vir soubor

[Mari13]

[IMG=http://img833.imageshack.us/img833/3827/printscreenn.th.png][/IMG]

Uploaded with ImageShack.us

[vyosek]

Udelejte sken pomoci SAS http://www.viry.cz/forum/viewtopic.php?f=29&t=51359 co najde nechte smazat

[Mari13]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/18/2011 at 04:53 PM

Application Version : 4.51.1000

Core Rules Database Version : 7804
Trace Rules Database Version: 5616

Scan type : Complete Scan
Total Scan Time : 00:57:19

Memory items scanned : 420
Memory threats detected : 1
Registry items scanned : 8238
Registry threats detected : 0
File items scanned : 16618
File threats detected : 12

Trojan.Agent/Gen-Falcomp[RE]
C:\DOCUME~1\MIILAN\LOCALS~1\TEMP\X30811.EXE
C:\DOCUME~1\MIILAN\LOCALS~1\TEMP\X30811.EXE
C:\DOCUMENTS AND SETTINGS\MIILAN\LOCAL SETTINGS\TEMP\X30811.EXE
C:\WINDOWS\Prefetch\X30811.EXE-0428BCED.pf

Adware.Tracking Cookie
C:\Documents and Settings\MiiLan\Cookies\miilan@davidt.rajce.idnes[2].txt
C:\Documents and Settings\MiiLan\Cookies\miilan@toplist[2].txt
C:\Documents and Settings\MiiLan\Cookies\miilan@www.pornhub[1].txt
C:\Documents and Settings\MiiLan\Cookies\miilan@atdmt[1].txt
C:\Documents and Settings\MiiLan\Cookies\miilan@pornhub[2].txt
C:\Documents and Settings\MiiLan\Cookies\miilan@idnes[1].txt
C:\Documents and Settings\MiiLan\Cookies\miilan@rajce.idnes[2].txt
secure-uk.imrworldwide.com [ C:\Documents and Settings\MiiLan\Data aplikací\Macromedia\Flash Player\#SharedObjects\H4G86XFG ]

Trojan.Agent/Gen-FraudLoad
C:\DOCUMENTS AND SETTINGS\MIILAN\LOCAL SETTINGS\TEMP\POSITION4DLLNAME.TXT

[vyosek]

Nalezy jste nechala smazat Nastala nejaka zmena

[Mari13]

Ne, jen jsem to asi špatně provedla

[vyosek]

Tak to smazem rucne

OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :files
  C:\DOCUME~1\MIILAN\LOCALS~1\TEMP\*.exe
  C:\DOCUMENTS AND SETTINGS\MIILAN\LOCAL SETTINGS\TEMP\*.exe
  C:\WINDOWS\Prefetch\X30811.EXE-0428BCED.pf
  C:\DOCUMENTS AND SETTINGS\MIILAN\LOCAL SETTINGS\TEMP\POSITION4DLLNAME.TXT
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[Mari13]

All processes killed
========== FILES ==========
C:\DOCUME~1\MIILAN\LOCALS~1\TEMP\hid.exe moved successfully.
C:\DOCUME~1\MIILAN\LOCALS~1\TEMP\SSUPDATE.EXE moved successfully.
C:\DOCUME~1\MIILAN\LOCALS~1\TEMP\x30811.exe moved successfully.
File/Folder C:\DOCUMENTS AND SETTINGS\MIILAN\LOCAL SETTINGS\TEMP\*.exe not found.
C:\WINDOWS\Prefetch\X30811.EXE-0428BCED.pf moved successfully.
File/Folder C:\DOCUMENTS AND SETTINGS\MIILAN\LOCAL SETTINGS\TEMP\POSITION4DLLNAME.TXT not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MiiLan
->Temp folder emptied: 85674 bytes
->Temporary Internet Files folder emptied: 408069254 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86003697 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4078 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 471,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: MiiLan
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10302011_115045

Files moved on Reboot...

Registry entries deleted on Reboot...

[vyosek]

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Co nas pacient

[Mari13]

Provedeno dle návodu, pacient přežil a stále se blbě směje...

[vyosek]

Dela to ve vsech prohlizecich? Kdyz se na FB prihliste odjinud - treba od kamaradky - je problem stejny

[Mari13]

Tak jinde jsem to nezkoušela, ale zjistím. Jinak na mém FB-PC to blbne jen při chatu, když píšu ve zprávě tak né, tam se ta blbost neukazuje.

[vyosek]

Zkuste jeste nekde jinde a uvidime

[Mari13]

Dobrý den,
tak jsem to zkoušela i jinde a bylo vše v pořádku.
Jediné co je nového tak vir mi pohltil i nově zařízený skype. Všem kntaktům co jsem si přidala do seznamu na skypu, vir poslal svůj infikovaný odkaz. Opravdu moc příjemné... PC se asi na minutu seknul a pak vždy naběhlo jméno kamaráda a jen mi to ukazovalo jak se vir přetahuje do zpráv a vesele se poslal, jako že to dělám já. Podívaná to byla zajímavá. Když skype vypnu a odhlásím se a opět zachvilu přihlásím. Tak asi po 20min toto proběhne znovu a po 10min posíla zas s jiným čísle a jiným
Kopíruji ze skypu: hahahaha! aa http://www.facebook.com.....
[19:16:00] Marie Rašková: wow! aa http://www.facebook.com.....
[20:17:03] Marie Rašková: wow! aa http://www.facebook.com....

Při psaní na skypu se mi vir nezařazuje za každou zprávou jako na FB, teda zatím ne.
Když skype nechám zapnutý PC se chvilema seká a problikává.
Začíná to být horší a horší

[vyosek]

Takze si dame opet stare zname OTM a skript pro nej je tento

Kód: Vybrat vše

:files
C:\Documents and Settings\MiiLan\Start Menu\Programs\Startup\WINLOGO.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

[Mari13]

All processes killed
========== FILES ==========
C:\Documents and Settings\MiiLan\Start Menu\Programs\Startup\WINLOGO.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: MiiLan
->Temp folder emptied: 18580392 bytes
->Temporary Internet Files folder emptied: 194411399 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62468882 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10622 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 263,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: MiiLan
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11052011_220656

Files moved on Reboot...

Registry entries deleted on Reboot...