[nerazzurri]

Oleks vaja veid abi... Nimelt sai arvuti endale külge viirused! Minu kasutatav AVG 7.0 aga on nende ees võimetu! Et palun aidake, andes kasulikk näpunäiteid ja õpetusi, kuidas toimida!
Symantec online viirusekontroll avastas siis sellised krutskid:

C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\8XIBGLIB\CAH0QT9V.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\8XIBGLIB\CAM3WVV8.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\8XIBGLIB\CAMFGZBC.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\8XIBGLIB\CAX4APD3.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\0H0PYRCT\CA36ONBX.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\0H0PYRCT\CA49QJ01.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\0H0PYRCT\CA812PNW.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Local Settings\Temporary Internet Files\Content.IE5\0H0PYRCT\CAYRG9KP.HTM is infected with MHTMLRedir.Exploit
C:\Documents and Settings\Sander\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2096f70b-3dda19e4.zip is infected with Trojan.ByteVerify

Palun aidake, ene kui hilja!

[Sahib]

link :: Stinger

Lase Temp kaust tühjaks. Kasuta Stingerit. Ja kui sa online scanni ära tegid, miks sa siis neid ära ep kustutanud

[HacaX]

Kõige lihtsam: hangi mõni asjalik viirusetapja. Stinger ei asenda täieväärtuslikku viirusetõrjujat, aga on tollele väärt abiliseks.

[nerazzurri]

no palun soovitage siis midagi! -Ma ise ei tea neid asju....
Ja tegin nii nagu soovitati... Mõne aja pärast oli jälle üks Trooja sees!
Pluss nüüd lasi Ad-Aware peale, see tuvastas veel igavese hirmsa hunniku paska!
Kas on üldse võimalik vel kaitsta oma arvutit?

[rosco]

see ongi jama,et kui on korra segama hakanud viirused siis ei ole enam nii lihtne lahti neist saada,mul sama teema hetkel,arvuti nagu lahinguväli noh.

[HacaX]

Kaitsta on ikka võimalik. Kõige asjalikumaks AVks loetakse hetkel NOD32te, seega hangi too. Tiri lisaks ka A2 (kah asjalik troojakiller), BugOff (suleb just selle augu mida too MHTMLRedir.Exploit peaks kasutama). Vaata "Kasulike näpunäidete" alla, seal hulgaliselt tekste (mis proged on olemas, kuidas IEd korralikult konffida, jne).

[nerazzurri]

nüüd lasin siis need asjad peale...aga viirused ikke arvutis! :S Ükski asi, mis neist proovisin ei saanud sellest ka jagu :S Võib-olla ma ten siis midagi valesti või... Ma hakkan juba väsima sellest... Kas siis ytõesti midagi kindlat ja lihtsat ei saa nedest jagu ningi ei lõpeta nende uusti tulemist Nüüd ei tööta enam ka MSN Messenger
Aga ma tulin mõttele, et kas äkki ei aitaks, kui ma laseks uuesti Windowsi peale või kui ma teks Format C: ?

Ja tõesti..arvuti on mul kui lahinguväli

[nerazzurri]

nüüd võtsin Hijackthis ka peale...
tulemused siis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Sander\Desktop\WindowsXP-KB823980-x86-ENU.exe
c:\1bf1421e0a2efe2d24129195\xpsp1hfm.exe
c:\1bf1421e0a2efe2d24129195\sp1\update\update.exe
C:\Documents and Settings\Sander\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [hjF8A9] C:\WINDOWS\umovr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093983982224
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv.ee:11082/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE3950C3-124F-499C-8279-C738D76E0DF8}: NameServer = 194.204.0.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe

[nerazzurri]

hey hey! Nüüd kõik need proged peal ja tulemüür ees! Probleeme tunduvalt vähem! Tänan, neid kes abistada viitsisid!

Aga aga siiski siiski on mul tunne, et mingid paharetid veel arvutis alles, mis ei taha kohe kuidagi taanduda ja mingid Ad-Aware-d ja Anti-viirused ei leia ka neid....
Kas miski nendest võib olla veel varjatud paharett minu arvutis?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sander\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093983982224
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv.ee:11082/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE3950C3-124F-499C-8279-C738D76E0DF8}: NameServer = 194.204.0.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Aitähh juba ette abi eest!

[HacaX]

Kui see välja arvata, et sul 2 antiviirust peal (asi, mille kohta viimne kui üks tekst mis mulle ette on sattunud (lisaks enda loogilisele mõtlemisele) öeldakse suurelt "NII EI TOHI!") paistab korras olevat.
Ega HJTga viiruseid saagi kätte, hoopis troojaid/usse. Võiks mõne konkreetsema vihje anda mis selle mõtte tekitab et veel keegi masinas.

[nerazzurri]

näit. annab Firewall aeg-ajalt teate, et mingid imeliku-kahtlase nimega asjad tahavad pääseda netti (mina igaksjuhuks, keelasin selle) Ja ei näe ma ka enam ühtki filmi ega videoklippi oma arvutis, ka neid mida varem nägin, ainult heli käib, pilt ei tule mitte mingit. Ja uno.ee'st ei saa kah enam muusikat kuulata...

Ja ma siis võtan ühe Anti-Viiruse ka maha!