Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Miniatur Wunderland - Monaco

Familia Simpson

plata impozit profit actiuni trad...

Extras de cont cu semnatura elect...
 Ce parere aveti despre ascasa.de ...

Sfat achizitie bmw e92 320d

switch Gigabit POE pentru toate e...

Triunghi
 Relatie, vorbit prin mesaje

Radon!

S-a ocupat Dumnezeu de formarea o...

Windows 10 Pro - Automatic Repair...
 Purici pisica apartament

Romania se afla in top 5 cele mai...

Dividende 2023 declaratia unica A...

kit placa de baza si procesor pen...
 

Trojan.Downloader

- - - - -
  • Please log in to reply
4 replies to this topic

#1
CostyCTZ

CostyCTZ

    Junior Member

  • Grup: Members
  • Posts: 41
  • Înscris: 12.08.2010
Buna ziua,
Am o problema cu un trojan .. Dupa fiecare restart reapare din nou ,mereu cu un alt nume,pe langa asta imi incarca si Procesorul ,acum e mereu peste 30%,aseara cand a inceput a fost peste 60-70% .. chiar 90%.Am pus Log-ul de la 3 scanari cu Mawarebytes ,de fiecare data il gaseste si zice sa dau restart ,apoi dupa restart din nou aceeasi poveste,procesorul peste 30% si daca fac o scanare apare din nou in folderul Temp sub alt nume. Totul a inceput de cand am facut update la windows ,sincer nu stiu ce sa fac..
O zi buna.


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Costy :: COSTY-PC [administrator]
4/13/2013 3:19:24 AM
mbam-log-2013-04-13 (03-19-24).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462233
Time elapsed: 1 hour(s), 38 minute(s), 15 second(s)
Memory Processes Detected: 1
C:\Users\Costy\AppData\Local\Temp\winhany.exe (Trojan.Downloader) -> 6000 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Users\Costy\AppData\Local\Temp\winhany.exe (Trojan.Downloader) -> Delete on reboot.
C:\dwchv.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\winevqh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\rslwt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
(end)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Costy :: COSTY-PC [administrator]
4/13/2013 12:55:27 PM
mbam-log-2013-04-13 (12-55-27).txt
Scan type: Custom scan (C:\Users\Costy\AppData\Local\Temp\winnhdfpo.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 5 second(s)
Memory Processes Detected: 1
C:\Users\Costy\AppData\Local\Temp\winnhdfpo.exe (Trojan.Downloader) -> 4460 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Costy\AppData\Local\Temp\winnhdfpo.exe (Trojan.Downloader) -> Delete on reboot.
(end)
-------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Costy :: COSTY-PC [administrator]
4/13/2013 2:38:21 PM
mbam-log-2013-04-13 (14-38-21).txt
Scan type: Custom scan (C:\Users\Costy\AppData\Local\Temp|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 5734
Time elapsed: 5 minute(s), 1 second(s)
Memory Processes Detected: 1
C:\Users\Costy\AppData\Local\Temp\abgrs.exe (Trojan.Downloader) -> 2680 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Costy\AppData\Local\Temp\abgrs.exe (Trojan.Downloader) -> Delete on reboot.
(end)

#2
Ann0nyym0us

Ann0nyym0us

    Arrogant bastard

  • Grup: Senior Members
  • Posts: 17,400
  • Înscris: 15.12.2009
Descarca si scaneaza folosind Kaspersky Virus Removal Tool. Vezi daca asa il elimina. Daca nu, o sa fie nevoie probabil de un rescue disk.

#3
eu69

eu69

    Active Member

  • Grup: Members
  • Posts: 1,376
  • Înscris: 01.04.2011
Poate ajuta,merita incercat:
http://science.oppos...oader-7448.html

#4
CostyCTZ

CostyCTZ

    Junior Member

  • Grup: Members
  • Posts: 41
  • Înscris: 12.08.2010
Am incercat metoda lui Ann0nyym0us si din cate observ procesorul a ajuns din nou la 0% ,ceea ce e de bine sper.
Mi-a gasit niste Win32.Sality.gen ,stergandu-mi niste jocuri si programe ,dar nimic important.
Multumesc din nou,sper sa nu mai apara nici o problema.
O zi buna

#5
Ann0nyym0us

Ann0nyym0us

    Arrogant bastard

  • Grup: Senior Members
  • Posts: 17,400
  • Înscris: 15.12.2009
Eram convins ca e Saility; ce nu inteleg este de ce nu l-a recunoscut Malwarebytes, ca doar il in semnaturi. :huh:

Oricum, sunt mari sanse sa fi ramas niste resturi de malware prin fisiere, asa ca te sfatuiesc sa descarci SalityKiller si sa-l rulezi cu drepturi de administrator (Click Dreapta -> Run As Administrator). Dupa ce scaneaza si rupe procese care poate mai misuna prin Windows, ideal ar fi sa mai scanezi odata cu un removal tool (de preferabil tot cel de la kasperksy).

Anunturi

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate