Page 7 of 11 FirstFirst ... 56789 ... LastLast
Results 151 to 175 of 357

Thread: , , adware

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User stzbg_group's Avatar
    Join Date: Aug:2009
    Location: /
    Posts: 1,045
    2 :



    , msconfig-, !? Kaspersky Internet Security 2010,
    , 10% , , - , , . ?!
    1. Lenovo Legion 5 - AMD R5 4600H, 16GB 3200Mhz, Nvidia 1650 Ti, 512 SSD, FHD IPS 144Mhz; 2. Xiaomi Mi Pad 4 - 4GB/64GB; 3. Xiaomi Mi Mix 2 - 6GB/128GB; 4. Motorola G4 - 3GB/32GB; 5. Iphone 5s - 32gb; 6. Samsung S8 - 64GB - like Android TV Box

  2. #2
    Registered User jossbomon's Avatar
    Join Date: Nov:2008
    Location:
    Posts: 226
    Quote Originally Posted by stzbg_group View Post
    2 :
    , msconfig-, !? Kaspersky Internet Security 2010,
    , 10% , , - , , . ?!
    System restore, Advanced Process Termination 4.2. Malwarebytes

  3. #3
    Registered User stzbg_group's Avatar
    Join Date: Aug:2009
    Location: /
    Posts: 1,045
    Quote Originally Posted by jossbomon View Post
    !
    1. Lenovo Legion 5 - AMD R5 4600H, 16GB 3200Mhz, Nvidia 1650 Ti, 512 SSD, FHD IPS 144Mhz; 2. Xiaomi Mi Pad 4 - 4GB/64GB; 3. Xiaomi Mi Mix 2 - 6GB/128GB; 4. Motorola G4 - 3GB/32GB; 5. Iphone 5s - 32gb; 6. Samsung S8 - 64GB - like Android TV Box

  4. #4
    Registered User PepiX's Avatar
    Join Date: Sep:2004
    Location:
    Posts: 13,376
    Associated Malware Groups

    The unsafe files using this name are associated with the malware group:
    Cloaked Malware

    File Behavior

    EMD.EXE has been seen to perform the following behavior:
    Adds products to the system registry
    Writes to another Process's Virtual Memory (Process Hijacking)
    Executes a Process
    Adds a Registry Key (RUN) to auto start Programs on system start up
    Can communicate with other computer systems using HTTP protocols
    Removes Scheduled Tasks from the Windows task queue
    Executes Processes stored in Temporary Folders
    This process creates other processes on disk

    EMD.EXE has been the subject of the following behavior:
    Deleted as a process from disk
    Added as a Registry auto start to load Program on Boot up
    Created as a process on disk
    Executed as a Process
    Has code inserted into its Virtual Memory space by other programs
    Terminated as a Process
    ███████ ( Ilko)
    ███████-, ? ( )
    ███████

  5. #5
    Registered User
    Join Date: Feb:2008
    Location:
    Posts: 5,585

  6. #6
    MEGADETH mkp's Avatar
    Join Date: Jul:2003
    Location: _
    Posts: 1,746
    Quote Originally Posted by mroussev View Post
    ........
    http://support.microsoft.com/kb/299357 , , . ?

  7. #7
    Registered User
    Join Date: Feb:2008
    Location:
    Posts: 5,585
    , , .

  8. #8

  9. #9
    Registered User pefo_1's Avatar
    Join Date: Apr:2009
    Location: Sofia
    Posts: 285
    , ?? :

    1. Sending infected JPEGs to other, uninfected computers will have no effect, NAI confirmed. Image files do not have the ability to execute malicious code, so simply viewing a JPEG, without the infector running on the same machine, will not have any effect, other than slowing it down while any installed anti-virus software scans it.
    2. Someone has to download this virus to start with. Then, when you run it, it will place virus code in a JPG file that can't do anything without an extractor. So, in order to spread on someones machine, they would have to download the extractor!!
    3. "Some anti-virus vendors may be tempted to predict the end of the world as we know it, or warn of an impending era when all graphic files should be treated with suspicion. Such experts should be ashamed of themselves," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Not only is this virus not in the wild, but also graphic files infected by this virus are completely and utterly harmless, unless they can find an already infected machine to assist them. It's like a cold only being capable of making people who already have runny noses feel ill."
    4.The virus is built to spread first as an executable, or .exe, file and then in JPEG image files, Gullotto says. Were it to spread in the wild, W32/Perrun would appear as an executable that would infect JPEGs when it was run, he says. The executable can be transmitted in standard ways, such as by download and via e-mail. The first JPEG viewed after the executable is run will have the virus code appended to it, Gullotto says. The virus will then seek out other JPEG files in the same directory and try to infect them, he says. W32/Perrun is the first virus to infect JPEGs, according to McAfee.
    , ,

  10. #10
    Registered User jossbomon's Avatar
    Join Date: Nov:2008
    Location:
    Posts: 226
    Quote Originally Posted by pefo_1 View Post
    , ?? :


    , ,
    "" .JPG .BMP. http://www.google.bg/#hl=bg&q=%D0%BA...91194ffe10faa3
    ...

  11. #11
    Registered User
    Join Date: Aug:2009
    Location: bulgaria
    Posts: 84
    : DR/autoit.aft.259 dropper, ? :\WINDOWS\system32\csrcs.exe.Avira, csrcs.exe , Windows XP, , . .

  12. #12
    Registered User
    Join Date: May:2008
    Location: Sofia
    Posts: 1,207
    Quote Originally Posted by first_m View Post
    : DR/autoit.aft.259 dropper, ? :\WINDOWS\system32\csrcs.exe.Avira, csrcs.exe , Windows XP, , . .
    Norton AntiVirus 2011 Beta.

  13. #13
    SystemError's Avatar
    Join Date: Sep:2009
    Location: Berlin/Varna
    Posts: 587
    . welcome . ccleaner, , 3 40 windows. .
    Last edited by SystemError; 8th August 2010 at 16:33.
    - a
    - a ,
    - , ...

  14. #14
    HODL! der_meister's Avatar
    Join Date: Mar:2005
    Location:
    Posts: 1,254
    1. Autoruns - http://technet.microsoft.com/en-us/s.../bb963902.aspx

    2. win->run msconfig - .

    3. win->run services.msc - , , .

  15. #15
    SystemError's Avatar
    Join Date: Sep:2009
    Location: Berlin/Varna
    Posts: 587
    ,autoruns
    - a
    - a ,
    - , ...

  16. #16
    Registered User
    Join Date: Nov:2009
    Location:
    Posts: 30
    svchost.exe , windows xp , mozilla . startup , , startup hijackthis, , 1-2

  17. #17
    Registered User cvetkopetko's Avatar
    Join Date: Jan:2009
    Location:
    Posts: 2,736
    Quote Originally Posted by kingg View Post
    svchost.exe , windows xp , mozilla . startup , , startup hijackthis, , 1-2
    1. MBAM .

    2. dds.

    3. Security check.
    Last edited by cvetkopetko; 22nd August 2010 at 14:33.
    ASRock B450M Pro4 | AMD Ryzen 5 2600 @ 3800MHz | 2x8GB G.Skill AEGIS DDR4 @ 3000MHz | NVIDIA GeForce GTX 1060 3GB | A-DATA XPG GAMMIX S11 Pro 256GB | Seasonic S12II 520W
    CPU-Z

  18. #18
    Registered User
    Join Date: Nov:2009
    Location:
    Posts: 30
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    22.8.2010 . 21:36:12
    mbam-log-2010-08-22 (21-36-12).txt

    Scan type: Quick scan
    Objects scanned: 115834
    Time elapsed: 6 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 3
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ac tive Setup\Installed Components\{3xe56qr1-o065-mp15-83mc-32to243qg08b} (Generic.Bot.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ac tive Setup\Installed Components\{ho5nw01m-ydt3-c6x3-0fdy-r5g8q4gfi862} (Generic.Bot.H) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run\hkcu (Backdoor.SpyNet.M) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Policies\Explorer\R un\policies (Backdoor.SpyNet.M) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Policies\Explorer\Ru n\policies (Backdoor.SpyNet.M) -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Se curity Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\config\svchost.exe (Generic.Bot.H) -> No action taken.
    C:\Documents and Settings\LuD14KoTo\Application Data\cglogs.dat (Malware.Trace) -> No action taken.
    C:\Documents and Settings\LuD14KoTo\Local Settings\Temp\UuU.uUu (Malware.Trace) -> No action taken.
    C:\Documents and Settings\LuD14KoTo\Local Settings\Temp\XxX.xXx (Malware.Trace) -> No action taken.
    /Hidden: MBAM Log



    , cvetkopetko , , .

  19. #19
    Registered User cvetkopetko's Avatar
    Join Date: Jan:2009
    Location:
    Posts: 2,736
    mbam.

    1. System Resotre resotre point's.

    2. safe mode.

    3. mbam .

    4. normal mode mbam .

    5. hitman pro 3.5 .

    : , , .
    2: , USB Spread .
    Last edited by cvetkopetko; 23rd August 2010 at 03:15.
    ASRock B450M Pro4 | AMD Ryzen 5 2600 @ 3800MHz | 2x8GB G.Skill AEGIS DDR4 @ 3000MHz | NVIDIA GeForce GTX 1060 3GB | A-DATA XPG GAMMIX S11 Pro 256GB | Seasonic S12II 520W
    CPU-Z

  20. #20
    Registered User palavata_tanq's Avatar
    Join Date: Aug:2009
    Location: Ruse
    Posts: 28
    Quote Originally Posted by cvetkopetko View Post
    2. safe mode.

    3. mbam .

    4. normal mode mbam .
    , mbam, safe mode.

  21. #21
    Registered User
    Join Date: Aug:2010
    Location:
    Posts: 4
    ... - - .

  22. #22
    Registered User cvetkopetko's Avatar
    Join Date: Jan:2009
    Location:
    Posts: 2,736
    1.
    MBAM malwarebytes
    Desktop. , - hwmbam.exe
    MBAM (hwmbam.exe)
    . , .
    , MBAM ( ) . , .
    . , .
    , .
    , , Remove Selected (" ")
    , log Notepad .
    .

    2.
    DDS bleepingcomputer.
    Desktop.
    DDS, :
    DDS , Run.
    DDS , Notepad: DDS.txt Attach.txt .

    3.
    Security Chek spywareinfoforum
    Desktop.
    Security Chek , Run.
    Security Chek , Notepad: checkup.txt .
    Last edited by cvetkopetko; 27th August 2010 at 07:27.
    ASRock B450M Pro4 | AMD Ryzen 5 2600 @ 3800MHz | 2x8GB G.Skill AEGIS DDR4 @ 3000MHz | NVIDIA GeForce GTX 1060 3GB | A-DATA XPG GAMMIX S11 Pro 256GB | Seasonic S12II 520W
    CPU-Z

  23. #23
    Registered User
    Join Date: Nov:2009
    Location:
    Posts: 30
    , cvetkopetko!

  24. #24
    Registered User
    Join Date: Sep:2010
    Location: Ruse
    Posts: 1
    2- . ., 5 USB . . . . , . .7-8 . , 2 . -. COMODO . .

  25. #25
    Banned all's Avatar
    Join Date: Feb:2003
    Location: Sofia
    Posts: 6,980
    Quote Originally Posted by nemzes View Post
    2- . ., 5 USB ...
    Limited account + F-secure

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |