Avatar billede sporally Nybegynder
22. december 2006 - 00:23 Der er 2 kommentarer og
1 løsning

Virus: Fjernelse af en virus der slår Windows Firewall fra.

Jeg startede et spørgsmål for noget tid siden, og ville høre om der var kommet et resultat. DR1 ville ta en kig på det, men ved ikk om han stadig er i gang med at kigge på den. Er han programmør for et scannerprogram? Her er hva jeg skrev:



Jeg modtog et link fra en MSN kontakt der gav mig virus. Så snart jeg trykkede på linket blev en virus downloaded og installeret. Internettet slog fra, og det samme gjorde Windows Firewall der ikk ka genaktiveres. Desuden kan jeg ikk slette en fil fra skrivebordet der kom da jeg trykkede på linket. Den hed 'winstall'. Jeg har kørt to gange fulde AVG checks på alle mine harddiske, og Ad-Aware kørte jeg også. Jeg har ikk slået internettet til igen da jeg er bange for at få flere virusser ind når firewallen er slået fra. Jeg har overvejet at køre en gendannelse hvis jeg har mulighed for det, men ville helst ikk gøre så meget før jeg har fået vedledning herfra eftersom jeg er bange for det evt. gør problemet værre.

Er der nogen der har en ide til hva jeg ska gøre for at komme af dem den her virus (ved ikk om den er der endnu) og få genaktiveret firewallen?

På forhånd tak..



Jeg fik bud på at køre checks med forskellige virusscannere, og her er de tre logfiler så..

-------------------------------------------------------------------------------------

Dr. Web scan log:

install[1].#xe    C:\Documents and Settings\Sporally\Lokale indstillinger\Temporary Internet Files\Content.IE5\YT7O98VA    Adware.IWantSearch    Renamed.
A0040998.#ll    C:\System Volume Information\_restore{B7F5D0C6-6BEF-42CA-82CC-1716D1F5BE23}\RP90    Adware.IWantSearch    Renamed.
A0041069.#xe    C:\System Volume Information\_restore{B7F5D0C6-6BEF-42CA-82CC-1716D1F5BE23}\RP97    Adware.IWantSearch    Renamed.
CLASS.EXE    F:\MicroProse\Risk 2    Trojan.MulDrop.4163    Deleted.
A0041104.EXE    F:\System Volume Information\_restore{B7F5D0C6-6BEF-42CA-82CC-1716D1F5BE23}\RP97    Trojan.MulDrop.4163    Deleted.

-----------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
Generated 12/13/2006 at 11:50 PM

Application Version : 3.4.1000

Core Rules Database Version : 3146
Trace Rules Database Version: 1162

Scan type      : Complete Scan
Total Scan Time : 00:19:50

Memory items scanned      : 163
Memory threats detected  : 0
Registry items scanned    : 5230
Registry threats detected : 6
File items scanned        : 20242
File threats detected    : 62

Trojan.Zlob Downloader
    C:\PROGRAMMER\ZIPCODEC\ZCODEC.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\zcodec.exe

Adware.Tracking Cookie
    C:\Documents and Settings\Sporally\Cookies\sporally@server.cpmstar[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@track.singleedge[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@www.burstnet[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@adopt.euroclick[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@e2.emediate[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@cgi-bin[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ad.yieldmanager[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ad1.emediate[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@cmedia.com[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ads.gamershell[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@stats.canalblog[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@mb[5].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@atwola[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@tacoda[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@adbrite[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@interclick[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@yadro[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@www.winantivirus[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@revsci[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@www.cracksearchengine[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@cgi-bin[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@winantivirus[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ilead.itrack[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@usenext[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@www.cmedia.com[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@1072452457[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@partypoker[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@clicktorrent[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@track.adform[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@scanner[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@2006[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ads.mininova[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@rotator.adjuggler[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@kanoodle[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@mb[3].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@toplist[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@dk.winantivirus[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@burstnet[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@centrebet.advertserve[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@xiti[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ads2.drivelinemedia[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@stats1.reliablestats[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@mb[4].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ads1.revenue[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@incredimailltd.112.2o7[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@mb[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@ads.globalsportsmedia[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@itxt.vibrantmedia[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@track.effiliation[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@hit.stat[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@xxxclan.wetpaint[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@showit[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@m1.webstats4u[1].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@boincstats[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@www.0stats[2].txt
    C:\Documents and Settings\Sporally\Cookies\sporally@www.zanox-affiliate[1].txt

Adware.Toolbar888
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version

------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:43:45, on 14-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Documents and Settings\Sporally\Skrivebord\winstall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\BOINC\boincmgr.exe
C:\Programmer\MSI\Bluetooth Software\BTTray.exe
C:\Programmer\BOINC\boinc.exe
C:\Programmer\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R1_4.24_windows_intelx86.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sporally\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Sporally\Skrivebord\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Programmer\BOINC\boincmgr.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?9b2ebfbd593b46d0b91c6c1d7dbc9287
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?9b2ebfbd593b46d0b91c6c1d7dbc9287
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152919586234
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Avatar billede sporally Nybegynder
22. december 2006 - 01:16 #1
Damn, havde glemt at jeg for et par dage siden havde startet et spørgsmål hvor jeg skrev og hørte om netop det her problem.. Sorry, jeg glemte alt om den.. Men ok, her er den igen så inklusiv logfilerne ;) Er der nogen der ved om DR1 er professionel virusscanningsprogrammør eller hvordan?
Avatar billede sporally Nybegynder
23. december 2006 - 14:59 #2
Ser ud til at det er en svær opgave at løse.. Jeg er meget taknemmelig for dit arbejde DR1 ;) Ka du gi en status på hvordan problemet ser ud? Ja, ikk for at få det til at lyde som om jeg er utilfreds med ventetiden, for jeg er meget taknemmelig, men har du mulighed for at give et estimat på hvor lang tid jeg ka forvente der vil gå? Ka selvfølgelig forestille mig at der kommer ferie nu her, så regner ikk med det blir før årsskiftet, men hvis bare jeg ku få et ca. tal? :)
Avatar billede sporally Nybegynder
07. marts 2007 - 23:23 #3
OK, jeg har løst problemet. Tak for jeres forsøg på at løse problemet ;-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester