Avira îmi detectează un troian(Virus or unwanted program).
Last Updated: Mar 21 2016 07:07, Started by
Iochanan
, Jun 01 2015 11:49
·
0
#1
Posted 01 June 2015 - 11:49
Avira îmi detectează un troian de mai multe ori , de genul:
Virus or unwanted program 'TR/Crypt.XPACK.Gen3 [trojan]' detected in file 'C:\Program Files\GUM1.tmp\goopdateres_am.dll. Action performed: Deny access Asta de vreo trei zile. De fiecare dată am dat deny access sau mutare la "carantină". Am instalat Malwarebytes free, am făcut scanare, după care am mutat tot ce a găsit la "carantină". După care la restartare, mi-au apărut din nou aceleaşi mesaje de detectare de la Avira. Ştie cineva cam ce ar trebui să fac? Este normal ca după ce dau deny access în Avira să nu îl găsească Malwarebytes? |
#2
Posted 01 June 2015 - 18:55
Descarca si salveaza Farbar Recovery Scan Tool, pe Desktop.
Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Yes. [ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ] Click pe Scan. [ http://s4.postimg.org/69q3ljvgt/Frst5.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - FRST.txt si Addition.txt. Ataseaza FRST.txt si Addition.txt in urmatorul raspuns. [ http://s30.postimg.org/m4ozfqfpt/ataseaza.jpg - Pentru incarcare in pagina (embed) Click aici ] Edited by MhG_40, 01 June 2015 - 18:57. |
#3
Posted 02 June 2015 - 05:58
Nu știu dacă era cazul să precizez de la bun început.
De fapt Avira detectează vreo câteva zeci, vreo 20 de astfel de malware, tuturor le-am dat deny access sau move to quarantine. De asemenea, chiar în timp ce rulam Farbar, detecta și Avira; de fapt începuse mai devreme, dar i-am dat drumul și la Farbar în timp ce deja Avira mă atenționa. Sper că nu risc să am probleme dacă atașez acele documente txt. |
#4
Posted 02 June 2015 - 16:44
1. Descarca si salveaza fixlist.txt. =>
fixlist.txt 1.55K
27 downloads
Atentie,fixlist.txt, trebuie salvat in aceiasi locatie cu FRST.exe 2. Ruleaza din nou Farbar Recovery Scan Tool. Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Yes. [ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ] Click pe Fix. [ http://s22.postimg.org/bzzjtg0ap/FRST4.jpg - Pentru incarcare in pagina (embed) Click aici ] Ataseaza logul in urmatorul raspuns. [ http://s30.postimg.org/m4ozfqfpt/ataseaza.jpg - Pentru incarcare in pagina (embed) Click aici ] 3. Descarca AdwCleaner sau AdwCleaner by Xplode pe Desktop. Dublu click pe AdwCleaner.exe pentru al rula. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Scan. Asteapta sa termine de cautat, click pe Clean. Dupa ce termina de curatat, apasa pe Report. Posteaza continutul fisierului aici. Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar). [ http://s3.postimg.org/tfjxm09qr/Adw_C.png - Pentru incarcare in pagina (embed) Click aici ] 4. Descarca si salveaza pe Desktop Junkware Removal Tool. Inchide toate programele care ruleaza. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Scaneaza cu el. Ai rabdare cu el, dureaza putin mai mult. Posteaza logul aici. [ http://s7.postimage.org/z2rwy800r/JRT.jpg - Pentru incarcare in pagina (embed) Click aici ] Edited by MhG_40, 02 June 2015 - 16:44. |
#5
Posted 02 June 2015 - 17:34
logul dupa fix cu farbar
dupa restartare imi detecteaza din nou acei malware |
#6
Posted 02 June 2015 - 18:09
Reportul de la Adwcleaner. Am șters doar ce era la username.
01# AdwCleaner v4.206 - Logfile created 02/06/2015 at 18:49:27 # Updated 01/06/2015 by Xplode # Database : 2015-05-31.5 [Local] # Operating system : Microsoft Windows XP Service Pack 2 (x86) # Username : # Running from : C:\Documents and Settings\user\My Documents\Descărcări\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\ytd video downloader Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\ytd video downloader Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\file scout Folder Deleted : C:\Program Files\GreenTree Applications Folder Deleted : C:\Program Files\Mobogenie Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\ConduitEngine Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\user\Application Data\Babylon Folder Deleted : C:\Documents and Settings\user\Application Data\Uniblue Folder Deleted : C:\Documents and Settings\user\My Documents\Updater [!] Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih File Deleted : C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk File Deleted : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sehl0d3m.default\invalidprefs.js File Deleted : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\sehl0d3m.default\user.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Deleted : HKCU\Software\5f54d78cb538ee15 Key Deleted : HKLM\SOFTWARE\5f54d78cb538ee15 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\conduitEngine Key Deleted : HKCU\Software\filescout Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Smiley Bar for Facebook Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\conduitEngine Key Deleted : HKLM\SOFTWARE\Uniblue Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smiley Bar for Facebook Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v23.0.1 (ro) -\\ Google Chrome v34.0.1847.131 [C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}#########ID=116736&tt=5212_4&babsrc=SP_ss&mntrId=4b9e142d00000000000000112f211bc6 [C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : dbpebffoameokfhnaaedmefjncfboino [C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : hgojaaaiddhmiiakpejiklijbalpckih ************************* AdwCleaner[R0].txt - [8964 bytes] - [02/06/2015 18:37:34] AdwCleaner[S0].txt - [7656 bytes] - [02/06/2015 18:49:27] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7715 bytes] ########## |
#7
Posted 02 June 2015 - 18:36
MhG_40, on 02 iunie 2015 - 16:44, said:
4. Descarca si salveaza pe Desktop Junkware Removal Tool. Inchide toate programele care ruleaza. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Scaneaza cu el. Ai rabdare cu el, dureaza putin mai mult. Posteaza logul aici. Când ajunge pe la checking startup mi se stinge calculatorul și apoi restartează. (am încercat de două ori și la fel mi s-a stins și apoi restartat) între timp am văzut că nu îmi mai merg butoanele ălea din stânga din meniul Start, și nici cele din All Propgrams. |
#8
Posted 02 June 2015 - 19:14
Interesant, Junkware Removal Tool a mers fara probleme.
Deschide Command Prompt si scrie: Quote sfc /scannow |
#9
Posted 02 June 2015 - 19:18
Mai este ceva. Nu ştiu de când a început, dar numai acum vreo câteva minute am observat.
La restartarea calculatorului, chiar pe primele pagini, în locul unde scria ceva date despre calculator, acum îmi scrie Trend ChipAway Virus ® On Guard Ver 1.65, restul nici nu mai apuc să văd, după care trece repede la pagina aceea unde jos scrie Boot from CD. Edited by Iochanan, 02 June 2015 - 19:36. |
#10
Posted 02 June 2015 - 20:02
#11
Posted 02 June 2015 - 20:47
Descarca si salveaza pe Desktop, Windows Repair 3.2.1.
Dezarhiveaza si ruleaza Windows Repair. Mergi la Start Repairs si apasa pe Start. Verifica sa fie bifate urmatoarele: Reset Registry Permissions Reset File Permissions Register System Files Repair WMI Remove Policies Set By Infections Repair Missing Start menu Icons Remove Temp Files Repair Proxy Settings Unhide Non System Files Set Windows Services To Default Repair MSI (windows Installer) Repair File Associations Bifeaza Restart System si apasa pe Start. [ https://www.youtube-nocookie.com/embed/QbQ0xyGt9fs?feature=oembed - Pentru incarcare in pagina (embed) Click aici ] Dupa restart verifica daca mai ai probleme. |
#12
Posted 03 June 2015 - 05:09
La dezarhivare Avira spune că a detectat cinci malware:
Virus or unwanted program 'TR/Dropper.Gen [trojan]' detected in file 'C:\Documents and Settings\user\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\WR_Tray_Icon.exe. Action performed: Deny access Virus or unwanted program 'TR/Dropper.Gen [trojan]' detected in file 'C:\Documents and Settings\user\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_start.exe. Action performed: Deny access Virus or unwanted program 'TR/Dropper.Gen [trojan]' detected in file 'C:\Documents and Settings\user\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\Tweaking_CleanMem.exe. Action performed: Deny access Virus or unwanted program 'TR/Dropper.Gen [trojan]' detected in file 'C:\Documents and Settings\user\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\tweaking_ras.exe. Action performed: Deny access Virus or unwanted program 'TR/Dropper.Gen [trojan]' detected in file 'C:\Documents and Settings\user\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\tweaking_rati.exe. Action performed: Deny access Windows Repair spune că fără acele fișiere nu poate rula. |
#13
Posted 04 June 2015 - 07:04
Opreste Avira AntiVir Personal(a obosit, saracul).
Avira AntiVir Personal.png 6.43K 7 downloads Foloseste Windows Repair, n-are virusi. http://forum.softped.../#entry17294352 |
#14
Posted 04 June 2015 - 17:54
Când dau să deschid aplicaţia (Repair_Windows.exe), mi se restartează calculatorul.
|
#15
Posted 05 June 2015 - 19:39
Oricum, MULŢUMESC pentru ajutorul acordat. Nu mai am probleme cu acel malware 'TR/Crypt.XPACK.Gen3 [trojan]'.
Cel puţin Avira nu îmi mai semnalează nimic. Însă am alte probleme dintre care pe unele deja vi le-am semnalat, plus altele: nu îmi mai merg funcţiile copy to / move to folder; nu mai pot muta fişiere în alte directoare sau alte partiţii; nu mai pot copia / muta fişiere pe USB, nici nu îmi mai vede USB-ul în Explorer, însă pot accesa anumite documente prin programe; microprocesorul mi se pare foarte solicitat. Dacă se poate, să îmi daţi soluţii pentru rezolvarea celor din urmă probleme. În ultimul rând, aş vrea să vă întreb dacă consideraţi că ar fi putut cineva să îmi fure date personale prin intermediul acelui troian, cât timp îmi detecta Avira Troianul? (vinerea trecută mi l-a detectat pentru prima oară) |
|
#16
Posted 06 June 2015 - 12:55
Buna, am fost ocupat si n-am avut timp sa-ti raspund.
Scaneaza, te rog, din nou cu Farbar Recovery Scan Tool Bifeaza ca in imagine. [ http://s21.postimg.org/ut5ddgb0n/frst.jpg - Pentru incarcare in pagina (embed) Click aici ] Ataseaza FRST.txt, Addition.txt si Shortcut.txt in urmatorul raspuns. |
#18
Posted 08 June 2015 - 17:25
Instaleaza Internet Explorer 7.
http://www.softpedia...xplorer-7.shtml https://support.micr...en-us/kb/555839 Edited by MhG_40, 08 June 2015 - 17:29. |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users