduje interent konekciju, nista drugo nije bitno. Ne pristupati ostalim particijama, ne instalirati ostale programe. Na "golom" sistemu, instalirati antivirus i izvrsiti full system scan. Preporuka avast! jer poseduje tkz. boot time scan tehnologiju koja skenira sistem izvan aktivnog sistema. Sve sto AV pronadje, ukloniti.
- Garancija da ce malware biti pravilno uklonjen (ako se sve odradi kako treba) jer ce AV zapoceti dezinfekciju pre nego sto sam virus zapocne ponovno sirenje.


Ja ti preporucujem opciju b. Ove vesti nisu lepe, sta da radimo.
Koju god opciju izabrao, ne gine ti brisanje svakog programa koji cuvas na disku Svi izvrsni programi (.exe i sl.) su okidaci infekcije. Oni ce biti ciljani od strane AV programa ali najbolje je da kasnije, pesice predjes po disku i sam obrises svaki program koji je potencijalno malware jer je izvrsni fajl.

Npr. C:\games\CS1.6v44 <= svaki izvrsni .exe file u tom direktorijumu je okidac infekcije. Znam da ti je zao igrice, al' mora se.

Srecno.

offline
  • Pridružio: 23 Nov 2015
  • Poruke: 8

Vazi :/ Hvala puno , pozdrav i svako dobro.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Sve najbolje i puno srece u borbi.

Ko je trenutno na forumu
 

Ukupno su 1007 korisnika na forumu :: 45 registrovanih, 9 sakrivenih i 953 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., aleksmajstor, Brana01, Bubimir, ccoogg123, dankisha, debeli, djuradj, Frunze, greskac, Hexe, HogarStrashni, ILGromovnik, Jeremiah, Još malo pa deda, Korida, laurusri, markos12345, mercedesamg, MiG-29M2, mikrimaus, milenko crazy north, Milos ZA, mkukoleca, mocnijogurt, nenad81, nikoladim, novator, Parker, pein, puki123, repac, Romibrat, ruma, solic, suton, t84dar, VJ, vladas87, VP6919, zastavnik, ZetaMan, zillbg, zixmix