nc
Nybegynder
05. februar 2006 - 12:06
Der er
15 kommentarer og 1 løsning
tr/spy.bombka
hej... her i dag da jeg tændte min comp fandt min virusscanner en virus der hed tr/spy.bombka jeg tror det er en trojan, og den var i to filer, begge to uninstall.exe filer til to forskellige programmer. Jeg prøvede så at finde ud af hvad den gør... men en googling gav ingen brugbare resultater. så vil høre om nogen her kender til ovennævte virus/trojan ?
Annonceindlæg fra Kingston Technology
nc
Nybegynder
05. februar 2006 - 12:47
#2
her kommer logfilerne så. ewido: --------------------------------------------------------- ewido anti-malware - Scanningsrapport --------------------------------------------------------- + Oprettet den: 12:43:26, 05-02-2006 + Rapport-Checksum: E349CB73 + Scanningsresultat: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Renset med backup :mozilla.10:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup :mozilla.11:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Adtech : Renset med backup :mozilla.21:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Mediaplex : Renset med backup :mozilla.30:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup :mozilla.31:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup :mozilla.32:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup :mozilla.33:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup :mozilla.34:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup :mozilla.35:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Renset med backup :mozilla.42:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Doubleclick : Renset med backup :mozilla.67:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup :mozilla.68:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup :mozilla.69:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup :mozilla.70:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Advertising : Renset med backup :mozilla.79:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Fastclick : Renset med backup :mozilla.80:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup :mozilla.81:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Adserver : Renset med backup :mozilla.82:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Fastclick : Renset med backup :mozilla.83:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Questionmarket : Renset med backup :mozilla.96:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.97:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.98:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.100:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.101:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.102:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.103:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.104:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.2o7 : Renset med backup :mozilla.132:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Atdmt : Renset med backup :mozilla.137:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup :mozilla.139:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup :mozilla.140:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup :mozilla.146:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Qksrv : Renset med backup :mozilla.147:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Qksrv : Renset med backup :mozilla.162:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitslink : Renset med backup :mozilla.163:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitslink : Renset med backup :mozilla.164:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitslink : Renset med backup :mozilla.165:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitslink : Renset med backup :mozilla.167:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset med backup :mozilla.181:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Liveperson : Renset med backup :mozilla.182:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Liveperson : Renset med backup :mozilla.185:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Googleadservices : Renset med backup :mozilla.186:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Renset med backup :mozilla.187:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Renset med backup :mozilla.198:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Revenue : Renset med backup :mozilla.219:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Statcounter : Renset med backup :mozilla.229:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup :mozilla.230:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Renset med backup :mozilla.244:C:\Documents and Settings\Niels Christian\Application Data\Mozilla\Firefox\Profiles\rkzpmaxg.default\cookies.txt -> Spyware.Cookie.Estat : Renset med backup ::Rapport slut
nc
Nybegynder
05. februar 2006 - 12:47
#3
HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 12:44:04, on 05-02-2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Niels Christian\Skrivebord\hijackthis\hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Programmer\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart O4 - Startup: Miranda IM.lnk = C:\Programmer\Miranda IM\miranda32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
05. februar 2006 - 12:54
#4
er denne HijackThis log taget i Fejlsikret tilstand.. ? hvis dette er tilfældet så skal du køre en ny skanning med HijackThis i normal tilstand og kopiere loggen ind.. :)
nc
Nybegynder
05. februar 2006 - 12:57
#5
k... laver lige en ny så :).. hehe
nc
Nybegynder
05. februar 2006 - 12:58
#6
HiJackThis log i NORMAL tilstand: Logfile of HijackThis v1.99.1 Scan saved at 12:58:32, on 05-02-2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\AntiVir PersonalEdition Classic\sched.exe C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe C:\Programmer\ewido anti-malware\ewidoctrl.exe C:\Programmer\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programmer\ASUS\WLAN Card Utilities\Center.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\DAEMON Tools\daemon.exe C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmer\Skype\Skype.exe C:\Programmer\Google\Google Talk\googletalk.exe C:\Programmer\Miranda IM\miranda32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmer\Winamp\Winamp.exe C:\Documents and Settings\Niels Christian\Skrivebord\hijackthis\hjt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Control Center] C:\Programmer\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart O4 - Startup: Miranda IM.lnk = C:\Programmer\Miranda IM\miranda32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
05. februar 2006 - 13:05
#7
hvilke programmer indeholder denne "uninstall.exe" ?
nc
Nybegynder
05. februar 2006 - 13:09
#8
først var det en bitcomet (program til at hente torrentz).. den wipede jeg med antivir, så var der en i googletalk.. den deletede jeg så
05. februar 2006 - 13:11
#9
ok.. prøvat køre en skanning med antivir.. hvis den ikke finder noget så er du clean .. hvis den gør så må vi tage hårdere midler i brug.. ;)
nc
Nybegynder
05. februar 2006 - 13:14
#10
jeg kørte en fuld scanning af mit c-drev da jeg fandt ud af jeg havde virus.. og den fandt intet... altså det var efter jeg havde wiped/deleted med guard men prøver lige en fuld.. af alle drev.. men det kommer nok til at tage noget tid.
nc
Nybegynder
05. februar 2006 - 13:15
#11
men jeg synes bare det ville være interresant at vide hvad det er for noget... men vigtigst self. at det kommer væk :) men der er tilsyneladende intet info om den
05. februar 2006 - 13:21
#12
den er vist ukendt for os "dødelige" men antivir ved jo godt hvad det ;)
nc
Nybegynder
05. februar 2006 - 13:28
#13
ja.. det er godt nok at den finder den... men endnu bedre hvis der også var lidt dokumentation om den :) men der må vel også være grænser med et gratis antivir :D
05. februar 2006 - 13:30
#14
nej tror jeg ikke.. Antivirus programmer vil da også gemme lidt om deres oplysninger.. men f.eks kan alle filer ikke dokumenteres .. også når du tyder HJT .. der er bare nogle filer der ikke er "opfundet" endnu .. Man må bare stole på programmerne.. :)
nc
Nybegynder
05. februar 2006 - 14:14
#15
'no vira was found' så må det jo være som det skal... mange tak for hjælpen
05. februar 2006 - 14:17
#16
takker for point.. :)
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.