Nezadouci reklamy

[vyosek]

Zdravicko.

Kolega me poprosil o soucinnost.

Mackejte po startu PC F8 a zvolte Posledni znama funkcni konfigurace.

System nam snad nabehne.

[Majka]

i ja dekuji za soucitnost bohuzel stale problem pretrvava

[vyosek]

Start - spustit - napsat cmd - OK - spusti se prikazovy radek - tam napiste sfc /scannow - enter - zacne probiha kontrola souboru

[Majka]

Super, uz to opet funguje Ale puvodni problem s vyskakovacimi reklamami je tu stale

[vyosek]

Zkuste pouzit Hitman Pro dle tohoto navodu http://www.bleepingcomputer.com/virus-r ... ransomware snad nebude problem s anglictinou

[Majka]

I kdyz pisete, ze mam postupovat podle navodu, radsi se jeste zeptam. Opravdu jsou nutne vsechny kroky s flashkou a bootovani z ni, kdyz nemam pc zamknute a v podstate se chova normalne? Nestaci jen proscanovat?

[vyosek]

Muzete proskenovat, ono sken z flashky je ucinnejsi v pripade ze by tam byla nejaka odolna havet, ale zkuste tedy udelat jen normalni sken

[Majka]

Kód: Vybrat vše

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : MAŘENA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Mařena-PC\Mařena
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-08 22:44:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 5

   Objects scanned . . . : 2 113 843
   Files scanned . . . . : 53 218
   Remnants scanned  . . : 615 045 files / 1 445 580 keys

Suspicious files ____________________________________________________________

   C:\Windows\PEV.exe
      Size . . . . . . . : 256 000 bytes
      Age  . . . . . . . : 2.2 days (2013-07-06 17:47:14)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -7.5s C:\Qoobox\Quarantine\Registry_backups\
         -7.5s C:\Qoobox\
         -7.5s C:\Qoobox\Quarantine\
         -2.6s C:\Qoobox\BackEnv\
         -2.5s C:\Qoobox\Quarantine\catchme.log
         -0.0s C:\Windows\SWXCACLS.exe
         -0.0s C:\Windows\SWSC.exe
         -0.0s C:\Windows\sed.exe
         -0.0s C:\Windows\grep.exe
         -0.0s C:\Windows\zip.exe
          0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe

jinak reklamy vyskakuji nejvice asi ze stranek hxxp://reward-zone.cartrailor.com a hxxp://www.bet365.com/home/FlashGen4 , pak jeste ruzne ankety a dotazniky atd

[vyosek]

Ty reklamy vyskakuji ve vsech prohlizecich nebo jen v nekterem??

Stahnete WIGI http://tigzy.geekstogo.com/Tools/WhyIGotInfected.exe

• Pokud pouzivate Win Vista ci W7, kliknete na WIGI pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Scan
• Po dokonceni scanu (obdelnik vedle bude cely zeleny) kliknete na Report
• Otevre se log, ten sem vlozte

[Majka]

pouzivam jen chrome, ale vyyzkousim i ostatni prohlizece. Bohuzel jedu dnes na cely den pryc, tak tu budu az ve ctvrtek. Mam delat predchozi scan znovu podle navodu pres bootovani z flashky? A co ten soubor, co nasel pri standardnim scanu. Smazat mebo ignorovat?

[vyosek]

Ten soubor nemazte, je to falesna detekce

Zatim Hitmana pres flash disk nedelejte

Zkuste jiny prohlizec a uvidime co pak dale

[Majka]

tady je WIGI. dnes budu pracovat v mozzille a uvidim. Zitra ale bohuzel odjizdim na tyden pryc, ntb vemu s sebou, ale zrejme nebudu mit moc cas. Snad to nevadi. Opravdu moc dekuju za trpelivost, kterou se mnou mate.


WhyIGotInfected 1.7.1.0(by Tigzy)
********************************

Run : 12.7.2013 14:15:56 [Normal Mode]
Machine : MAŘENA-PC (4 CPUs) [Mařena : ADMIN]
OS: Windows 7 Service Pack 1 (x64)

~~ Plugins check: ~~

UPTODATE [Windows 7 Service Pack 1] Current : Service Pack 1 -- Latest : Service Pack 1
OUTDATED [Firefox (x86)] Current : 21.0 -- Latest : 22.0
OUTDATED [Internet Explorer] Current : 9.10.9200.16614 -- Latest : 9.0.8112.16421
OUTDATED [Internet Explorer (x86)] Current : 9.10.9200.16614 -- Latest : 9.0.8112.16421
OUTDATED [Java 7] Current : 1.7.0_03 -- Latest : 1.7.0_25
OUTDATED [Java (x86)] Current : 1.7.0_13 -- Latest : 1.7.0_25
OUTDATED [Adobe Reader (x86)] Current : 10 -- Latest : 11
OUTDATED [Adobe Flash (x86)] Current : 10.0.42.34 -- Latest : 11.8.800.94


Finished
<C:\Users\Mařena\Desktop\WIGIReport[0].txt>
WIGIReport[0].txt

[vyosek]

Prozatim, i za kolegu, nemate zac...

Pockame a uvidime

[Mc_Murphy]