Results 1 to 14 of 14

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Aug:2002
    Posts: 1,145

    Íå ìîãà äà èçòðèÿ ôàéë.

    Ô-ïðîòà îíëàéí äåäåêòâà òðîÿíåö w32/Agent.AB , íî êàòî çàïî÷íà äà ñêàíèðàì íå ìîæå äà ãî õâàíå è ïðåìàõíå. Ñëîæèõ 5 ïðîãðàìè çà òðîÿíöè úïäåéòíàòè ñ íîâè âåðñèè , íî íå ìîãàò äà ãî õâàíàò. Ñïàéáîòîâå íÿìà. Ô - ïðîòà ñúîáùàâà ïðåç 30 ñåê. çà åäèí è ñúù èíôåêòèðàí ôàéë sqllg.dll íàìèðàù ñå â windows\system32. ×ðåç Âèíäîóñ åêñïëîðåðà íå ìîãà äà âèäÿ òîçè ôàéë. Îïèòàõ ñå ïî îïèñàíèÿò íà÷èí ðú÷íî äà ïðåìàõíà Àãåíò.À , íî íå ñòàâà.
    ×ðåç Hijack âèæäàì sqllg.dll /O20/ íî íå ìîæå äà ãî äåëíå äà íå ñòàðòèðà ïðè çàðåäæäàíåòî, êàçâà ÷å ãî äåëâà, íî ïðè ñëåäâàùîòî ñêàíèðàíå ïàê å òàì.  ðåãèñòðèòå íà Âèíäîóñà âñè÷êî å ÷èñòî. Îò Âèíäîóñ ÕÏ /NTFS/ íå ìîãà äà âèäÿ òîçè ôàéë. Ïðåç ëèíóêñ ãî âèæäàì , íî íå ìîãà äà ãî èçòðèÿ , ïðåèìåíóâàì èëè ðåäàêòèðàì ïî íèêàêúâ íà÷èí, äàâà ìè ñúîáùåíèå , ÷å ôàéëúò å áèíàðåí è íå ìîæå íèùî äà ñå ïðàâè ñ íåãî.
    Êàê äà èçòðèÿ âúïðîñíèÿò ôàéë???

  2. #2
    Registered User CYPER's Avatar
    Join Date: May:2004
    Location: Ðóñå
    Posts: 9,356

    :)

    Ñ ïðîãðàìêàòà Dellater ïðîáâàé.

    ×åòè ïîâå÷å òóê - http://hardwarebg.com/forum/showthre...light=dellater
    Gigabyte X570 AORUS Ultra | 5950X | Arctic Liquid Freezer II 240 | Corsair Vengeance LPX 2x8GB 3200Mhz | Samsung 980 Pro 1TB + Samsung 970 Pro 1TB | Gigabyte AORUS GeForce RTX 3080 Ti Master 12GB | Fractal Design Meshify C Dark TG | Corsair AX860i | Samsung U32H850 32" 4K

  3. #3
    ×åðíîãëåä Boyman's Avatar
    Join Date: Apr:2004
    Location: In the Source
    Posts: 384
    Çà èçòðèâàíå íåçíàì àìà îïèòàé ïîíå äà ìó áëîêèðàø äåéñòâèåòî. Ìåæäó äðóãîòî ïîãëåäíè ñè ïðîöåñèòå àêî å òàì ïúðâî ïðåêúñíè ïðîöåñà è ñëåä òîâà ãî èçòðèé.
    Ïîíÿêîãà, êîãàòî ìè ñå äîðàáîòè...ñÿäàì è ÷àêàì äà ìè ìèíå.
    Ïðèøúëåöúò

    Åêñïåíçèâ Ðàéìñ Õèï õîïà íà èçòîêà

  4. #4
    Registered User
    Join Date: Aug:2004
    Location: Ñîôèÿ
    Posts: 9
    Ïúðâî òðÿáâà äà òåðìèíèðàø thread-à, êîéòî å ñâúðçàí ñ ôàéëà, òîãàâà ùå ìîæåø äà ñè ãî òðèåø. Íàé ïðîñòî å äà èçòåãëèø îò íÿêúäå removal tool çà òîçè òðîÿíåö, êîéòî äà ñâúðøè ðàáîòàòà âìåñòî òåá.
    Àêî íåùî ñòàíå êàêòî òðÿáâà, çíà÷è å ñòàíàëà óæàñíà ãðåøêà.

  5. #5
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Ñ dellater íå ñòàâà. Ðååáóòâàì è ïàê å òàì.
    À â safe mode òîçè ôàéë íå ìîæå äà ãî âèäè.
    Íå ñúùåñòâóâà òàêúâ ïðîöåñ çà äà ãî áëîêèðàì. Îñòàâèë ñúì ñàìî îñíîâíèòå ïðîöåñè.
    Èçòåãëèõ removal tool , íî íèùî íå ñòàâà.
    Òðÿáâà ïî íÿêàêúâ íà÷èí äà ãî èçòðèÿ.

  6. #6
    Registered User subn3t's Avatar
    Join Date: Apr:2003
    Location: 127.0.0.1
    Posts: 1,143
    áå êàê ïîä Ëèíóêñ íå ìîæå ? çà ïúðâè ïúò 4óâàì ïîäîáíî íåùî.

    #rm -rf imenafail
    Â ðàçãîâîðà ñå ðàæäà èñòèíàòà.
    Ìîÿòà ïîëîâèíêà

  7. #7
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    Ïîñòíè åäèí ëîã îò HjackThis äà âèäèì çà êàêâî èäå ðå÷,ïîñëåäíàòà âåðñèÿ(1.98.2) ìîæåø äà äðüïíåø îò Òóê

  8. #8
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Originally posted by subn3t
    áå êàê ïîä Ëèíóêñ íå ìîæå ? çà ïúðâè ïúò 4óâàì ïîäîáíî íåùî.

    #rm -rf imenafail
    rm: cannot remove: read-only file

    èëè

    could not delete file /mnt/hda5/.....

  9. #9
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Originally posted by lada_1500
    Ïîñòíè åäèí ëîã îò HjackThis äà âèäèì çà êàêâî èäå ðå÷,ïîñëåäíàòà âåðñèÿ(1.98.2) ìîæåø äà äðüïíåø îò Òóê

    Logfile of HijackThis v1.98.2
    Scan saved at 20:19:12, on 16.8.2004 ã.
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\System32\PDesk\PDesk.exe
    D:\Program Files\FSI\F-Prot\F-StopW.EXE
    D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    D:\WINDOWS\System32\mgabg.exe
    D:\Documents and Settings\òàíÿ\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msc onfig.exe /auto
    O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [F-StopW] D:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - Global Startup: gwum.lnk = D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
    O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
    O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll

  10. #10
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    Çíà÷è ñàìî òâà íåðåäíî âèæäàì è àç
    O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
    îïèòàè äà ãî ôèêñíåø ñ Hjack è ðåñòàðòèðàè,àêî íå ñòàíå èäè
    äî HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows ìèñëÿ ÷å å òàì è ãî èçòðèè îò ðåãèñòðèòå è ñëåä òîâà ãî äåëíè.

  11. #11
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Originally posted by lada_1500
    Çíà÷è ñàìî òâà íåðåäíî âèæäàì è àç
    O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
    îïèòàè äà ãî ôèêñíåø ñ Hjack è ðåñòàðòèðàè,àêî íå ñòàíå èäè
    äî HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows ìèñëÿ ÷å å òàì è ãî èçòðèè îò ðåãèñòðèòå è ñëåä òîâà ãî äåëíè.
    Òî÷íî òàì å , ÍÎ
    Å òàêîâà ÷óäî íå áÿõ âèæäàë.
    Äåëâàì ãî, èç÷åçâà è ñàìî ñëåä êàòî èäà â äðóã ðåãèñòúð è ñå âúðíà â ïðåäèøíàòà ïàê å òàì. Ìîäèôèöèðàì ãî - íå èñêà, çà ìîìåíòà äà , íî ñàìî ñëåä ìàëêî ïàê å ñúùîòî.
    Êîãàòî å safe mode â HEY_LOCAL_MACHINE\Software\Microsoft\Win dows NT\CurrentVersion\Windows ñúùåñòâóâà Appinit_DLLs , íî áåç
    sqllg.dll , íî âñå ïàê ãî äåëâàì (ab)AppInit_DLLs è íå ìîæå . Ïèøå , ÷å âñè÷êî å îê àìà íå å - ðåñòàðòèðàõ ìíîãî ïúòè - íèùî. Äåëâàì ðåãèñòúðà- ðåñòàðòèðàì, äåëâàì - ðåñòàðòèðàì è â íîðìàëåí è ñåèô è âñå ñè ñòîè òàì. Âñÿêà èíòåðâåíöèÿ âúðõó sqllg.dll èëè ñòàðòèðàíå íà ïðîãðàìà Ô-ïðîòà âåäíàãà èçâàæäà ñúîáùåíèåòî: " D:\WINDOWS\System32\sqllg.dll Infection: W32/Agent.AB " è òî íå åäíî àìè îò 2 äî 7-8 ðåäà åäèí è ñúù òåêñò. Hijack ñúùàòà ðàáîòà êàçâà ÷å ãî äåëâà è ùå ïðàâè áàêúï , íî íèùî íå ñòàâà.

  12. #12
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    E òàêà òðÿáâà äà ñòàíå (òîâà å îò symantec)
    Navigate to the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
    Rename the subkey:
    "Windows"
    to
    "Windows1"
    Wait approximately 5 seconds.
    Navigate to the key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows1
    In the right pane, double-click the following registry value name:
    "AppInit_DLLs"
    and delete the following text from the contents of the Value Data box:
    %System%\<DLL filename>.dll
    Restart the computer.
    Navigate to the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
    Rename the subkey:
    "Windows1"
    to
    "Windows"

    Exit the Registry Editor.
    Restart the computer

  13. #13
    Registered User
    Join Date: Aug:2002
    Posts: 1,145
    Áëàãîäàðÿ Ëàäà_1500.

    Òîâà íåùî ïðîðàáîòè ñàìî âðåìåííî. Âñè÷êî ñòàíà êàêòî ñè ãî îïèñàë. Íî ñëåä âðúùàíåòî íà ñòàðàòî èìå îò Windows1 íà Windows è ðåáóòâàíåòî òîé ïàê ñå ïîÿâè, íå áåøå âå÷å â òîçè ðåãèñòúð.
    Çàïî÷íàõ äà ðàçãëåæäàì ñàìèÿ sqllg.dll ïîä ëèíóêñ. Ñúçäàäåí å íà 15.04.2004 , 54 Ê, âúòðå íÿìà òåêñòîâî ïîñëàíèå. Ñëåä êàòî ðàçáðàõ, ÷å ïîä ëèíóêñ íèùî íå ìîãà äà ìó íàïðàâÿ îòèäîõ ïàê â Windows è çàïî÷íàõ äà ãî òúðñÿ â ðåãèñòðèòå, íî óâè. Íå ìîæåøå äà ñå äåèíñòàëèðà ñ regsvr32 /u .Ïàê â safe mode è âèäÿõ çà ìîå ó÷óäâàíå, ÷å âå÷å å âèäèì,íî ïî íèêàêúâ íà÷èí íå ìîæåõ äà ïðàâÿ íåùî ñ íåãî , à ñëåä òîâà êëèêíàõ ñ äåñíèÿ áóòîí âúðõó íåãî è çàäàäîõ ÷ðåç ïðîãðàìàòà troyan remover äà ãî äåëíå è òÿ ãî èçòðè.
    È âå÷å ãî íÿìà.


  14. #14
    Registered User subn3t's Avatar
    Join Date: Apr:2003
    Location: 127.0.0.1
    Posts: 1,143
    à ïîãëåäíà ëè äàëè ëèíóêñà ïîääúðæà read/write íà NTFS èëè ñàìî read ... ñ êàêâè îïöèè å çàêà4åí äÿëà è ò.í. ?
    Â ðàçãîâîðà ñå ðàæäà èñòèíàòà.
    Ìîÿòà ïîëîâèíêà

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 Õàðäóåð ÁÃ. Âúçìîæíî å ñúäúðæàíèåòî íà òàçè ñòðàíèöà äà å îáåêò íà àâòîðñêè ïðàâà.
iskamPC.com | mobility.BG | Bloody's Techblog | Êðèïòîâàëóòè è ìàéíèíã | 3D Vision Blog | Ìàãàçèí çà åëåêòðîííè öèãàðè