Results 1 to 14 of 14

Thread: .

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Aug:2002
    Posts: 1,145

    .

    - w32/Agent.AB , . 5 , . . - 30 . sqllg.dll windows\system32. . . , .
    Hijack sqllg.dll /O20/ , , . . /NTFS/ . , , , , .
    ???

  2. #2
    Registered User CYPER's Avatar
    Join Date: May:2004
    Location:
    Posts: 9,356
    Gigabyte X570 AORUS Ultra | 5950X | Arctic Liquid Freezer II 240 | Corsair Vengeance LPX 2x8GB 3200Mhz | Samsung 980 Pro 1TB + Samsung 970 Pro 1TB | Gigabyte AORUS GeForce RTX 3080 Ti Master 12GB | Fractal Design Meshify C Dark TG | Corsair AX860i | Samsung U32H850 32" 4K

  3. #3
    Boyman's Avatar
    Join Date: Apr:2004
    Location: In the Source
    Posts: 384
    . .
    , ... .



  4. #4
    Registered User
    Join Date: Aug:2004
    Location:
    Posts: 9
    thread-, , . removal tool , .
    , .

  5. #5
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    dellater . .
    safe mode .
    . .
    removal tool , .
    .

  6. #6
    Registered User subn3t's Avatar
    Join Date: Apr:2003
    Location: 127.0.0.1
    Posts: 1,143
    ? 4 .

    #rm -rf imenafail
    .

  7. #7
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    HjackThis , (1.98.2)

  8. #8
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Originally posted by subn3t
    ? 4 .

    #rm -rf imenafail
    rm: cannot remove: read-only file



    could not delete file /mnt/hda5/.....

  9. #9
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Originally posted by lada_1500
    HjackThis , (1.98.2)

    Logfile of HijackThis v1.98.2
    Scan saved at 20:19:12, on 16.8.2004 .
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\System32\PDesk\PDesk.exe
    D:\Program Files\FSI\F-Prot\F-StopW.EXE
    D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    D:\WINDOWS\System32\mgabg.exe
    D:\Documents and Settings\\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msc onfig.exe /auto
    O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [F-StopW] D:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - Global Startup: gwum.lnk = D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
    O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
    O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll

  10. #10
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373

    O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
    Hjack ,
    HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows .

  11. #11
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Originally posted by lada_1500

    O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
    Hjack ,
    HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows .
    ,
    .
    , . - , , .
    safe mode HEY_LOCAL_MACHINE\Software\Microsoft\Win dows NT\CurrentVersion\Windows Appinit_DLLs ,
    sqllg.dll , (ab)AppInit_DLLs . , - - . - , - . sqllg.dll - : " D:\WINDOWS\System32\sqllg.dll Infection: W32/Agent.AB " 2 7-8 . Hijack , .

  12. #12
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    E ( symantec)
    Navigate to the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
    Rename the subkey:
    "Windows"
    to
    "Windows1"
    Wait approximately 5 seconds.
    Navigate to the key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows1
    In the right pane, double-click the following registry value name:
    "AppInit_DLLs"
    and delete the following text from the contents of the Value Data box:
    %System%\<DLL filename>.dll
    Restart the computer.
    Navigate to the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
    Rename the subkey:
    "Windows1"
    to
    "Windows"

    Exit the Registry Editor.
    Restart the computer

  13. #13
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    _1500.

    . . Windows1 Windows , .
    sqllg.dll . 15.04.2004 , 54 , . , Windows , . regsvr32 /u . safe mode , , , troyan remover .
    .


  14. #14
    Registered User subn3t's Avatar
    Join Date: Apr:2003
    Location: 127.0.0.1
    Posts: 1,143
    read/write NTFS read ... 4 .. ?
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |