Sign In
Create Account
Back to top
 |
Chirurgia cranio-cerebrală minim invazivă
Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne. Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale. www.neurohope.ro |
nu pot sa accesez yahoo, google, msn
Last Updated: Dec 10 2004 09:29, Started by
radu_me
, Dec 09 2004 10:17
·
0
0
#1
Posted 09 December 2004 - 10:17
|
Salutare,
problema pe care o am este urmatoarea: am avut ceva virusei prin calculator, cred ca am scapat de ei cu Ad-Aware, cu norton si cu ceva sters de mana prin registri dar acum nu mai pot sa accesez nici un motor de cautare: yahoo, google, msn, kapa...nimic. Are cineva idee ce se intampla si cum pot rezolva problema cat mai repede. Multzumesc anticipat pentru raspunsuri. |
#2
Posted 09 December 2004 - 12:05
|
Salut !
Verifica daca in fisierul hosts din directorul C:\WINDOWS\system32\drivers\etc nu exista cumva si o lista cu motoarele mentionate de tine. Daca ele exista, stergele de acolo. |
#3
Posted 09 December 2004 - 12:25
|
Daca nu rezolvi cu hosts file:
Download HijackThis! 1.98.2 de aici Extrage hijackthis.exe intr-un folder al lui, de exemplu c:\hjt, executa HijackThis.exe, apasa SCAN si apoi SAVE LOG. Posteaza log-ul aici. Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime ! Mai exista si un fix automat pentru hosts file (recomandat): Download Hoster de aici: Hoster Download. Extrage programul undeva, pe Desktop de exemplu. Executa Hoster.exe Apasa Restore Original Hosts si apoi OK. Inchide programul si REBOOT. |
#4
Posted 09 December 2004 - 13:54
|
merci pt respunsuri. am incercat cu hoster.exe si nimic.
in fisierul hosts nimic. Uitati si logul de la HJ: Logfile of HiJackThis v1.97.7 Scan saved at 13:45:40, on 09.12.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\netcb32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\HTML\HJ\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insse.ro/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BDC6A839-B691-49C9-8530-BB70481C2E38}: NameServer = 209.47.15.118,64.157.143.38 Atasaez si pagina care apare in loc de paginile mele. mentionez ca linkurile spre care poti ajunge de acolo nu au nici o legatura cu msn (nu am urmat linkul, am vazut in status bar) Attached Files
|
#5
Posted 09 December 2004 - 14:07
|
Cred ca ai un hijack via DNS. Vezi ce DNS are providerul tau sau vorbeste cu sysadmin sa faca modificarile.
ARIN WHOIS: 64.157.143.38 Level 3 Communications, Inc. LC-ORG-ARIN (NET-64-152-0-0-1) 64.152.0.0 - 64.159.255.255 EVENTURES NV LVLT-EVENT-2-64-157-143 (NET-64-157-143-0-1) 64.157.143.0 - 64.157.143.255 209.47.15.118 UUNET Technologies, Inc. UUNETCA4-A (NET-209-47-0-0-1) 209.47.0.0 - 209.47.255.255 Colosseum Online COLOSS-UUBLK5 (NET-209-47-15-0-1) 209.47.15.0 - 209.47.15.255 Colosseum Online Inc. COLOSS-VLAN155-BLK1 (NET-209-47-15-64-1) 209.47.15.64 - 209.47.15.127 Ai si un proces suspect: C:\WINNT\system32\netcb32.exe <-- acest fisier Daca poti trimite-l te rog la [email protected], intr-o arhiva ZIP cu parola. Download si executa Silent Runners.vbs: http://www.silentrunners.org/ Daca ai un script blocking program permite scriptului sa fie executat Posteaza log-ul te rog. Uita-te in el sa nu apara informatii confidentiale. Inlocuieste-le cu XXXXXX daca exista. Edited by cryo, 09 December 2004 - 14:10. |
#6
Posted 09 December 2004 - 14:15
|
Posteaza te rog si un nou log HJT. Ai o versiune veche. Vad ca la softpedia exists 1.99, dar e beta si nu ti-l recomand.
Download de aici 1.98.2: http://www.bleepingcomputer.com/files/hijackthis.php |
#7
Posted 09 December 2004 - 14:33
|
Uite un log nou:
Logfile of HiJackThis v1.98.2 Scan saved at 14:29:44, on 09.12.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\netcb32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HTML\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insse.ro/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDC6A839-B691-49C9-8530-BB70481C2E38}: NameServer = 209.47.15.118,64.157.143.38 Mail nu am sa-ti trimit suspectul. Doar sa-mi fac un cont nou pe undeva.... Cu scriptul ala de vb ce trebuie sa fac ? Cum se ruleaza ? Merci |
#8
Posted 09 December 2004 - 14:43
|
Quote Cu scriptul ala de vb ce trebuie sa fac ? Cum se ruleaza ? Edited by cryo, 09 December 2004 - 14:44. |
#9
Posted 09 December 2004 - 15:19
|
ai avut dreptate. adresa DNS era schimbata. am pus adresa buna si acum merge.
multzumesc mult de ajutor. totusi, cum aflu ce virus am in calculator si cul il scot ? o sa-ti trimit fisierul pe care l-ai cerut prin mail. parola zipului este: 'suspect' pe scriptul ala am dat dublu-click si nu se intampla nimic ?! |
#10
Posted 09 December 2004 - 15:44
|
Este un trojan: Win32.Agent.bq
Download System Security Suite: System Security Suite Download & Tutorial. Unzip pe desktop. Instaleaza programul. Nu il folosi inca. Scaneaza HDD aici: BitDefender Free Online Virus Scan Bifeaza toate casutele din stanga si elimina tot ce gaseste. Ce nu poate scoate, noteaza undeva, REBOOT in SafeMode, asigura-te ca toate fisierele si folderele sunt vizibile si strege tot ce zice BitDefender ca e infectat. In SafeMode: Cu toate ferestrele si browserele inchise. Goleste temp si Temporary Internet Files. A. Porneste System Security Suite. B. In tab-ul Items to Clear bifeaza: - Internet Explorer (stanga): Cookies & Temporary files - My Computer (dreapta): Temporary files Apasa butonul Clear Selected Items. Inchide programul. REBOOT normal si posteaza un nou log HJT ca sa ne asiguram ca a disparut. Quote pe scriptul ala am dat dublu-click si nu se intampla nimic ?! Edited by cryo, 09 December 2004 - 15:49. |
#11
Posted 09 December 2004 - 17:02
|
da, scriptul este cu extensia vbs.
am facut tot ce ai zis mai sus. uite un nou log: Logfile of HiJackThis v1.98.2 Scan saved at 16:58:25, on 09.12.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\mspmspsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\HTML\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Clock] C:\WINNT\label.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BDC6A839-B691-49C9-8530-BB70481C2E38}: NameServer = 194.102.255.2 Multzumesc mult pentru rabdare si ajutor. Sper ca acum sa fie bine 
|
|
#12
Posted 09 December 2004 - 17:17
|
Pe asta nu-l vede BitDefender.
Trimite-mi te rog si acest trojan: C:\WINNT\label.exe <-- acest trojan Am vazut ca in ultimele zile au aparut unii cu protectie. Sa nu fie unul din ala. Cred ca ai nevoie urgent de protectie. Prea le culegi repede. Citeste asta si i-a masuri urgente: How did I get infected ? With steps so it does not happen again! Este o idee buna sa printezi sau sa copiezi aceste instructiuni pentru ca nu ai acces la net in SafeMode. Asigura-te ca poti vedea hidden files & folders: A. In meniulTools din Windows Explorer, click Folder Options. B. Click tab-ul View tab. C. La Hidden files and folders, click Show hidden files and folders. D. Debifeaza Hide extensions for known filetypes si Hide protected operating system files. Detalii aici REBOOT in SafeMode si ramai aici. Daca intr-o etapa ai dificultati, treci la urmatoarea si spune-mi ce nu a mers. Executa HiJackThis si bifeaza cele de mai jos: O4 - HKCU\..\Run: [Clock] C:\WINNT\label.exe Foarte important: Inchide toate celelalte ferestre si browsere, in afara de HijackThis, si apasa Fix Checked. Sterge urmatoarele fisiere, daca mai sunt prezente: C:\WINNT\label.exe <-- acest fisier Cu toate ferestrele si browserele inchise. Goleste temp si Temporary Internet Files. A. Porneste System Security Suite. B. In tab-ul Items to Clear bifeaza: - Internet Explorer (stanga): Cookies & Temporary files - My Computer (dreapta): Temporary files Apasa butonul Clear Selected Items. Inchide programul. REBOOT NORMAL. Executa HijackThis si posteaza un nou log te rog. Edited by cryo, 09 December 2004 - 17:30. |
#13
Posted 09 December 2004 - 17:35
|
Nu stiu rezolvarea la problema ta, dar iti pot da un sfat pentru viitor: foloseste si tu un Firefox. Se stie ca IE-ul (si variantele lui: Maxthon=MyIE, Avant, etc) e plin de gauri de securitate.
Instaleaza-ti, de asemenea un Ad-Aware (cred ca te-ar ajuta si in situatia in care esti acum!). Bafta! |
#14
Posted 09 December 2004 - 18:05
|
facut. am trimis si mailu cu aceeasi parola la zip.
Logfile of HiJackThis v1.98.2 Scan saved at 17:58:58, on 09.12.2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINNT\system32\regsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\HTML\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BDC6A839-B691-49C9-8530-BB70481C2E38}: NameServer = 194.102.255.2 @danic: ai dreptate dar nu pot face nimic pentru ca este un pc instalat temporar intr-un punct de lucru temporar la care are acces mai multa lume. ma chinui sa-l rezolv pentru ca mai avem nevoie de el cateva zile si nu putem sa-l reinstalam. cand o sa revenim la sediu o sa-l formatam si o sa intre intr-o retea ceva mai protejata. merci oricum. |
#15
Posted 09 December 2004 - 19:11
|
LOL, mi-ai trimis un fisier Microsoft.
Fisierul pe care trebuie sa mi-l trimiti era in WINNT folder. Mi l-ai trimis pe ala din system32 care e legitim .Daca l-ai sters pe ala din system32 pune-l la loc. Daca nu il mai ai ti-l trimit inapoi .Mai curata si asta: Executa HiJackThis si bifeaza cele de mai jos: R3 - Default URLSearchHook is missing Foarte important: Inchide toate celelalte ferestre si browsere, in afara de HijackThis, si apasa Fix Checked. REBOOT. In rest logul e curat. Edited by cryo, 10 December 2004 - 00:32. |
#16
Posted 09 December 2004 - 19:45
|
L-am depistat si pe asta: netcb32.exe.
Se instaleaza ca serviciu si instaleaza apoi CoolWebSearch_NS3 aka Home Search Assistant, unul din cei mai agresivi CoolWebSearch hijackeri. Detalii despre CWS_NS3 aici: http://www.bleepingcomputer.com/forums/tutorial85.html Probabil ca nu a reusit sa o faca la tine. Salveaza continutul QuoteBox de mai jos ca repair.reg, fa dublu click pe el si confirma. Va sterge intrarile pe care le-a facut netcb32.exe in Windows Registry: Quote REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_%AFå¶À¨] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%AFå¶À¨] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%AFå¶À¨] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%AFå¶À¨] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW] |
#17
Posted 10 December 2004 - 09:23
|
cryo, on Dec 9 2004, 19:11, said: Daca l-ai sters pe ala din system32 pune-l la loc. Daca nu il mai ai ti-l trimit inapoi .ups, am sters ambele fisiere . o sa-l iau pe ala din sys32 de pe alt PC si o sa-l pun la loc.din pacate nu mai am de unde sa iau fisieru infectat si sa ti-l trimit. am executat repair.reg de mai sus. fisierul netcb32.exe l-am sters eu ieri in safe mode pentru ca bitdefenderu' nu putuse. thanx again |
|
#18
Posted 10 December 2004 - 09:29
|
OK, ia masuri de protectie. Pe afara bantuie doua(?) noi variante Look2Me pentru care nu exista fix automat, iar fixul manual da mari batai de cap. Ultimele variante nu mai respecta nici o regula sau model si pot face stricaciuni.
Happy surfing !
Edited by cryo, 10 December 2004 - 09:30. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2023 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.