Results 1 to 14 of 14
Thread: Íå ìîãà äà èçòðèÿ ôàéë.
Hybrid View
-
16th August 2004 13:35 #1Registered User
Join Date: Aug:2002
Posts: 1,145
Íå ìîãà äà èçòðèÿ ôàéë.
Ô-ïðîòà îíëàéí äåäåêòâà òðîÿíåö w32/Agent.AB , íî êàòî çàïî÷íà äà ñêàíèðàì íå ìîæå äà ãî õâàíå è ïðåìàõíå. Ñëîæèõ 5 ïðîãðàìè çà òðîÿíöè úïäåéòíàòè ñ íîâè âåðñèè , íî íå ìîãàò äà ãî õâàíàò. Ñïàéáîòîâå íÿìà. Ô - ïðîòà ñúîáùàâà ïðåç 30 ñåê. çà åäèí è ñúù èíôåêòèðàí ôàéë sqllg.dll íàìèðàù ñå â windows\system32. ×ðåç Âèíäîóñ åêñïëîðåðà íå ìîãà äà âèäÿ òîçè ôàéë. Îïèòàõ ñå ïî îïèñàíèÿò íà÷èí ðú÷íî äà ïðåìàõíà Àãåíò.À , íî íå ñòàâà.
×ðåç Hijack âèæäàì sqllg.dll /O20/ íî íå ìîæå äà ãî äåëíå äà íå ñòàðòèðà ïðè çàðåäæäàíåòî, êàçâà ÷å ãî äåëâà, íî ïðè ñëåäâàùîòî ñêàíèðàíå ïàê å òàì.  ðåãèñòðèòå íà Âèíäîóñà âñè÷êî å ÷èñòî. Îò Âèíäîóñ ÕÏ /NTFS/ íå ìîãà äà âèäÿ òîçè ôàéë. Ïðåç ëèíóêñ ãî âèæäàì , íî íå ìîãà äà ãî èçòðèÿ , ïðåèìåíóâàì èëè ðåäàêòèðàì ïî íèêàêúâ íà÷èí, äàâà ìè ñúîáùåíèå , ÷å ôàéëúò å áèíàðåí è íå ìîæå íèùî äà ñå ïðàâè ñ íåãî.
Êàê äà èçòðèÿ âúïðîñíèÿò ôàéë???
-
16th August 2004 13:44 #2
:)
Ñ ïðîãðàìêàòà Dellater ïðîáâàé.
×åòè ïîâå÷å òóê - http://hardwarebg.com/forum/showthre...light=dellaterGigabyte X570 AORUS Ultra | 5950X | Arctic Liquid Freezer II 240 | Corsair Vengeance LPX 2x8GB 3200Mhz | Samsung 980 Pro 1TB + Samsung 970 Pro 1TB | Gigabyte AORUS GeForce RTX 3080 Ti Master 12GB | Fractal Design Meshify C Dark TG | Corsair AX860i | Samsung U32H850 32" 4K
-
16th August 2004 13:45 #3
Çà èçòðèâàíå íåçíàì àìà îïèòàé ïîíå äà ìó áëîêèðàø äåéñòâèåòî. Ìåæäó äðóãîòî ïîãëåäíè ñè ïðîöåñèòå àêî å òàì ïúðâî ïðåêúñíè ïðîöåñà è ñëåä òîâà ãî èçòðèé.
Ïîíÿêîãà, êîãàòî ìè ñå äîðàáîòè...ñÿäàì è ÷àêàì äà ìè ìèíå.
Ïðèøúëåöúò
Åêñïåíçèâ Ðàéìñ Õèï õîïà íà èçòîêà
-
16th August 2004 13:47 #4Registered User
Join Date: Aug:2004
Location: Ñîôèÿ
Posts: 9
Ïúðâî òðÿáâà äà òåðìèíèðàø thread-à, êîéòî å ñâúðçàí ñ ôàéëà, òîãàâà ùå ìîæåø äà ñè ãî òðèåø. Íàé ïðîñòî å äà èçòåãëèø îò íÿêúäå removal tool çà òîçè òðîÿíåö, êîéòî äà ñâúðøè ðàáîòàòà âìåñòî òåá.
Àêî íåùî ñòàíå êàêòî òðÿáâà, çíà÷è å ñòàíàëà óæàñíà ãðåøêà.
-
16th August 2004 17:16 #5Registered User
Join Date: Aug:2002
Posts: 1,145
Ñ dellater íå ñòàâà. Ðååáóòâàì è ïàê å òàì.
À â safe mode òîçè ôàéë íå ìîæå äà ãî âèäè.
Íå ñúùåñòâóâà òàêúâ ïðîöåñ çà äà ãî áëîêèðàì. Îñòàâèë ñúì ñàìî îñíîâíèòå ïðîöåñè.
Èçòåãëèõ removal tool , íî íèùî íå ñòàâà.
Òðÿáâà ïî íÿêàêúâ íà÷èí äà ãî èçòðèÿ.
-
16th August 2004 18:42 #6
áå êàê ïîä Ëèíóêñ íå ìîæå ? çà ïúðâè ïúò 4óâàì ïîäîáíî íåùî.
#rm -rf imenafail ðàçãîâîðà ñå ðàæäà èñòèíàòà.
Ìîÿòà ïîëîâèíêà
-
16th August 2004 19:57 #7Banned
Join Date: Jan:2004
Location: Montreal
Posts: 373
Ïîñòíè åäèí ëîã îò HjackThis äà âèäèì çà êàêâî èäå ðå÷,ïîñëåäíàòà âåðñèÿ(1.98.2) ìîæåø äà äðüïíåø îò Òóê
-
16th August 2004 20:12 #8Registered User
Join Date: Aug:2002
Posts: 1,145
rm: cannot remove: read-only fileOriginally posted by subn3t
áå êàê ïîä Ëèíóêñ íå ìîæå ? çà ïúðâè ïúò 4óâàì ïîäîáíî íåùî.
#rm -rf imenafail
èëè
could not delete file /mnt/hda5/.....
-
16th August 2004 20:25 #9Registered User
Join Date: Aug:2002
Posts: 1,145
Originally posted by lada_1500
Ïîñòíè åäèí ëîã îò HjackThis äà âèäèì çà êàêâî èäå ðå÷,ïîñëåäíàòà âåðñèÿ(1.98.2) ìîæåø äà äðüïíåø îò Òóê
Logfile of HijackThis v1.98.2
Scan saved at 20:19:12, on 16.8.2004 ã.
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\PDesk\PDesk.exe
D:\Program Files\FSI\F-Prot\F-StopW.EXE
D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
D:\WINDOWS\System32\mgabg.exe
D:\Documents and Settings\òàíÿ\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msc onfig.exe /auto
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [F-StopW] D:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - Global Startup: gwum.lnk = D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class) - http://www.rhinobell.com/PC2Phone.cab
O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
-
16th August 2004 21:02 #10Banned
Join Date: Jan:2004
Location: Montreal
Posts: 373
Çíà÷è ñàìî òâà íåðåäíî âèæäàì è àç
O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
îïèòàè äà ãî ôèêñíåø ñ Hjack è ðåñòàðòèðàè,àêî íå ñòàíå èäè
äî HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows ìèñëÿ ÷å å òàì è ãî èçòðèè îò ðåãèñòðèòå è ñëåä òîâà ãî äåëíè.
-
16th August 2004 21:44 #11Registered User
Join Date: Aug:2002
Posts: 1,145
Òî÷íî òàì å , ÍÎOriginally posted by lada_1500
Çíà÷è ñàìî òâà íåðåäíî âèæäàì è àç
O20 - AppInit_DLLs: D:\WINDOWS\System32\sqllg.dll
îïèòàè äà ãî ôèêñíåø ñ Hjack è ðåñòàðòèðàè,àêî íå ñòàíå èäè
äî HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows ìèñëÿ ÷å å òàì è ãî èçòðèè îò ðåãèñòðèòå è ñëåä òîâà ãî äåëíè.
Å òàêîâà ÷óäî íå áÿõ âèæäàë.
Äåëâàì ãî, èç÷åçâà è ñàìî ñëåä êàòî èäà â äðóã ðåãèñòúð è ñå âúðíà â ïðåäèøíàòà ïàê å òàì. Ìîäèôèöèðàì ãî - íå èñêà, çà ìîìåíòà äà , íî ñàìî ñëåä ìàëêî ïàê å ñúùîòî.
Êîãàòî å safe mode â HEY_LOCAL_MACHINE\Software\Microsoft\Win dows NT\CurrentVersion\Windows ñúùåñòâóâà Appinit_DLLs , íî áåç
sqllg.dll , íî âñå ïàê ãî äåëâàì (ab)AppInit_DLLs è íå ìîæå . Ïèøå , ÷å âñè÷êî å îê àìà íå å - ðåñòàðòèðàõ ìíîãî ïúòè - íèùî. Äåëâàì ðåãèñòúðà- ðåñòàðòèðàì, äåëâàì - ðåñòàðòèðàì è â íîðìàëåí è ñåèô è âñå ñè ñòîè òàì. Âñÿêà èíòåðâåíöèÿ âúðõó sqllg.dll èëè ñòàðòèðàíå íà ïðîãðàìà Ô-ïðîòà âåäíàãà èçâàæäà ñúîáùåíèåòî: " D:\WINDOWS\System32\sqllg.dll Infection: W32/Agent.AB " è òî íå åäíî àìè îò 2 äî 7-8 ðåäà åäèí è ñúù òåêñò. Hijack ñúùàòà ðàáîòà êàçâà ÷å ãî äåëâà è ùå ïðàâè áàêúï , íî íèùî íå ñòàâà.
-
16th August 2004 22:04 #12Banned
Join Date: Jan:2004
Location: Montreal
Posts: 373
E òàêà òðÿáâà äà ñòàíå (òîâà å îò symantec)
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
Rename the subkey:
"Windows"
to
"Windows1"
Wait approximately 5 seconds.
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Wi ndows NT\CurrentVersion\Windows1
In the right pane, double-click the following registry value name:
"AppInit_DLLs"
and delete the following text from the contents of the Value Data box:
%System%\<DLL filename>.dll
Restart the computer.
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion
Rename the subkey:
"Windows1"
to
"Windows"
Exit the Registry Editor.
Restart the computer
-
17th August 2004 05:25 #13Registered User
Join Date: Aug:2002
Posts: 1,145
Áëàãîäàðÿ Ëàäà_1500.
Òîâà íåùî ïðîðàáîòè ñàìî âðåìåííî. Âñè÷êî ñòàíà êàêòî ñè ãî îïèñàë. Íî ñëåä âðúùàíåòî íà ñòàðàòî èìå îò Windows1 íà Windows è ðåáóòâàíåòî òîé ïàê ñå ïîÿâè, íå áåøå âå÷å â òîçè ðåãèñòúð.
Çàïî÷íàõ äà ðàçãëåæäàì ñàìèÿ sqllg.dll ïîä ëèíóêñ. Ñúçäàäåí å íà 15.04.2004 , 54 Ê, âúòðå íÿìà òåêñòîâî ïîñëàíèå. Ñëåä êàòî ðàçáðàõ, ÷å ïîä ëèíóêñ íèùî íå ìîãà äà ìó íàïðàâÿ îòèäîõ ïàê â Windows è çàïî÷íàõ äà ãî òúðñÿ â ðåãèñòðèòå, íî óâè. Íå ìîæåøå äà ñå äåèíñòàëèðà ñ regsvr32 /u .Ïàê â safe mode è âèäÿõ çà ìîå ó÷óäâàíå, ÷å âå÷å å âèäèì,íî ïî íèêàêúâ íà÷èí íå ìîæåõ äà ïðàâÿ íåùî ñ íåãî , à ñëåä òîâà êëèêíàõ ñ äåñíèÿ áóòîí âúðõó íåãî è çàäàäîõ ÷ðåç ïðîãðàìàòà troyan remover äà ãî äåëíå è òÿ ãî èçòðè.
È âå÷å ãî íÿìà.
-
17th August 2004 10:36 #14
à ïîãëåäíà ëè äàëè ëèíóêñà ïîääúðæà read/write íà NTFS èëè ñàìî read ... ñ êàêâè îïöèè å çàêà4åí äÿëà è ò.í. ?
 ðàçãîâîðà ñå ðàæäà èñòèíàòà.
Ìîÿòà ïîëîâèíêà




Reply With Quote
Ïðåïîðú÷àéòå ìÿñòî çà ïî÷èâêà â...
7th May 2023, 14:24 in Îáùè ïðèêàçêè