RAPORTEAZA un virus!

Descarci Dr. Web cand te apuci de treaba. Nu are modul de update, il actualizeaza ei.

salutare.
a scanat astazi cu dr web si mi-a gasit problema.
e un worm win32.lime.8 care se instala in c:\recycled sau d:\recdycled si vad ca isi face si o cheie in registri
in hklm\software\microsoft\windows\current version\windows nt\logon sau cam asa ceva care la pornire copiaza ce e in c"\recycled pe orice stick si asa se replica.
nu prea poate sa-l stearga. a trebuit sa-l sterg manual, dar a fost bine ca mi-a spus unde e.

Ca sa eviti pe viitor chesti asta:

Descarca :

Panda USB Vaccine1.0.1.4

Apesi dupa rularea programului: Vaccinate Computer si apoi Vaccinate USB.

Daca ai mai multe stickuri/carduri/MP3 Playere faci operatia de vaccinare pentru fiecare.

[ http://www.softpedia.com/screenshots/Panda-USB-Vaccine_1.png - Pentru incarcare in pagina (embed) Click aici ]

ce face acest panda usb vaccine?

Creaza un autorun.inf pe partitii sau stickuri. Acesta nu poate fi sters sau modificat de virusii de autorun deci cand dai dublu click pe stick sau partitie nu se va executa virusul.

Cu alte cuvinte, absolut necesar in zilele noastre

cred ca e virus am primit pe mess acest link cu acest mesaj " Will you be mad if I sent this photo of you to my friend? http://XXpicture.com...0/...2.JPG.zip" avand in vedere ca e .jpg.zip e ciudat

Edited by crysty2k5, 17 March 2010 - 20:09.
XX

Timit acum la analiza. E un jeg.

LE:


DSC-0912.JPG_8picture.com  - Trojan.Win32.Buzus.dnvf

New malicious software was found in this file. The next antivirus database update will include detection for this malware. Thank you for your help.

Best regards, Kaspersky Lab

Edited by crysty2k5, 17 March 2010 - 20:56.

SALUT! Am gasit si eu un site SCAM (gen antivirusi falsi) si nu stiu cum si cui sa-l raportez ca fiind "site de atac" ,ca pe viitor sa se puna un advertisment sa nu intre si alti.Am vazut ca la Firefox il pot raporta doar la "phishing" si "web defecte" .Ma puteti ajuta si pe mine?(Sper ca nu am postat gresit,daca da,imi cer mii de scuze)

Trimite-mi link-ul pe .

JulotM, on 21st March 2010, 00:12, said:

L-am trimis! Sper ca l-ai primit.Sa-mi spui si mie daca era intr-adevar un site din acela care iti instala antivirusi falsi in calculator(eu am mai dat acum un an peste site-uri din astea si vad ca asta le seamana).De infectat nu cred ca m-am infectat, ca nu am dat "click" pe nimic de acolo.

EDIT:Acum am intrat pe adresa aia si nu mai e pagina aia SCAM (sau cum ii zice).Uite mai jos pagina cum arata prima data cand am intrat pe ea(ca am apucat sa-i fac poza),de fapt cand m-a redirectionat pe ea dupa un alt site.

Edited by stlk, 21 March 2010 - 00:46.

Hm, nu vad nimic pe site-ul ala. Poti salva executabilul si sa mi-l trimiti?

JulotM, on 21st March 2010, 01:05, said:

Pai nu am nici un executabil prin calculator(am scanat AVG+SuperAntiSpyware+Malwarebytes' Anti-Malware),calculatorul e curat.Eu am facut in felul urmator am intrat pe un site rusesc cu niste jocuri de telefon si alte tampenii si cand am navigat prin el, s-a mai deschis un alt site -fereastra noua-(imaginea atasata mai sus).Site-ul rusesc de jocuri de telefon, stiu ca a fost atacat de niste virusi DDOS sau cam asa ceva, acum cateva zile(nu a mers acum cateva zile si scria doar ca e atacat de virusi).

Edited by stlk, 21 March 2010 - 01:46.

Da, e un rogue. Interesant e ca iti cere un cod la download pe care, spun ei, il vei avea daca trimiti un SMS la un numar. O sa ma uit mai atent si totodata o sa raportez.

JulotM, on 21st March 2010, 02:37, said:

OK ,ma bucur ca i-ai de urma,multumesc mult !  

Un nou Rogue,fals antispyware numit Spyware Ceaset  !

Mai inainte de toate trebuie sa mentionez ca am testat personal programul Spyware Ceaset  care se da a fi un antispyware.
In urma testelor a iesit la iveala ca Spyware Cease este un fals program plin de Spyware,probabil daca-l lasam sa faca update mai aducea alte sute de troieni.
Testint programul,l-am pus sa scaneze banalul siszy,banalul virus svchost si cateva sute de malware pe care nu i-a detectat,a fost primul lucru care arata ca este un rogue.
Dupa prima scanare Spyware Cease arata fisiere valide din sistemul de operare ca fiind troieni,insa era doar alarma falsa,mai trebuie mentionat ca creeatori acestui program vor sa insele oamenii prin metota simpla,programul scaneaza dar nu-ti sterge asa zisii virusi pina nu-l inregistrezi cu un serial luat de la el evident contra cost.

Inca odata,afirm si-mi asum raspunderea ca Spyware Cease este un program periculos.
De altfel nenumarate siteuri prin necunoscatori ori persoane care se dau simplii utilizatori spun ca programul este excelent,ca este bazat pe  rewiuri de la utilizatori de internet,toate sunt de fapt comenturi in necunostinta de cauza ori tentative mincinoase de a promova acest program,un mizerabil infect.


Malwarebytes' Anti-Malware 1.44
Versiunea bazei de date: 3888
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/21/2010 2:38:54 AM
mbam-log-2010-03-21 (02-38-51).txt

Tipul scanarii: Scanare totala (C:\|)
Obiecte scanate: 129847
Timp trecut: 6 minute(s), 21 second(s)

Procese din memorie afectate: 0
Module de memorie afectate: 0
Chei de registri infectate: 3
Valori din registri afectate: 0
Elemente din registri infectate: 3
Foldere infectate: 3
Fisiere infectate: 32

Procese din memorie afectate:
(Nici un element periculos nu a fost detectat)

Module de memorie afectate:
(Nici un element periculos nu a fost detectat)

Chei de registri infectate:
HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.

Valori din registri afectate:
(Nici un element periculos nu a fost detectat)

Elemente din registri infectate:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Foldere infectate:
C:\Program Files\Spyware Cease (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\update (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease (Rogue.SpywareCease) -> No action taken.

Fisiere infectate:
C:\Program Files\Spyware Cease\unins000.dat (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\unins000.exe (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\md5.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\hrdb.hrl (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\bmgac (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\dxddd (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\idamx (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\iflee (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\vf (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\xxcum (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\wl.swl (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\fp.fpl (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\AutoUpdate.exe (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\SpywareCease.chm (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\SpywareCease.url (Rogue.SpywareCease) -> No action taken.
C:\Program Files\Spyware Cease\LSR.lsr (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\Header\Desktop\Spyware Cease - Anti Spyware Made Easy. Free Spyware Scan.url (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\Header\Desktop\Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.

Ca de obicei A-sqared s-a tinut mai bine in detectie avind o rata mai mare de detectare,iata mai jos:

a-squared Free - Version 4.5
Last update: 3/21/2010 1:54:51 AM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\, G:\, H:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 3/21/2010 2:17:59 AM

c:\program files\spyware cease\ detected: Trace.Directory.SpywareCease!A2
c:\program files\spyware cease\update\ detected: Trace.Directory.SpywareCease!A2
c:\documents and settings\all users\start menu\programs\spyware cease\ detected: Trace.Directory.SpywareCease!A2
c:\program files\spyware cease\hrdb.hrl detected: Trace.File.Spyware Cease 3.7!A2
c:\program files\spyware cease\lsr.lsr detected: Trace.File.Spyware Cease 3.7!A2
c:\program files\spyware cease\mtools.dll detected: Trace.File.Spyware Cease 3.7!A2
c:\program files\spyware cease\spywarecease.chm detected: Trace.File.Spyware Cease 3.7!A2
c:\program files\spyware cease\zlib1.dll detected: Trace.File.Spyware Cease 3.7!A2
c:\program files\spyware cease\iflee detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\vf detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\xxcum detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\fp.fpl detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\wl.swl detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\unins000.exe detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\qareadll.dll detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\udefend.dll detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\ussafe.dll detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\unins000.dat detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\bmgac detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\dxddd detected: Trace.File.SpywareCease!A2
c:\program files\spyware cease\idamx detected: Trace.File.SpywareCease!A2
c:\documents and settings\all users\start menu\programs\spyware cease\uninstall spyware cease.lnk detected: Trace.File.SpywareCease!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease --> EveryChecked detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease --> FirstRun detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease --> MinimizeRun detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> FileExtensionsShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> IEHomepageShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> IEPlugInShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> IERightClickMenuShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> IESearchShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> IEToolbarsShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> ProcessDebugShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> ServicesShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> StartupShield detected: Trace.Registry.Spyware Cease 3.7!A2
Value: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\Software\Spyware Cease\Protection --> SystemINIShield detected: Trace.Registry.Spyware Cease 3.7!A2
Key: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\software\Spyware Cease detected: Trace.Registry.SpywareCease!A2
Key: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\software\Spyware Cease\Protection detected: Trace.Registry.SpywareCease!A2
Key: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\software\Spyware Cease\Quarantine detected: Trace.Registry.SpywareCease!A2
Key: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\software\Spyware Cease\Scan detected: Trace.Registry.SpywareCease!A2
Key: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\software\Spyware Cease\SchedlueTasks detected: Trace.Registry.SpywareCease!A2
Key: HKEY_USERS\S-1-5-21-1960408961-1202660629-839522115-1003\software\Spyware Cease\Version detected: Trace.Registry.SpywareCease!A2
Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Spyware Cease_is1 detected: Trace.Registry.SpywareCease!A2
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RkHit detected: Trace.Registry.SpywareCease!A2
C:\WINDOWS\system32\drivers\RKHit.sys detected: Adware.Win32.SpywareCease!A2
C:\Program Files\Spyware Cease\unins000.exe detected: Fraudtool.Win32.SpywareCease!IK
C:\Program Files\Spyware Cease\SpywareCease.url detected: Adware.Win32.SpywareCease!A2

Scanned

Files: 43554
Traces: 675221
Cookies: 9
Processes: 36

Found

Files: 3
Traces: 43
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 3/21/2010 2:31:29 AM
Scan time: 0:13:30


O scanare suplimentara cu ComboFix nu a scos date suplimentare.

Tested by Header from Romania.

Edited by Header, 21 March 2010 - 03:29.

stlk, on 21st March 2010, 00:23, said:

Ce ai postat tu se vrea a fi o copie fidela a falsului si periculos Antivirus 2009 acum numit 2010,acum si varianta in rusa.

http://www.lavasoft....es/spywarecease

http://www.malwareby...ue.SpywareCease

A trecut ca program antispyware la inceput si a fost gazduit pe mai toate site-urile de download. Dar este rogue.