[project]

lasin ad-awarega üle ja siis viskas scännides avg ette virus detected ( kui lihtslt avg ga scännata ei öelnuda midagi, huvitav mis see adaware otsib vist siis koraalikumalt ja kuni ta neid faile seal käppis siis avg avastas ka oma pikkade juhtmetega midagi.) igatahes midagi teha sellega ei saa ja üles ka seda looma ei leia. show all files on peal a asja nagu ple olemas. tõmbasin hijackthsigia üle ja tulemus:
Logfile of HijackThis v1.98.2
Scan saved at 23:33:28, on 27.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Barton\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft TaskHelp] winlogin.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096107140578
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E77C5B-0EC3-491B-B60C-BA0D173E6362}: NameServer = 212.27.224.66,212.27.224.34

-------------------------------
anyone?
pic kah http://www.zone.ee/networkproject/plat.JPG?2

[project]

nod32 amon leidis ka lõpuks midagi üles... sama asja http://www.zone.ee/networkproject/plat2.JPG?2 .. ja lasi isegi delete panna... a amon näitab et infected 3 http://www.zone.ee/networkproject/plat3.JPG?2 ... mis ta viskas siis laksuga kolm ära kui seal ühele delete panin?
regeditis lasin ka siis mingi rea maha mis oli sama nimega nagu seal viiruses.... see system volume bla bla bla ja need numbrid seal järel ka klappisid.
segane tekst

[Kolumats]

ta istub sul system restores sees
võta system restore maha -> tee restart -> skänni seejärel uuesti -> uuesti system restore peale ->restart

[project]

njah ma sain vist igatahes selle roti kätte... sest uuel scännamisel midagi ei leidnud. mida see system restore muidu teeb täpsemalt? et millal aitab. ütleb küll et tracks and can reverse harmful changes.. a mida täpsemalt?

[Kolumats]

Kui inglisest aru saad, siis loe allpool olevat linki, hetkel pole aega seda tõlkida, kuid seal on system restore ja viirusetõrje koostöö hästi välja toodud, samuti mida teha juhul, kui saastatud fail on jäänud system restore sisse

õhtu poole võin teha mingi kokkuvõtva eestikeelse jutu

http://www.jsiinc.com/SUBQ/tip8000/rh8091.htm

[project]