Stránka 1 z 1
Trojan:Script/Cloxer.A!cl
Napsal: 12 bře 2019 23:26
od petal219
Dobrý den, Windows Defender nalezl a zlikvidoval Trojan:Script/Cloxer.A!cl, file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk ale po offline kontrole se hajzlík objevil znovu. What to do?
Re: Trojan:Script/Cloxer.A!cl
Napsal: 12 bře 2019 23:59
od Conder
Ahoj
Stiahni
AdwCleaner:
https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
- Nechaj zaskrtnute vsetky nalezy
- Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah sem skopiruj
Re: Trojan:Script/Cloxer.A!cl
Napsal: 13 bře 2019 00:04
od petal219
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support:
https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-13-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 9
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Deleted C:\Program Files (x86)\Free Video Converter
Deleted C:\Program Files (x86)\DriverDoc
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
Re: Trojan:Script/Cloxer.A!cl
Napsal: 13 bře 2019 00:23
od Conder
Poprosim o obidva nove logy z FRST.
Instaloval si nejaky program tykajuci sa I2P siete?
Re: Trojan:Script/Cloxer.A!cl
Napsal: 13 bře 2019 00:39
od petal219
Netuším co je to I2P síť
počítač sdílím tak se zkusím optat
Re: Trojan:Script/Cloxer.A!cl
Napsal: 13 bře 2019 13:57
od petal219
prý tam něco s I2P sítí instaloval ale moc mu to nefungovalo, furt pořádně nevím o co se jedná
Re: Trojan:Script/Cloxer.A!cl
Napsal: 13 bře 2019 22:42
od Conder
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\Policies\Explorer: []
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> DefaultScope {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
2019-03-12 23:11 - 2019-03-12 23:25 - 000000000 ____D C:\rsit
2019-03-12 23:11 - 2019-03-12 23:22 - 000000000 ____D C:\Program Files\trend micro
2019-03-12 23:05 - 2019-03-12 23:06 - 001222144 _____ C:\Users\petal219\Desktop\RSITx64.exe
2019-02-28 01:07 - 2019-02-28 01:07 - 000000000 __SHD C:\AI_RecycleBin
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc
2019-02-12 14:53 - 2019-02-12 14:53 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785
2019-02-12 14:51 - 2019-02-12 14:51 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330
2019-02-12 14:49 - 2019-02-12 14:49 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7
2019-02-12 14:42 - 2019-02-12 14:42 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
IE trusted site: HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\sharepoint.com -> hxxps://mendelu-files.sharepoint.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
EmptyTemp:
End
- Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Re: Trojan:Script/Cloxer.A!cl
Napsal: 14 bře 2019 15:06
od petal219
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by petal219 (14-03-2019 14:59:28) Run:1
Running from C:\Users\petal219\Desktop
Loaded Profiles: petal219 (Available Profiles: petal219)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\Policies\Explorer: []
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> DefaultScope {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
SearchScopes: HKU\S-1-5-21-412039192-1154255929-2393577243-1001 -> {272A17D5-17BA-441D-BFF8-F2FB40236F0A} URL =
2019-03-12 23:11 - 2019-03-12 23:25 - 000000000 ____D C:\rsit
2019-03-12 23:11 - 2019-03-12 23:22 - 000000000 ____D C:\Program Files\trend micro
2019-03-12 23:05 - 2019-03-12 23:06 - 001222144 _____ C:\Users\petal219\Desktop\RSITx64.exe
2019-02-28 01:07 - 2019-02-28 01:07 - 000000000 __SHD C:\AI_RecycleBin
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536
2019-02-12 15:22 - 2019-02-12 15:22 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc
2019-02-12 14:53 - 2019-02-12 14:53 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785
2019-02-12 14:51 - 2019-02-12 14:51 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330
2019-02-12 14:49 - 2019-02-12 14:49 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7
2019-02-12 14:42 - 2019-02-12 14:42 - 000000000 ___DC C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
IE trusted site: HKU\S-1-5-21-412039192-1154255929-2393577243-1001\...\sharepoint.com -> hxxps://mendelu-files.sharepoint.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk
EmptyTemp:
End
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
Count : 1390
Average :
Sum : 2840993835
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= File: C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe ========================
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATTENTION (Access Denied)
Creation and modification date: 2018-08-26 17:15 - 2016-01-19 06:15
Size: 001222664
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0-byte
====== End of File: ======
========================= File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk ========================
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk" => not found
====== End of File: ======
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P ========================
not found.
====== End of Folder: ======
"HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-412039192-1154255929-2393577243-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{272A17D5-17BA-441D-BFF8-F2FB40236F0A} => removed successfully
HKLM\Software\Classes\CLSID\{272A17D5-17BA-441D-BFF8-F2FB40236F0A} => not found
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\petal219\Desktop\RSITx64.exe => moved successfully
C:\AI_RecycleBin => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign7f1cf197cd03a536 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign3676f030471376bc => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign9536c88661fed785 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsignc1786c8fecfa3330 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsigne4c92bec8ec966f7 => moved successfully
C:\Users\petal219\AppData\Local\Tempzxpsign13cdeebf4388c053 => moved successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB} => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-412039192-1154255929-2393577243-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P\Open I2P Profile Folder (service).lnk" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43714716 B
Java, Flash, Steam htmlcache => 227754699 B
Windows/system/drivers => 2863487 B
Edge => 2571772 B
Chrome => 239233695 B
Firefox => 0 B
Opera => 407673429 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 1704 B
NetworkService => 0 B
petal219 => 17848632 B
RecycleBin => 2356707 B
EmptyTemp: => 910.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:00:56 ====
Re: Trojan:Script/Cloxer.A!cl
Napsal: 15 bře 2019 15:06
od Conder
Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?
Re: Trojan:Script/Cloxer.A!cl
Napsal: 15 bře 2019 15:22
od petal219
Snad v pořádku
Re: Trojan:Script/Cloxer.A!cl
Napsal: 15 bře 2019 15:28
od Conder
Tak este upraceme po pouzitych nastrojoch:
Tiez mozes (preventivne) spustit aj kontrolu integrity:
Spusti kontrolu integrity systemovych suborov:
- Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
- Skopiruj a spusti prikaz:
Kód: Vybrat vše
DISM.exe /Online /Cleanup-image /Restorehealth
- Po dokonceni skopiruj a spusti druhy prikaz:
- Restartuj PC