[randolsd]

Yhesönaga ei saa enam internet exploreri sulgeda normaalselt...

ja ei önnestu mul see juhendi järgi välja ka lylitada...

ei tea mis teha jubedalt pinda on hakanud see explorer käima:(

Palun abi. xp home on mul.


Data Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you.

DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features.





To turn Data Execution Prevention on or off for a program
If you turn off Data Execution Prevention (DEP) for a specific program, it might become vulnerable to attack. A successful attack could then spread to other programs on your computer, to your contacts, and damage your personal files. If you suspect that a program does not run correctly when DEP is turned on, check for a DEP-compatible version or update from the software publisher before you change any DEP settings.

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings might also prevent you from completing this procedure.
To open System Properties, click Start, point to Settings, click Control Panel, and then double-click System.
Click the Advanced tab and, under Performance, click Settings.
Click the Data Execution Prevention tab.
In the Turn on DEP for all programs and services except those I select list, do one of the following:
To turn off DEP for a program, select the check box next to the program name and click OK. (If the name of the program doesn't appear in the list, click Add, navigate to your Program Files folder, select the program's executable file which will have an .exe file extension, and click OK).
– or –

To turn on DEP for a program, clear the check box next to the program name, and then click OK.
Related Topics

[Spezz]

Sul tõenäoliselt pahalane masinas, kontrolli mingi tõrjega üle.

[Betamax]

Control Panel => System => Advanced tab => Performance valiku alt Settings => Data Execution Prevention tab ja täpike ette Turn on DEP for all programs and services except those I select. Seejärel võta linnuke eest Internet Exploreril.

[randolsd]

betamaxi juhendist oli abi kuigi ise tegin enne sama..... nüüd toimis.... kontrollin veel yle ka avastiga..

[laurx]

ja combofix iga ja vaata lord ami AVZ logide teemasse ka siis juba.

[randolsd]

Suured tänud yritan need köik kordamööda ära teha ja eks siis saab masina paremini jälle liikuma ka.

JÄTKUB JAMA..

probleem jätkub järgnevalt... kui lähen mingisse folderisse, kus pildid siis lööb jälle selle nn protectioni ette Data Execution Prevention.
kui ka meilis tahan faile saata ei önnestu... hakkan valima mida tahan saata.. sulgeb terve akna...

lisan siia yhe logi... ad-warega sain möningatest kaladest lahti. ka spybot tegi yht teist... combofixi logi ka olemas yritan selle ka siia riputada

malwarega tein nüüd viimati...

Malwarebytes' Anti-Malware 1.41
Database version: 2945
Windows 5.1.2600 Service Pack 3

12.10.2009 13:43:43
mbam-log-2009-10-12 (13-43-43).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 150814
Time elapsed: 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0

hetkel käsil avz antivirali kontroll..
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AVZ antivirtal kontroll.. Oranziga märgitu oli punasega programmis...
Vabandust. tean, et nii pikka logi ei või nii otse copida.
Database updeitisin midagi ei muutunud!!


Attention !!! Database was last updated 21.08.2009 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 12.10.2009 14:08:39
Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 135524
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=07C020)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 80553020
KiST = 80501B9C (284)
Function NtClose (19) intercepted (805B1CC6->F324E6B8), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtCreateKey (29) intercepted (8061A330->F324E574), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtDeleteValueKey (41) intercepted (8061A990->F324EA52), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtDuplicateObject (44) intercepted (805B38DA->F324E14C), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtOpenKey (77) intercepted (8061B702->F324E64E), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtOpenProcess (7A) intercepted (805C1322->F324E08C), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtOpenThread (80) intercepted (805C15AE->F324E0F0), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtQueryValueKey (B1) intercepted (80618568->F324E76E), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtRestoreKey (CC) intercepted (8061BCE8->F324E72E), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Function NtSetValueKey (F7) intercepted (806188B6->F324E8AE), hook F:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted
Functions checked: 284, intercepted: 10, restored: 01.3 Checking IDT and SYSENTER
Analyzing CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking IRP handlers
Checking - complete
2. Scanning RAM
Number of processes found: 39
Number of modules loaded: 356
Scanning RAM - complete
3. Scanning disks
Direct reading: F:\Documents and Settings\merike\Local Settings\temp\~DF89F8.tmp
Direct reading: F:\Documents and Settings\merike\Local Settings\temp\~DF91C0.tmp
Direct reading: F:\Documents and Settings\merike\Local Settings\temp\~DFF9E1.tmp
Direct reading: F:\Documents and Settings\merike\Local Settings\temp\~DFFA57.tmp
Direct reading: F:\Documents and Settings\merike\Local Settings\temp\~DFFAA6.tmp
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 106371, extracted from archives: 80885, malicious software found 0, suspicions - 0
Scanning finished at 12.10.2009 14:18:10
Time of scanning: 00:09:32
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

[sama123]

http://www.online-tech-tips.com/windows-xp/disable-turn-off-dep-windows/
Õpetus on olemas aga mida siis teha kui klahvid ei ole aktiveeritud?Just sellega ongi häda.Vaadates XP-ga arvutisse on kõik klahvid aktiivsed siin aga uusinstalli vistas mitte.Millistest seadetest edasi?
Hakkasin mõtlema,et asi võib olla vista täienduste taga?Paljud täiendused allalaadimatta....tuleb vist osa laadida.