Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Share

    xronex
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 4
    Age : 29
    Job/hobbies : Student
    Registration date : 02/05/2009

    Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by xronex on Mon May 04, 2009 6:15 am

    Kt pendrive aku jmpe file yg maybe virus....

    tp aku x taw mne dtg nye....

    mlm td aku da format pc nk dkt 4 kali...

    yg peliknye virus nih msuk lp aku install soundcard driver...

    haiz...

    spe2 yg otai2 bole x tlg usha kn bende nih...cmne nk resolve bende ni...

    wanjihan
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1106
    Age : 36
    Location : Kaybee, Kelate
    Job/hobbies : Tenet jer....
    Registration date : 21/02/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by wanjihan on Mon May 04, 2009 9:42 am

    aku search kt google tkde pun pasal "dvhcmh.cmd" tu...

    TOYSЯUS
    Moderators
    Moderators

    Gender : Male Number of posts : 1571
    Age : 30
    Location : Kolam Kering - 3°5′00″N 101°32′00″E
    Job/hobbies : Pembunuh
    Registration date : 27/02/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by TOYSЯUS on Mon May 04, 2009 3:31 pm

    Cuba 'tarik' fail dvhcmh.cmd tu ke dalam notepad dan tengok kalau boleh baca isi kandungannya.


    --------------------------------------------
    TETTT!!

    xronex
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 4
    Age : 29
    Job/hobbies : Student
    Registration date : 02/05/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by xronex on Mon May 04, 2009 4:24 pm

    tp yg pasti nye bende nih menyusah kn aku...

    aku suspect bende nih virus...

    sbb bile aku aku active "show hidden files" kt folder option...lps 15s die mesti deactive blk...

    tp die jd gtu klu aku install apa2 software dr partition (D:\) aku...haiz...xkn nk delete sume software yg aku ade...

    ade spe2 bole solve x...??

    TOYSЯUS
    Moderators
    Moderators

    Gender : Male Number of posts : 1571
    Age : 30
    Location : Kolam Kering - 3°5′00″N 101°32′00″E
    Job/hobbies : Pembunuh
    Registration date : 27/02/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by TOYSЯUS on Mon May 04, 2009 4:56 pm

    Scan guna antivirus (Kaspersky / BitDefender recommended), lepas tu scan guna MalwareBytes.


    --------------------------------------------
    TETTT!!

    xronex
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 4
    Age : 29
    Job/hobbies : Student
    Registration date : 02/05/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by xronex on Mon May 04, 2009 5:37 pm

    da...

    tp x detect ape2....

    tp bende ni cm menyusahkn aku...

    TOYSЯUS
    Moderators
    Moderators

    Gender : Male Number of posts : 1571
    Age : 30
    Location : Kolam Kering - 3°5′00″N 101°32′00″E
    Job/hobbies : Pembunuh
    Registration date : 27/02/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by TOYSЯUS on Mon May 04, 2009 10:42 pm

    Ok kalau macam tu scan guna HijackThis, paste log dia di sini.
    Mungkin ramai yang akan tampil membantu.


    --------------------------------------------
    TETTT!!

    xronex
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 4
    Age : 29
    Job/hobbies : Student
    Registration date : 02/05/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by xronex on Tue May 05, 2009 4:44 am

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:42:25 AM, on 5/5/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20583)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\winegok.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\nyxp.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\dvjsb.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\ueuxju.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\winioawo.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\winbmul.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\winibhypc.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\winsouo.exe
    C:\Program Files\Garena\Garena.exe
    C:\DOCUME~1\Xronex\LOCALS~1\Temp\xvev.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

    --
    End of file - 3487 bytes

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by baok on Tue May 05, 2009 8:03 am

    Nampak macam Sality.. Buat ini dahulu.. Kita nak pastikan samada komputer tu kena virus Sality atau tidak..

    Step 1..

    Pergi kat VirSCAN.org FREE on-line scan service dan upload/scan file di bawah.. Kalau salah satu file die detect Sality atau Virut, stop dan beritahu.. Kalau semua file di bawah clean, step seterusnya..

    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe



    Step 2..

    Download RSIT oleh random/random dan save ke Desktop

    1. Double-click RSIT >> pastikan List files/folders created or modified in the last ditukar kepada 3 months >> tekan Continue
    2. Sekiranya RSIT mahu install HijackThis >> tekan I Accept
    3. Nanti akan ada dua log keluar (log.txt dan info.txt). Postkan kedua-dua log tersebut.

    Sponsored content

    Re: Ape bende "dvhcmh.cmd" kt pendrive aku nih...??

    Post by Sponsored content Today at 9:05 am


      Current date/time is Sat Dec 10, 2016 9:05 am