VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

slowloris.exe

https://forum.viry.cz:443/viewtopic.php?t=119197

Stránka 1 z 1

slowloris.exe

Napsal: 29 led 2012 01:20
od Snippp
Zdravim, mam mensi problem a jsem uz bezradny. Snad mi tu nekdo dokaze pomoct. Oc jde:

Pouzivam Win XP SP2 bez antiviru a spustil jsem na nem tento soubor slowloris.exe: http://virusscan.jotti.org/cs/scanresul ... f76bcf3843
Po spusteni mi spadnul komunikator Miranda IM a Nvidia update zacla v intervalech asi 10 min hazet chybu viz: http://www.imagehosting.cz/?v=nvidiaerro.png
stejne tak miranda jiz nejde zapnout a hazi tu stejnou chybu. Jeste jsem si vsiml, ze ted Opera pri nacteni vetsiny stranek pozaduje potvrzeni nejakeho certifikatu, stejne tak Chrome. Samozrejme ten soubor slowloris.exe jsem ihned killnul v procesech.

Nasel jsem zde par navodu, takze jsem PC projel Kaspersky Virus Removal Tool, neco s tim souvisejici nasel a zda se ze odstranil, viz log:


Status: Deleted (events: 5)
23.12.1962 17:02:54 Deleted Trojan program Trojan.Win32.Lores.s C:\Documents and Settings\Uživatel\Plocha\slowloris.exe High
23.12.1962 17:25:04 Deleted malware HackTool.Win32.BruteForce.it C:\System Volume Information\_restore{4E2EEF96-EABB-4203-B655-BA1406110FEA}\RP910\A0226469.exe Medium
23.12.1962 17:30:01 Deleted malware HackTool.MSIL.Loic.bj C:\System Volume Information\_restore{4E2EEF96-EABB-4203-B655-BA1406110FEA}\RP932\A0229559.exe Medium
23.12.1962 17:30:02 Deleted malware HackTool.MSIL.Loic.bl C:\System Volume Information\_restore{4E2EEF96-EABB-4203-B655-BA1406110FEA}\RP932\A0229560.exe Medium
23.12.1962 17:30:27 Deleted Trojan program Trojan.Win32.Lores.s C:\System Volume Information\_restore{4E2EEF96-EABB-4203-B655-BA1406110FEA}\RP935\A0230069.exe High
Status: Detected (events: 2)
23.12.1962 17:02:54 Detected malware HackTool.Win32.Sniffer.WpePro.v C:\Documents and Settings\Uživatel\Plocha\pica\prg\wpe pro.7z//wpe pro/WPE PRO - modified.exe Medium
23.12.1962 17:02:54 Detected malware HackTool.Win32.Sniffer.WpePro.w C:\Documents and Settings\Uživatel\Plocha\pica\prg\wpe pro.7z//wpe pro/WpeSpy.dll Medium
Status: Quarantined (events: 2)
23.12.1962 17:25:22 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{4E2EEF96-EABB-4203-B655-BA1406110FEA}\RP914\A0226856.exe High
23.12.1962 17:25:22 Quarantined virus HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{4E2EEF96-EABB-4203-B655-BA1406110FEA}\RP914\A0226864.exe High




Dale prikladam log z HijackThis, ale log se mi zda cisty:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:12, on 29.1.2099
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Resources\Taskix\Taskix32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Miranda IM\Plugins\gate-bttrw-556-g301613c\gate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Program Files\GamePark\gpcl32bit.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
G:\myflash\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Taskix] C:\WINDOWS\Resources\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: gate.lnk = C:\Program Files\Miranda IM\Plugins\gate-bttrw-556-g301613c\gate.exe
O4 - Startup: gpcl32bit.lnk = C:\Program Files\GamePark\gpcl32bit.exe
O4 - Startup: Miranda.lnk = C:\Program Files\Miranda IM\miranda32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 3859 bytes






A jeste zde log z DDS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Uživatel at 1:16:32 on 2099-01-29
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1560 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Resources\Taskix\Taskix32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Miranda IM\Plugins\gate-bttrw-556-g301613c\gate.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Program Files\GamePark\gpcl32bit.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Uživatel\Plocha\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Taskix] c:\windows\resources\taskix\Taskix32.exe start
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
StartupFolder: c:\docume~1\uivate~1\nabdka~1\programy\posput~1\gate.lnk - c:\program files\miranda im\plugins\gate-bttrw-556-g301613c\gate.exe
StartupFolder: c:\docume~1\uivate~1\nabdka~1\programy\posput~1\gpcl32bit.lnk - c:\program files\gamepark\gpcl32bit.exe
StartupFolder: c:\docume~1\uivate~1\nabdka~1\programy\posput~1\miranda.lnk - c:\program files\miranda im\miranda32.exe
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3E27C911-0D3A-4170-A2DD-6E6C8F0ED338} : DhcpNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-13 2253120]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-4 27632]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\androidusb.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-4 13224]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-6-8 0]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys --> c:\windows\system32\drivers\zgwhsmdm.sys [?]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-12-12 79360]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-7-19 129440]
.
=============== Created Last 30 ================
.
2099-01-28 23:25:53 -------- d-----w- c:\documents and settings\uživatel\data aplikací\Malwarebytes
2099-01-28 23:25:14 -------- d--h--r- c:\documents and settings\uživatel\Recent
.
==================== Find3M ====================
.
.
============= FINISH: 1:16:59,39 ===============


Ani po restartu stale nelze spustit mirandu a porad haze chybu s nvidia ovladacem.. reinstalace nezabira. Jinak jsem zatim OS nijak vic nezkoumal, takze to mohlo napachat vetsi skody. Budu rad za kazdou pomoc.

Re: slowloris.exe

Napsal: 29 led 2012 08:37
od vyosek
Zdravim a pekny den preji :)

:arrow: Proc nepouzivate antivir, pak to nema byt zaliskane jak jetel :arcisit:

:arrow: Proc nemate Service Pack3 :???: Resi mnoho chyb a problemu. Ovsem podminkou je legalni system - jak je na tom ten Vas :???:

Re: slowloris.exe

Napsal: 29 led 2012 10:10
od Snippp
SP3 se mi nezamlouva, vyhovuje mi to takto. Antivir taktez nepotrebuji, v dnesni dobe je to jiz zbytecnost, nehlede na to ze ve vetsine pripadu potrebuji spoustet soubory ktere nejsou infikovane, presto je spousta antiviru nesmyslne detekuje.
Jinak ten system se zda byt cisty, ale jako kdyby chybela nejaka cast/knihovna nebo neco podobneho.

Re: slowloris.exe

Napsal: 29 led 2012 10:29
od motji
Kolega se Vás ptá na legálnost vašeho systému, zatím jste neodpověděl :)

Re: slowloris.exe

Napsal: 29 led 2012 10:59
od Snippp
System legalni neni. Takze muzu predpokladat, ze se pomoci nedockam.

Re: slowloris.exe

Napsal: 29 led 2012 13:19
od vyosek
Dekuji kolegyni za vstup

A predpokladate spravne - odporuje to pravidlum fora a nehodlame podporovat pachani trestneho cinu (porusovani autorskych prav), OS muze byt prave poskozeny\divny, jelikoz SP3 resi mnoho chyb...

A antivir je dnes zaklad, docela si dokazu predstavit co za soubory detekuje jako havet ac, dle vas, nejsou - tohle se deje hlavne u cracku a keygenu...

Ale jak bylo receno, pomoci se nedockate...
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz