[Search] [Rules] | [Register] [Login] |
Forums » Archive » I hate POPUPS!!!!! | |
Page: 1 [2] All |
Author | Message |
Joined: 11/25/2003 Posts: 71 | Posted on Tuesday, March 16, 2004 10:34:00 AM я сам не большой программер, но пока с вирусами справляться удавалось. пойди на symantec.ca и вбей в поиск по очереди все .exe файлы, которые вызывают подозрение. они тебе в ответ выдадут, вирус ето или нет, и раскажут, как с ним бороться (даже если нортон самостоятельно вирус удалить не может, проинструктируют, как удалить вручную). а с поп(ап)ами смотри пост выше: поставь spybot и в настройках отметь block all... только он не попы блокирует, а файлы от tracking companies. одним словом, там все просто - разберешся. удачи. |
Joined: 11/25/2003 Posts: 71 | Posted on Tuesday, March 16, 2004 10:45:00 AM смотри, вот это твой wuauclt.exe http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html |
Joined: 8/15/2002 Posts: 2710 | Posted on Tuesday, March 16, 2004 11:26:00 AM Cool. spasibo a teper'? Logfile of HijackThis v1.97.5 Scan saved at 11:28:21 AM, on 16/03/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Insall\Apache Group\Apache2\bin\Apache.exe C:\Program Files\NavNT\defwatch.exe C:\insall\iFtpSvc\iFtpSvc.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\Insall\Apache Group\Apache2\bin\Apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\System32\TPWRTRAY.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\TDispVol.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\System32\TFNF5.exe C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe C:\Insall\QuickTime\qttask.exe C:\Program Files\NavNT\vptray.exe C:\WINDOWS\t2HP0.exe C:\Program Files\Common files\updater\wupdater.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\ICQ\ICQ.exe C:\Documents and Settings\Enchantress\Application Data\eilu.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Insall\INCRED~1\bin\IMApp.exe C:\WINDOWS\System32\wnstsit.exe C:\Insall\ABBYY Lingvo\LvAgent.exe C:\Insall\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Insall\Webshots\WebshotsTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Enchantress\Desktop\HijackThis.exe C:\WINDOWS\System32\taskmgr.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [QuickTime Task] "C:\Insall\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKCU\..\Run: [IncrediMail] C:\Insall\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [SIDEBAR] C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Webshots.lnk = C:\Insall\Webshots\WebshotsTray.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) |
Joined: 8/15/2002 Posts: 2710 | Posted on Tuesday, March 16, 2004 11:34:00 AM rrrrrrrrrrrrrrr, esche 2 virusa. Teh kto virusi delaet chetvertovat' nado, na glavnoy ploschadi, ili net, im nado dat' sdelat' project na paru mesyatsev a potom im vseh ih na computer zakachat', blin :-( |
Joined: 9/5/2001 Posts: 3745 | Posted on Tuesday, March 16, 2004 12:03:00 PM http://www.rockymountain.com/ref_startup.htm#O http://www.3feetunder.com/krick/startup/list.html There's so much Toshiba-specific software running, it's hard to know what to advise. But please take a look at this - http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html - I'm not sure if this is one of your issue but last hijackthis is kind too small... I can't find anything regarding this: C:\WINDOWS\t2HP0.exe So I would say either remove this file or rename... if you don't know what is that... C:\Program Files\Common files\updater\wupdater.exe Wupdater is a backdoor program that logs your keystrokes. SO I would recommend to remove this one too :) using hijackthis Then reboot, find and delete this folder :- C:\Program Files\Common files\updater\wupdater.exe C:\Documents and Settings\Enchantress\Application Data\eilu.exe don't know about this one... C:\WINNT\System32\wnstsit.exe is the latest versions of mindspring that are popping up everywhere Delete this file C:\WINNT\System32\wnstsit.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime This is also doesn't look good... Fix this :) That's it for now... try those fixes and post you hijackthis again if you still has problems |
Joined: 9/5/2001 Posts: 3745 | Posted on Tuesday, March 16, 2004 12:06:00 PM wow пока тут на работе занят был уже куча изменений :)... лана переписывать не буду - сама смотри ... если до вечера лучше не станет - еще разок посмотрю :) |
Joined: 8/15/2002 Posts: 2710 | Posted on Tuesday, March 16, 2004 1:02:00 PM ubirau a vsyo vozraschaetsya na mesto posle perezagruzki |
Joined: 9/5/2001 Posts: 3745 | Posted on Tuesday, March 16, 2004 1:12:00 PM After you remove with hijackthis you need either rename/delete folder/file or login in safe mode and clean this all stuff from there |
Joined: 8/15/2002 Posts: 2710 | Posted on Wednesday, March 17, 2004 9:20:00 PM spasibo vsem ogromnoe za pomosch. do sih por kopayus' s compom. :-( v obschem vsyo chto smogla perepisala na diski. formatirovat' pridetsya, ne vsyo ubiraetsya + mnogoe poporchenno :-( |
Joined: 8/15/2002 Posts: 2710 | Posted on Wednesday, March 17, 2004 10:32:00 PM aaaaaaaaaaa, karaul. pereformatirovala vsyo nafig virus ostalsya :-( TFNF5.exe http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html#removalinstructions |
Joined: 4/23/2001 Posts: 11337 | Posted on Thursday, March 18, 2004 1:15:00 AM Энчантрес, для того чтоб ранить веб сервера на домашнем компьютере, нужны особо веские причины. А пускать Апач под виндами это, насколько я слышал, очень небезопасно если ты не эксперт по windows security. Дешёвый хостинг (со всеми прибамбасами) можно найти за пять долларов в месяц. Удачи. |
Joined: 8/15/2002 Posts: 2710 | Posted on Thursday, March 18, 2004 1:30:00 AM Maxim, mne apache dlya raboti bil nuzhen. Ya ne mogla ego NE installirovat'. Naschet faila o kotorom ya napisala...symantec kozeeeeeeel, a ya lopuuuuuuuh. Netu v etom faile nikakogo virusa, on vidaet etu infu po zaprosu o etom faile tolko potomu chto this file gets affected as well as others. Oy oy oy. Vsem esche raz bolshoe spasibo. :-) |
Page: 1 [2] All | |
Forums » Archive » I hate POPUPS!!!!! |
Copyright © 2021 Torontovka.com, All rights reserved