Форум Торонто - Torontovka.com
[Search] [Rules] [Register] [Login]
Forums » Archive » I hate POPUPS!!!!! 
Page: 1 [2] All
Author Message
Joined: 11/25/2003
Posts: 71
Posted on Tuesday, March 16, 2004 10:34:00 AM
 
я сам не большой программер, но пока с вирусами справляться удавалось.
пойди на symantec.ca и вбей в поиск по очереди все .exe файлы, которые вызывают подозрение. они тебе в ответ выдадут, вирус ето или нет, и раскажут, как с ним бороться (даже если нортон самостоятельно вирус удалить не может, проинструктируют, как удалить вручную).
а с поп(ап)ами смотри пост выше: поставь spybot и в настройках отметь block all... только он не попы блокирует, а файлы от tracking companies. одним словом, там все просто - разберешся.

удачи.
Joined: 11/25/2003
Posts: 71
Posted on Tuesday, March 16, 2004 10:45:00 AM
 
смотри, вот это твой wuauclt.exe

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html
Joined: 8/15/2002
Posts: 2710
Posted on Tuesday, March 16, 2004 11:26:00 AM
 
Cool. spasibo
a teper'?


Logfile of HijackThis v1.97.5
Scan saved at 11:28:21 AM, on 16/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Insall\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NavNT\defwatch.exe
C:\insall\iFtpSvc\iFtpSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Insall\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TDispVol.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Insall\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\t2HP0.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Documents and Settings\Enchantress\Application Data\eilu.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Insall\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\wnstsit.exe
C:\Insall\ABBYY Lingvo\LvAgent.exe
C:\Insall\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Insall\Webshots\WebshotsTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Enchantress\Desktop\HijackThis.exe
C:\WINDOWS\System32\taskmgr.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Insall\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Insall\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SIDEBAR] C:\WINDOWS\Resources\Themes\DameK UltraBlue\Desktop Sidebar\sidebar.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Insall\Webshots\WebshotsTray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Joined: 8/15/2002
Posts: 2710
Posted on Tuesday, March 16, 2004 11:34:00 AM
 
rrrrrrrrrrrrrrr, esche 2 virusa. Teh kto virusi delaet chetvertovat' nado, na glavnoy ploschadi, ili net, im nado dat' sdelat' project na paru mesyatsev a potom im vseh ih na computer zakachat', blin :-(
Joined: 9/5/2001
Posts: 3745
Posted on Tuesday, March 16, 2004 12:03:00 PM
 
http://www.rockymountain.com/ref_startup.htm#O

http://www.3feetunder.com/krick/startup/list.html

There's so much Toshiba-specific software running, it's hard to know what to advise.

But please take a look at this - http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html - I'm not sure if this is one of your issue but last hijackthis is kind too small...

I can't find anything regarding this: C:\WINDOWS\t2HP0.exe
So I would say either remove this file or rename... if you don't know what is that...


C:\Program Files\Common files\updater\wupdater.exe
Wupdater is a backdoor program that logs your keystrokes.
SO I would recommend to remove this one too :) using hijackthis
Then reboot, find and delete this folder :-
C:\Program Files\Common files\updater\wupdater.exe


C:\Documents and Settings\Enchantress\Application Data\eilu.exe
don't know about this one...



C:\WINNT\System32\wnstsit.exe
is the latest versions of mindspring that are popping up everywhere
Delete this file
C:\WINNT\System32\wnstsit.exe



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
This is also doesn't look good... Fix this :)



That's it for now... try those fixes and post you hijackthis again if you still has problems
Joined: 9/5/2001
Posts: 3745
Posted on Tuesday, March 16, 2004 12:06:00 PM
 
wow пока тут на работе занят был уже куча изменений :)... лана переписывать не буду - сама смотри ... если до вечера лучше не станет - еще разок посмотрю :)
Joined: 8/15/2002
Posts: 2710
Posted on Tuesday, March 16, 2004 1:02:00 PM
 
ubirau a vsyo vozraschaetsya na mesto posle perezagruzki
Joined: 9/5/2001
Posts: 3745
Posted on Tuesday, March 16, 2004 1:12:00 PM
 
After you remove with hijackthis you need either rename/delete folder/file or login in safe mode and clean this all stuff from there
Joined: 8/15/2002
Posts: 2710
Posted on Wednesday, March 17, 2004 9:20:00 PM
 
spasibo vsem ogromnoe za pomosch.
do sih por kopayus' s compom. :-(
v obschem vsyo chto smogla perepisala na diski.
formatirovat' pridetsya, ne vsyo ubiraetsya + mnogoe poporchenno :-(
Joined: 8/15/2002
Posts: 2710
Posted on Wednesday, March 17, 2004 10:32:00 PM
 
aaaaaaaaaaa, karaul. pereformatirovala vsyo nafig virus ostalsya :-(

TFNF5.exe

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ee.html#removalinstructions
Joined: 4/23/2001
Posts: 11337
Posted on Thursday, March 18, 2004 1:15:00 AM
 
Энчантрес, для того чтоб ранить веб сервера на домашнем компьютере, нужны особо веские причины. А пускать Апач под виндами это, насколько я слышал, очень небезопасно если ты не эксперт по windows security.
Дешёвый хостинг (со всеми прибамбасами) можно найти за пять долларов в месяц. Удачи.
Joined: 8/15/2002
Posts: 2710
Posted on Thursday, March 18, 2004 1:30:00 AM
 
Maxim, mne apache dlya raboti bil nuzhen. Ya ne mogla ego NE installirovat'.

Naschet faila o kotorom ya napisala...symantec kozeeeeeeel, a ya lopuuuuuuuh.
Netu v etom faile nikakogo virusa, on vidaet etu infu po zaprosu o etom faile tolko potomu chto this file gets affected as well as others.

Oy oy oy.
Vsem esche raz bolshoe spasibo. :-)
Page: 1 [2] All
Forums » Archive » I hate POPUPS!!!!! 
Copyright © 2020 Torontovka.com, All rights reserved