Neurochirurgie minim invazivă
"Primum non nocere" este ideea ce a deschis drumul medicinei spre minim invaziv. Avansul tehnologic extraordinar din ultimele decenii a permis dezvoltarea tuturor domeniilor medicinei. Microscopul operator, neuronavigația, tehnicile anestezice avansate permit intervenții chirurgicale tot mai precise, tot mai sigure. Neurochirurgia minim invazivă, sau prin "gaura cheii", oferă pacienților posibilitatea de a se opera cu riscuri minime, fie ele neurologice, infecțioase, medicale sau estetice. www.neurohope.ro |
W32/agent.bk
Last Updated: Oct 02 2004 10:45, Started by
ioanas
, Sep 30 2004 19:27
·
0
#1
Posted 30 September 2004 - 19:27
Salut ...am servit si eu un virus si nu reusesc sa scap de el nici cum ...F-prot-ul il detecteaza in C:\Program File\Common Files\GMT....dar daca vreau sa-l sterg nu-l vad (nu am fisierul indicat de F-Prot)
am mai incercat si alte indicatii de pe NET (Scanare in Safe Mode, Disable System Restore) si nemika ... |
#2
Posted 30 September 2004 - 19:49
Fa download la HijackThis! 1.98.2: de aici
Extrage HiJackThis.exe intr-un folder al lui, de exemplu c:\hjt, executa HijackThis.exe, apasa SCAN si apoi SAVE LOG. Posteaza log-ul aici. Malware din familia asta "W32.Agent" sunt troieni agresivi si greu de eliminat. Sa vedem mai intai despre ce e vorba si iti pot spune apoi si solutia. Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime !! HijackThis nu este un program care sa elimine malware automat, se foloseste in primul rand la diagnostic. Edited by cryo, 30 September 2004 - 19:52. |
#3
Posted 01 October 2004 - 11:38
Logfile of HiJackThis v1.98.2
Scan saved at 12:34:16 PM, on 10/1/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\FSI\F-Prot\fpavupdm.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\GMT\GMT.exe C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\vstudio.exe C:\Program Files\Opera76\opera.exe C:\Program Files\EXXZERO ©\LanTalk PRO\LanTalk.exe C:\Program Files\Winamp\Winamp.exe C:\Documents and Settings\alex\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE" O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{712FD0F5-8145-4738-838D-0EA9D1C70181}: NameServer = 193.168.250.99,192.168.246.10 cam asta este ... merci |
#4
Posted 01 October 2004 - 12:02
Ai Gator adware, nu stiam ca il cheama W32/agent.bk in viziunea F-Prot
Internet Explorer trebuie sa ramana inchis pana cand termini de eliminat Gator Printeaza aceste instructiuni pentru ca nu ai acces la net in SafeMode. Asigura-te ca poti vedea hidden files & folders: A. In Windows Explorer mergi la meniul Tools, click Folder Options. B. Click View tab. C. La Hidden files and folders, click Show hidden files and folders. D. Debifeaza Hide extensions for known filetypes si Hide protected operating system files. Detalii aici Download Ad-aware SE 1.05: de aici Instaleaza AdAware. Cand ajungi la ultimul ecran cu butonul "Finish" si trei optiuni, debifeaza optiunile. Deschide AdAware si fa click pe "Check for updates now". Fa update si inchide AdAware. Nu il folosi inca. Reboot in Safe Mode si urmeaza fiecare etapa de mai jos: Executa HiJackThis. Inchide toate ferestrele si browserele. Bifeaza cele de mai jos si apasa Fix: O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe" O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe Asta nu e Gator, da' e Alexa (fixeaza astea daca nu folosesti Related in Internet Explorer aka Alexa) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Sterge urmatoarele foldere: CMEII in C:\Program Files\Common Files\ GMT in C:\Program Files\Common Files\ Goleste Recycle Bin. Porneste Ad-Aware in felul urmator: Start -> Run -> copiaza Quote de mai jos in box: Quote "%programfiles%\Lavasoft\Ad-Aware SE Personal\Ad-Aware" +procnuke Apasa Start. Selecteaza "Perform full system scan" si debifeaza "Search for negligible risk entries". Apasa Next si lasa Ad-Aware sa elimine tot ce gaseste. Goleste Recycle Bin daca e cazul. Reboot normal, executa HJT si posteaza un nou log. Windows este expirat. Ar fi bine sa faci update ca sa ai macar SP1 daca nu SP2. Edited by cryo, 01 October 2004 - 12:07. |
#5
Posted 01 October 2004 - 12:45
Logfile of HiJackThis v1.98.2
Scan saved at 1:42:24 PM, on 10/1/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\FSI\F-Prot\fpavupdm.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Documents and Settings\alex\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE" O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{712FD0F5-8145-4738-838D-0EA9D1C70181}: NameServer = 193.168.250.99,192.168.246.10 cam asta ar fii !! cred ca am scapat ...merci |
#7
Posted 01 October 2004 - 20:43
merci mult de ...ajutor ...si ce antivirus bun mi-ai recomanda ?
toate cele bune |
#8
Posted 02 October 2004 - 10:45
F-Prot nu e un AV prost. Nu iti recomand sa-l schimbi. Poti folosi oricand unul sau doua suplimentare de pe net ca sa scanezi HDD o data pe saptamana: Trendmicro si/sau Panda.
Pe langa AV ar mai trebui sa ai un firewall, Ad-Aware, Spybot Search & Destroy, Spyware Blaster si un browser bine configurat. Alte recomandari vezi aici: Scapati de spyware How did I get infected ? So how did I get infected in the first place ? Ultimele doua articole sunt scrise de 2 veterani in lupta cu spyware & Co. Dar toate cele de mai sus sunt egale cu zero daca instalezi de buna voie programe dubioase, spyware sau adware de pe net . |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users