Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
IM-Worm.Win32.Qucan.a / Sohanad.E
Last Updated: Feb 17 2011 22:03, Started by
Daisuke
, Nov 23 2006 01:00
·
0
#1
Posted 23 November 2006 - 01:00
Acest vierme poate fi usor confundat cu IM-Worm.Win32.Sohanad.O
Procedura de curatare este diferita pentru Sohanad.O. (vezi link) ------------------ Semne Start menu: Run lipseste din Start menu Internet Explorer: Homepage schimbat, iar editarea in "Internet Options" nu e posibila Task Manager: este blocat. Yahoo Messenger: Status Message este schimbat Incearca sa inlocuiasca regedit.exe. Daca reuseste folosirea regedit.exe reinstaleaza viermele. ------------------ Curatare 1. Download Delete_YM_Qucan.zip pe desktop 2. Download Clear/Edit YahooMessenger Status History pe desktop. 3. Download ATF Cleaner pe desktop. 4. Reboot in safemode. 5. Se fixeaza cu HiJackThis urmatoarele: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://thecoolpics.net O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS\system\svchost32.exe O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system\svhost.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 6. Se sterg fisierele: C:\WINDOWS\system\svchost32.exe <-- acest fisier C:\WINDOWS\system\svhost.exe <-- acest fisier (Atentie svchost.exe este un fisier legitim Microsoft) 7. Se golesc temp folders: Dublu-click ATF-Cleaner.exe pentru a porni programul. In tab-ul Main alege: Select All Apasa butonul Empty Selected. 8. Se repara Registry: Extrage 'Delete_YM_Qucan.inf' din Delete_YM_Qucan.zip pe desktop. Click dreapta pe 'Delete_YM_Qucan.inf' si selecteaza 'Install'. 9. Reboot normal. 10. Scaneaza computerul online: http://www.bitdefend...m/scan8/ie.html http://www.kaspersky.com/virusscanner 11. Viermele incearca sa inlocuiasca regedit.exe. Daca regedit.exe a fost inlocuit / sters iti trebuie CD-ul Windows. Pe CD-ul Windows, regedit.exe se afla in folderul I386. Se copiaza in C:\Windows si C:\Windows\system32\dllcache\ 12. Deschide YIM-StatusEdit.exe si apasa "Check ALL" si apoi "Clear Checked". Programul e destul de instabil si mai crapa din cand in cand. Da' isi face treaba daca nu apesi pe alte butoane. Va rog nu postati loguri in acest topic. Comentariile / intrebarile sunt bine venite. Delete_YM_Qucan.inf este imbunatatit si updatat de cate ori este nevoie. Faceti download la acest fisier doar din acest topic. Attached FilesEdited by Daisuke, 23 November 2006 - 08:31. |
#2
Posted 20 March 2007 - 10:24
salutare
Daisuke am urmat pasii tai si am reusit sa scap de virus Totusi, acum cand porneste windos'ul primesc un msg de eroare Windows cannot find'C:\WINDOWS\system\lsass.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click searchBine, nu e ceva grav, un simplu click pe OK rezolva problema, dar daca se poate scapa de aceasta eroare as vrea sa stiu cum. Acel fisier ( c:/windows/lsass.exe ) era infectat d'asemenea cu acelasi virus ca si C:\WINDOWS\system\svhost.exe Ms pt timpu' acordat |
#3
Posted 20 March 2007 - 19:27
Cu HiJackThis fixezi linia asta:
O4 - HKLM\..\Run: [exista o denumire aici] C:\WINDOWS\system\lsass.exe |
#4
Posted 06 April 2007 - 13:40
(Atentie svchost.exe este un fisier legitim Microsoft
pai si pana la urma il mai stergem |
#5
Posted 06 April 2007 - 13:46
svchost.exe este legitim daca este in folderul system32.
Iar daca citeai cu atentie vedeai ca e vorba de alte denumiri aici: svchost.exe - legitim daca indeplineste conditia de mai sus svhost.exe - vierme (lipseste "C"-ul) svchost32.exe - vierme Edited by Daisuke, 06 April 2007 - 13:47. |
#6
Posted 06 April 2007 - 13:48
6. Se sterg fisierele:
C:\WINDOWS\system\svchost32.exe <-- acest fisier C:\WINDOWS\system\svhost.exe <-- acest fisier (Atentie svchost.exe este un fisier legitim Microsoft) scuze dar tu ce ai intelege daca nu ai avea habar de virusi. |
#7
Posted 06 April 2007 - 13:54
Quote Atentie svchost.exe este un fisier legitim Microsoft Oricum nu poti sterge svchost.exe asa usor. |
#8
Posted 06 April 2007 - 14:29
inca ceva daca nu te-am enervat destul . la scanarea online am ales kaspersky. se pare ca merge numai cu Internet Explorer. apoi ma intreaba daca vreau sa instalez activ x. ce fac instalez. mi-e sa nu mai iau alt virus
|
#9
Posted 06 April 2007 - 14:34
Quote se pare ca merge numai cu Internet Explorer. apoi ma intreaba daca vreau sa instalez activ x. ce fac instalez. mi-e sa nu mai iau alt virus |
#10
Posted 06 April 2007 - 15:22
salut nici urma de svhost(vierme) am venit cu rezultatele scanarii online.
KASPERSKY ONLINE SCANNER REPORT Friday, April 06, 2007 4:17:14 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 6/04/2007 Kaspersky Anti-Virus database records: 275519 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Statistics Total number of scanned objects 44110 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 00:40:14 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\cert8.db Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\formhistory.dat Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\history.dat Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\key3.db Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\parent.lock Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\search.sqlite Object is locked skipped C:\Documents and Settings\geo\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\geo\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped C:\Documents and Settings\geo\Cookies\index.dat Object is locked skipped C:\Documents and Settings\geo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\geo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\geo\Local Settings\Application Data\Mozilla\Firefox\Profiles\mbp6z0xr.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\geo\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\geo\Local Settings\History\History.IE5\MSHist012007040620070407\index.dat Object is locked skipped C:\Documents and Settings\geo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\geo\NTUSER.DAT Object is locked skipped C:\Documents and Settings\geo\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{170BA085-E2B7-433D-8069-60219BE3FE76}\RP11\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped am vrut si parerea unui profesionist. pt ca mie nu mi s-a parust nik in neregula. totusi vreau sa aud si parerea ta |
|
#11
Posted 06 April 2007 - 19:49
Quote mie nu mi s-a parust nik in neregula |
#12
Posted 13 April 2007 - 11:27
am si eu o problema asemanatoare cu virusul IM-Worm.Win32.Sohanad.O dar NU imi lipseste "run" din meniu si NU am new folder .....
In schimb dupa pornirea calculatorului svchost.exe (unul din ele) imi tine procesorul la 100 % adica nu pot sa mai fac nimic .... folosesc antivirusul KIS 6 updatat ... daca din task bar ii dau end proces la acest svchost.exe calculatorul isi revine la normal dar dupa un timp iara revine acesta...... Voi nu ati patit asa ceva ??? ii virus oare ??? stiti vreo solutie ??? Mersi |
#13
Posted 13 April 2007 - 18:45
Citeste asta: FIX: When you run Windows Update to scan for updates that use Windows Installer, including Office updates, CPU utilization may reach 100 percent for prolonged periods Nu cred ca e viermele de YM.
|
#14
Posted 08 June 2007 - 00:40
Daisuke, on Mar 20 2007, 20:27, said: Cu HiJackThis fixezi linia asta: O4 - HKLM\..\Run: [exista o denumire aici] C:\WINDOWS\system\lsass.exe Sal again Daisuke, singurele linii in care apare C:\WINDOWS\system\lsass.exe sunt : F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe Ce fac ? |
#15
Posted 08 June 2007 - 01:14
Dutzzu, on Jun 8 2007, 01:40, said: Sal again Daisuke, singurele linii in care apare C:\WINDOWS\system\lsass.exe sunt : F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe Ce fac ? Ai gresit topicul http://forum.softped...howtopic=226500 |
|
#16
Posted 17 June 2007 - 12:36
Am si eu o intrebare.Ma confrunt si eu cu acelasi SOHANAD si ma cam enerveaza.Am reinstalat windowsul dar tot degeaba.Am doua partitii. C:\ pe care am windowsul si un D:\ pe care nu am nimik,cu exceptia lui New Folder.Am dat instal la windows cu format pe C:\ insa tot degeaba.Nu as putea sa rezolv prblema cu un reinstal la windows , ca sincer mi-ar fi ceva mai usor.Multumesc anticipat si scuze daca am zis vreo ceva gresit.Este prima data cand postez pe un forum.
|
#17
Posted 18 June 2007 - 15:34
#18
Posted 25 July 2007 - 19:29
Daisuke, te rog fii mai explicit la punctul 5. Cum anume se foloseste si de unde se ia acel HAIJACKTHIS ?
|
Anunturi
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users