Results 1 to 22 of 22

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266

    aprotect service

    , 32 , , , , SpyNoMore ... SpyBot , ... , "" , ...
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	apotectservice.PNG‎ 
Views:	184 
Size:	93.2 KB 
ID:	12922  

  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    "windows" , , smitfraudfix. HiJackThis .

  3. #3
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    Quote Originally Posted by ilko View Post
    "windows" , , smitfraudfix. HiJackThis .
    hijackthis ...
    - / / , , / /...
    Attached Files

  4. #4
    Creative destructor OgiDogi's Avatar
    Join Date: Nov:2002
    Location:
    Posts: 7,613
    :

    1. Task Manager-:
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\DAP\DAP.EXE <-- , ,

    :

    2. HijackThis :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll (file missing) <--
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSC onfig.exe /auto <--
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe <-- 100%
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe <--
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

    :

    3. .

  5. #5
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    :

    4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup

    Unlocker C:\Program Files\SpyNoMore , BlackLight, , HJT .

  6. #6
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    , , SpyNoMore , , , , ,
    Attached Files

  7. #7
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    .

  8. #8
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    Quote Originally Posted by ilko View Post
    .

  9. #9
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266

    ....

    , , , HiJack This , ... ... , , ....

    - ( 2) , , . , UnLocker , .... , - ...
    Attached Files

  10. #10
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    HJT, / ? system restore ?
    . 2 rootkit . smitfraudfix , . , vs

  11. #11
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266

    ....

    : : 1. , , - .
    2. - youTube .
    - - - . - - . ;
    BlackLight - ,
    .
    HiJackThis
    SpyBot SD - ...
    , HiJackThis , .
    Attached Files

  12. #12
    Creative destructor OgiDogi's Avatar
    Join Date: Nov:2002
    Location:
    Posts: 7,613
    Quote Originally Posted by connect View Post
    : : 1. , , - .
    2. - youTube .
    - - - . - - . ;
    BlackLight - ,
    .
    HiJackThis
    SpyBot SD - ...
    , HiJackThis , .
    :

    Code:
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download All with FlashGet - E:\programme\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Download with FlashGet - E:\programme\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programme\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\programme\FlashGet\FlashGet.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: Bonjour Service - Unknown owner - E:\programme\Gizmo Project\mDNSResponder.exe (file missing)
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    , Download Accelerator, spyware? , FlashGet -...

  13. #13
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    , ; ... , 1 , 2 1

    http://winantivirus.com/download/2007/?p=8&j=1&ex=1&ax=1&h=10&aid=nm_ba_wav_kw 3&lid=ware+ar&affid=nm_67602_36e44656225 711dcacd7f67602ffffff_e88fe27c07be445ebf dc57f858dfbfb1&rff='

    , , , , ,
    :
    Attached Files

  14. #14
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    http://www.hardwarebg.com/forum/showthread.php?t=91314

    9 Vundofix c:\vundofix.txt
    .
    silentrunners.vbs, 2-3 . .

    Quote Originally Posted by OgiDogi
    :...
    , , , .
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

  15. #15
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    .:
    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.4.2.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 12:47:28 AM 27.06.2007 .

    Listing files found while scanning....

    C:\WINDOWS\system32\rttss.bak1
    C:\WINDOWS\system32\rttss.bak2
    C:\WINDOWS\system32\rttss.ini
    C:\WINDOWS\system32\rttss.ini2
    C:\WINDOWS\system32\rttss.tmp
    C:\WINDOWS\system32\ssttr.dll




    silentrunners.vbs -

  16. #16
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , . rootkit . SilentRunners 1-2 . .

  17. #17
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    , :

    , , : http://www.usafis.org/includes/new_emc.asp?LID=

    rootkit : 1. blackLight : ,
    2. Hidden Non Plud&Play Driver : DP1112 , DS1410D .
    3. .log HijackThis
    4.log rootkit reveal
    5. win pf find
    Attached Files
    Last edited by connect; 27th June 2007 at 09:41.

  18. #18
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167


    combofix , .

    Vundofix , . , silentrunners.vbs. , , , . HiJackThis, - HJT - scanner.exe, myscan.exe .

    ATFCleaner , .

  19. #19
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    , -
    - combo fix , :
    ATFCleaner
    1.
    Code:
    2006-04-03 00:28      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wcpsu.exe.vir
    2007-05-15 23:20      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\OEM\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
    2007-06-24 16:26      20992    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\winuqw32.dll.vir
    2007-06-24 16:26      31254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\gebcayx.dll.vir
    2007-06-24 16:27      40950    --a------    C:\Qoobox\Quarantine\C\WINDOWS\retadpu2000352.exe.vir
    2007-06-24 16:33      266336    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssttr.dll.vir
    2007-06-25 20:17      1143297    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rttss.bak1.vir
    2007-06-26 09:25      1154895    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rttss.tmp.vir
    2007-06-26 09:54      1156823    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rttss.ini.vir
    2007-06-26 11:08      135    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\OEM\APPLIC~1\Macromedia\Flash Player\#SharedObjects\J6KBRGJK\www.broadcaster.com\played_list.sol.vir
    2007-06-26 11:08      2161    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\OEM\APPLIC~1\Macromedia\Flash Player\#SharedObjects\J6KBRGJK\www.broadcaster.com\video_queue.sol.vir
    2007-06-26 20:18      122944    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ltivebnb.exe.vir
    2007-06-26 23:55      122944    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\djsnorso.exe.vir
    2007-06-27 14:20      122944    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ufqhauye.exe.vir
    2007-06-27 17:10      122944    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\glhokxew.exe.vir
    2007-06-28 01:29      934939    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rttss.bak2.vir
    2007-06-28 01:32      122944    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\yhaxqsnc.exe.vir
    2007-06-28 01:35      2956    --a------    C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
    2007-06-28 01:35      352    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
    2007-06-28 01:35      846    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
    2007-06-28 01:35      924311    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rttss.ini2.vir
    
    
    Folder PATH listing
    Volume serial number is 88F0-F9E9
    C:\QOOBOX
    \---Quarantine
        +---Registry_backups
        |       LEGACY_DOMAINSERVICE.reg.cf
        |       services_DomainService.reg.cf
        |       services_nm.reg.cf
        |       
        \---C
            +---WINDOWS
            |   |   retadpu2000352.exe.vir
            |   |   
            |   \---system32
            |           wcpsu.exe.vir
            |           ltivebnb.exe.vir
            |           ufqhauye.exe.vir
            |           djsnorso.exe.vir
            |           glhokxew.exe.vir
            |           yhaxqsnc.exe.vir
            |           winuqw32.dll.vir
            |           rttss.ini.vir
            |           rttss.tmp.vir
            |           rttss.bak1.vir
            |           rttss.bak2.vir
            |           rttss.ini2.vir
            |           ssttr.dll.vir
            |           gebcayx.dll.vir
            |           
            \---DOCUME~1
                \---OEM
                    \---APPLIC~1
                        \---Macromedia
                            \---Flash Player
                                +---#SharedObjects
                                |   \---J6KBRGJK
                                |       \---www.broadcaster.com
                                |               played_list.sol.vir
                                |               video_queue.sol.vir
                                |               
                                \---macromedia.com
                                    \---support
                                        \---flashplayer
                                            \---sys
                                                \---#www.broadcaster.com
                                                        settings.sol.vir
    2.VundoFix no infectet files where found.
    3. log silentrunners
    4. log HiJackThis - .exe
    Attached Files

  20. #20
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , ?
    , 2 . AVS.
    C:\Qoobox\Quarantine\ ? .

  21. #21
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167

    - ? , . - , dll exe 2, . .

  22. #22
    Registered User
    Join Date: Oct:2005
    Location: mars
    Posts: 266
    - , , - , ,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |