Neveljavno navodilo
Bom probal. Po brskanju po netu, sem zasledil, da je to nekakšen virus oziroma spyware, ki ga tudi Norton in Spybto ne najdeta. Rešitev: prvo probat s tem fix programom če ga bo slučajno naše in odstranil:
Če ni nič našel naredi tole: Pojdi v varni zagon WIN XP, potem v task manager-ju pod processes “ubij” proces, verjetno je pod imenom nulware.exe, potem izbriši ta file iz direktorija system32/, ter kasneje še vse sledi iz registra. To pa narediš tako: Start –> Run –> napiši regedit –> OK –> klikneš Edit –> Find… –> in notri napišeš nulware. In vse tisto kar ti bo našel briši.
Resetiraj računalo v normalni način in bi moralo delati!?
Pred čiščenjem pa še seveda izključi System Restore in izbriši vse iz Temp direktorija.
Probaj in poročaj!
Lp, Max
Ja res je to en spyware in kolkor tud jaz vem ga niti Adware niti SpyBot ne znata odstranit. Mrbit edino s kakimi čisto frišnimi definicijami.
Drugače pa poleg tega exeja nasračka še neko šaro, tko da bo verjetno bolj učinkovito, če zaženeš HijackThis in popucaš tam. Če ne veš kaj točno, pa semkaj pripopaj log.
Logfile of HijackThis v1.99.0
Scan saved at 12:35:09, on 3.6.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\DAI THE FLU\DESKTOP\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pandasoftware.com/activescan/activescan.asp?Language=31&Country=61&Partner=50&Ref=SI-PR-AS-109
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 – HKLM\..\Run: [AVGCtrl] “C:\Program Files\AVPersonal\AVGNT.EXE” /min
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 – Trusted Zone: http://www.archiviosex.net
O15 – Trusted Zone: http://www.skymasters.biz
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115105408943
O16 – DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 – Service: AntiVir Service – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: NOD32 Kernel Service – Unknown – C:\Program Files\Eset\nod32krn.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: StyleXPService – Unknown – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Zgleda kar OK, edino http://www.archiviosex.net in http://www.skymasters.biz vrzi ven iz trusted zone (no ja razen če jih nisi ti tja dodal).
Ne vem tudi, zakaj imaš nameščen in NOD in Antivir?
Malo brezvezne solate, ki sicer ne dela nič slabega, papca pa ram in jo komot vržeš ven :
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Forum je zaprt za komentiranje.