problema virus


+ Reply to Thread
  1. 10-09-2010 16:48 #1
    praf.de.stele
    praf.de.stele is offline
    Newcomer praf.de.stele reprezinta o cantitate neglijabila
    Join Date
    16-06-2010
    Age
    29
    Sex
    M
    Posts
    44
    Posts bazar
    17
    Rep Power
    29
    Reputation
    10
    Puncte CF
    0.0

    Exclamation problema virus

    am nevoie de putin ( putin mai mult ) ajutor.

    de curand am prin un virus care nu vrea deloc sa ma lase in pace.dupa ce mi-a dezactivat task manager-ul, acum nu ma mai lasa nici sa instalez/rulez vreun antivirus.

    am incercat sa scap de el cu Malwarebytes anti-malware de vreo 2 ori insa fara succes.


    ce pot face ?

    aici este ultimul scan cu malwarebytes anti-malware:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4586

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    9/10/2010 4:12:24 PM
    mbam-log-2010-09-10 (16-12-24).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 159480
    Time elapsed: 35 minute(s), 15 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 5
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    C:\Documents and Settings\GusTy\Local Settings\Temp\winnmfpqx.exe (Trojan.Downloader) -> Failed to unload process.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\GusTy\Local Settings\Temp\winnmfpqx.exe (Trojan.Downloader) -> Delete on reboot.


    multumesc!
    Reply With Quote Reply With Quote  
  2. 10-09-2010 21:26 #2
    Johane
    Johane is offline
    Member Johane's Avatar Johane este pe calea cea buna
    Join Date
    01-02-2010
    Location
    Craiova
    Age
    34
    Sex
    M
    Posts
    155
    Posts bazar
    143
    Rep Power
    29
    Reputation
    39
    Puncte CF
    32.0
    Usergroups:
    Send a message via Yahoo to Johane
    Iei un Live Cd( recomand cu linux). Bagi cd-ul in unitatea optica, repornesti pc-ul si intri in live CD-mode. Dupa asta montezi partitia cu windozele
    si stergi acel fisier .exe si poti spune bye-bye virus. Ca sa repari Task Manager stiu ca trebuie sa modifici un registru.
    Vrei mai putine reclame? Inregistreaza-te sau logheaza-te
    Reply With Quote Reply With Quote  
  3. 11-09-2010 10:47 #3
    pita
    pita is offline
    Banned pita's Avatar pita este placut de toti pita este placut de toti pita este placut de toti
    Join Date
    07-04-2010
    Sex
    M
    Posts
    505
    Posts bazar
    491
    Rep Power
    0
    Reputation
    295
    Puncte CF
    16.5
    Baga nod32 ca te rezolva,sterge-l singur din safe mode.
    Reply With Quote Reply With Quote  
  4. 20-10-2010 19:54 #4
    Spammer
    Spammer is offline
    Member Spammer's Avatar Spammer va deveni faimos in curand
    Join Date
    18-01-2010
    Location
    Brazda
    Age
    38
    Sex
    M
    Posts
    155
    Posts bazar
    378
    Rep Power
    29
    Reputation
    67
    Puncte CF
    40.0
    Usergroups:
    Send a message via Yahoo to Spammer
    cel mai indicat este sa instalezi un clean windows...virusul acela este de win32...se stocheaza in registrii.....este foarte greu sa il stergi, nu o sa reusesti nici in safe mode....task managerul il poti face sa mearga intrand in c/windows/explorer ii dai copy/paste, apoi rename taskmgr.exe si il rulezi.


    problema este ca ai mult de curatit in registrii si multm ia repede ai rezolva-o cu un clean windows
    Reply With Quote Reply With Quote  
  5. 20-10-2010 21:45 #5
    Johane
    Johane is offline
    Member Johane's Avatar Johane este pe calea cea buna
    Join Date
    01-02-2010
    Location
    Craiova
    Age
    34
    Sex
    M
    Posts
    155
    Posts bazar
    143
    Rep Power
    29
    Reputation
    39
    Puncte CF
    32.0
    Usergroups:
    Send a message via Yahoo to Johane
    virusul acela este de win32.
    Ai văzut tu viruși de mac să zicem care ruleaza pe windows? Eu nu.
    .se stocheaza in registrii..
    In registrii se stocheaza doar LOCUL UNDE SE AFLA EXECUTABILUL nu executabilul in sine.
    este foarte greu sa il stergi,
    Dacă trebuie sa pornești sistemul de operare propriuzis e greu spre imposibil. Cu metoda mea merge garantat

    problema este ca ai mult de curatit in registrii si multm ia repede ai rezolva-o cu un clean windows
    Aici nu știu dacă ai dreptate, dar probabil că ai ( tu știi mai bine OS-ul decăt mine)
    Vrei mai putine reclame? Inregistreaza-te sau logheaza-te
    Reply With Quote Reply With Quote  
+ Reply to Thread

Tags for this Thread

Google+

Cautati logo-ul CraiovaForum?

Iata cateva variante: