ESET nedokaze odstranit vir

[Rudy]

Zkuste ještě TDSS remover: http://translate.googleusercontent.com/ ... QmSRXkIvzQ .

[jacho6380]

Zkusil som ho a nic mi nenasiel a na stranke je pisane ze win 7 32 a ja mam 64, nechce sa mi kvoli tomu viru preinstalovavat win

[Rudy]

Měl by fugovat i na 64bitu: http://support.kaspersky.com/viruses/so ... =208280684 .

[jacho6380]

tiez nic nenasiel

[vyosek]

Zdravim, omlouvam se kolegovi za vstup

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :files
  C:\Windows\tasks\At*.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Stahnete SPTD http://www.duplexsecure.com/en/downloads

• Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
• Ulozte na plochu a spustte
• Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

• Ulozte na plochu a spustte
• Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe - nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

[jacho6380]

OTM

All processes killed
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\506DDFBE983F4BC384B865F423B2D798.TMP folder moved successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB47.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2AE.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSI32D.tmp- folder moved successfully.
C:\Windows\Installer\MSI5DC7.tmp moved successfully.
C:\Windows\Installer\MSI8F41.tmp moved successfully.
C:\Windows\Installer\MSIA18C.tmp moved successfully.
C:\Windows\Installer\MSIB2D8.tmp moved successfully.
C:\Windows\Installer\MSIB4C7.tmp moved successfully.
C:\Windows\Temp\NOD5F65.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Michal
->Temp folder emptied: 2999300744 bytes
->Temporary Internet Files folder emptied: 18111894 bytes
->Java cache emptied: 348909 bytes
->FireFox cache emptied: 66069602 bytes
->Flash cache emptied: 59155 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2939978 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 301295616 bytes

Total Files Cleaned = 3 231,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12012010_154123

Files moved on Reboot...
C:\Users\Michal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{501BEC8F-29D5-4F8D-B7CB-D08B9CC06662}.tmp not found!
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{57945C86-C461-4696-BE80-72EE17393148}.tmp not found!
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{88051215-5C1F-4934-BF4B-4AB9633F92FB}.tmp not found!
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A067A158-8F0F-47DB-B406-D230A0E19CC4}.tmp not found!
File move failed. C:\Windows\temp\adb.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...



MBR

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Popisovač nie je platný.
kernel: error reading MBR

[vyosek]

Mate instalacni CD\DVD

Odstranovani mbr rootkitu z 64bit OS je bohuzel v soucasne dobe problem, jelikoz vetsina utilit je nefunkcnich a pokud funguji, tak obcas je treba provest opravnou instalaci...

[jacho6380]

Ano mam

[vyosek]

Pripadne mate PC ze ktereho by jste se ozval, kdyby se Vam nepodarilo dat do PC do kupy Mate zalohu dulezitych dat - nemel byste o ne prijit, ale kdyby nahodou...

[jacho6380]

keby sa nieco stalo tak sa ozvem z HTC Desire, co mam teda? Data mam a ostatne ked sa pokazi tak bohuzial budem musiet instalovat

[vyosek]

Presunte bootkit remover na plochu, jestli jej tam jeste nemate

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive1

• Kliknete na OK
• Restartujte PC

Muze se stat ze po restartu na Vas vyskoci cerna obrazovka podobna te nize


Vlozte tedy instalacni DVD a provedte opravu - navod zde http://www.viry.cz/forum/viewtopic.php?f=25&t=102161

Pak napiste jak to dopadlo a bude testovat, pripadne zkouset dal

[jacho6380]

neviem teda

Bez názvu656.png (54.83 KiB) Zobrazeno 1231 x

[vyosek]

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -f

• Kliknete na OK

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

[jacho6380]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Popisovač nie je platný.
kernel: error reading MBR

[vyosek]

Nabootujte z instal DVD

Az se dostanete na tuto obrazovku - zvolte Prikazovy radek


Napiste FIXMBR, odenterujte, napiste EXIT, odenterujte

Klik na Restartovat a nechte nabehnout PC normalne

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte