Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    Virus/Spyware cina .cn

    Share

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Virus/Spyware cina .cn

    Post by ekin_mache on Fri Feb 27, 2009 2:18 pm

    salam warga putera..saya nak mintak pertolongan dr semua..pc kawan saya kna virus ni..tah spyware kot..dia akan bukak ie ngan sendirinya..pastu kuar tulisan cina ngan pengiraan..contoh 5+6=9 daalam bentuk susunan lidi..pastu kat bawah ade iklan ipod,mp3..cmane nak buang yer..name website yg slalu auto terbuakak tu..ade .cn kat belakang..cth..dcdgov.cn..gitu r lebih kurang

    buat pengetahuan..ekin da coba guna malwarebytes xleh buang..pastu dia detect smss.exe..tu virus..da guna super antispyware,avira,dan restore balik..tapi still x berubah

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: Virus/Spyware cina .cn

    Post by test0123 on Fri Feb 27, 2009 11:27 pm

    spyware scan

    afizsxp
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 104
    Age : 33
    Location : Bukit Tinggi,Klang
    Job/hobbies : Stc
    Registration date : 14/02/2009

    Re: Virus/Spyware cina .cn

    Post by afizsxp on Sat Feb 28, 2009 2:31 am

    Cube masuk melalui SAFE MODE,lepas
    tu scan balik... study

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Mon Mar 02, 2009 9:47 am

    virus tetap ade lepas format..rasanya virus tu ade dalam cd window kot..caner nak baung virus yg ade dalam window ni..dalam system32 plak tu..bla quarantine dia kuar error..aduh pening

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: Virus/Spyware cina .cn

    Post by e_sentinel on Mon Mar 02, 2009 11:15 am

    Mungkin dalam CD, mungkin boot sector dah infected ... jadi bila format tetap ada ... scan HijackThis ambik log, paste sini ..

    lumpy
    Ahli Baharu
    Ahli Baharu

    Number of posts : 9
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by lumpy on Mon Mar 02, 2009 11:42 am

    benda ni dipanggil adware... <<nak gitau ni je Razz

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Mon Mar 02, 2009 3:16 pm

    nanti saya letak log hijack

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Mon Mar 02, 2009 6:23 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:47:17 AM, on 3/6/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20696)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\PC Tools AntiVirus\PCTAV.exe
    C:\WINDOWS\System32\reader_s.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\hazrulhaffiz\reader_s.exe
    C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\services.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\a-squared Free\a2free.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    c:\program files\mozilla firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\hhupd.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\hhupd.exe,
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet muat turun Manager\IDMIECC.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
    O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\hazrulhaffiz\reader_s.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
    O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\hazrulhaffiz\reader_s.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\hazrulhaffiz\reader_s.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: muat turun all links with IDM - C:\Program Files\Internet muat turun Manager\IEGetAll.htm
    O8 - Extra context menu item: muat turun FLV video content with IDM - C:\Program Files\Internet muat turun Manager\IEGetVL.htm
    O8 - Extra context menu item: muat turun with IDM - C:\Program Files\Internet muat turun Manager\IEExt.htm
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

    --
    End of file - 6499 bytes

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Mon Mar 02, 2009 6:24 pm

    REG:system.ini:
    UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\actcontroller.exe,C:\WINDOWS\system32\hhupd.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\i386kd.exe,C:\WINDOWS\system32\hhupd.exe,


    C:\WINDOWS\services.exe

    C:\WINDOWS\system32\spoolsv.exe

    ( Virusd kan )

    antivirus
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 48
    Location : Private Server
    Registration date : 13/02/2009

    Re: Virus/Spyware cina .cn

    Post by antivirus on Mon Mar 02, 2009 7:27 pm

    aik.bkan ke arie tu topik nie kat tanyasystm.x silap ak ICEBOX suruh u scan gune a squared free.u dah cube ke

    antivirus
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 48
    Location : Private Server
    Registration date : 13/02/2009

    Re: Virus/Spyware cina .cn

    Post by antivirus on Mon Mar 02, 2009 7:29 pm

    ke msalh u x selesai lgi. x pe kite mintak tlong kat pro IT kat putera nie.hiihi

    lumpy
    Ahli Baharu
    Ahli Baharu

    Number of posts : 9
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by lumpy on Mon Mar 02, 2009 8:13 pm

    C:\WINDOWS\System32\reader_s.exe

    malware!!

    http://www.google.com.my/search?q=reader_s.exe&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

    e_sentinel
    Ahli Baharu
    Ahli Baharu

    Number of posts : 479
    Registration date : 02/03/2009

    Re: Virus/Spyware cina .cn

    Post by e_sentinel on Mon Mar 02, 2009 8:22 pm

    Huh .. seram betul tengok log awak ekin ... banyak sangat nasty ..

    Code:
    C:\WINDOWS\System32\reader_s.exe
    C:\Documents and Settings\hazrulhaffiz\reader_s.exe
    C:\WINDOWS\services.exe
    O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
    O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
    O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\hazrulhaffiz\reader_s.exe
    O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
    O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')

    Ikut guide ni:

    muat turun Combofix by sUBs and save to your desktop:
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    atau dari sini :
    http://subs.geekstogo.com/ComboFix.exe

    Note:
    It is important that it is saved directly to your desktop


    Close any open browsers.
    Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
    "%userprofile%\desktop\combofix.exe" /killall



    Combofix.exe will start,please follow the prompts.
    When it's finished it will produce a log.

    Note:
    Do not mouseclick combofix's window while it's running.
    That may cause the program to freeze/hang.


    Awak boleh dapatkan log Combofix di C:\ComboFix.txt

    Note: sila ikut arahan dengan betul apabila menggunakan Combofix

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: Virus/Spyware cina .cn

    Post by baok on Mon Mar 02, 2009 10:50 pm

    ekin_mache, run dulu ComboFix macam yang e-sentinel cakap, then terus sambung dengan Dr.Web CureIt... Suspek ada polymorphic file infector kat computer tu.. Kalau ada, maka terpaksa buat full-format kat semua partition..



    muat turun Dr.Web CureIt dan save kat Desktop

    1.Double-click launch.exe dan biarkan ia jalankan express scan. Tekan Yes untuk semua infection yang dijumpai
    2. Pilih Complete Scan dan tekan butang panah hijau untuk mulakan scan.
    3. Apabila scan habis, tandakan kotak Select all >> tekan Cure dan pilih Move incurable >> Biarkan proses pembersihan tamat.
    3. Pergi ke menu >> click File >> pilih Save report list >> Save ke Desktop sebagai DrWeb.csv
    4. Reboot ke Normal Mode >> buka DrWeb.csv sebagai Notepad >> Post kandungan DrWeb.csv di sini


    Last edited by baok on Mon Mar 02, 2009 10:58 pm; edited 1 time in total (Reason for editing : will not reveal what that doesn't need to..)

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 8:50 am

    mmg ekin da letak kat tanyasystm..tapi ekin da pening..kat situ org x ramai lagi..ekin da guna asquared..pc blackout..x leh buang virus..kalau ekin buang satu2pc restrat x brnti..ekin cuba yg ni dulu..ekin da bengang gila ngan pc ni..x penah ag mengahadapi masalah yg teruk cani..biasa format mesti ilang..ni format bertambah lak virus..ekin cuba yg ni dulu

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 9:00 am

    ekin rasa la kan..sape yg pro boleh x tgk pc ekin...dgn teamviewer ker..ekin da x tau nak wat per ni

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: Virus/Spyware cina .cn

    Post by baok on Tue Mar 03, 2009 10:19 am

    ekin.. completekan dulu 2 step tu, ComboFix dan Dr.Web...

    Saya suspect pc tu ada Win32.Virut.. jadi kene tengok dulu 2 log tersebut.. rujuk post e-sentinel dan post saya di muka belakang...


    Kalau betul kene Win32.Virut, variant baru memang tak ada cure.. Kene buat full format.. Rujuk post di bawah..

    A quote from a malware expert (sUBs)

    http://forum.lowyat.net/index.php?showtopic=538671&view=findpost&p=23701573

    Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

    If you do not know how to perform a fresh install, use this website > http://www.windowsreinstall.com/

    Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.

    full reformat means, format on ALL partitions..


    sUBs ialah pembuat ComboFix

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 3:26 pm

    ok2..ekin cuba dulu..erk Mad

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 6:43 pm

    kna buat macammane ngan combofix ni

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 9:12 pm

    reader_s.exe;c:\documents and settings\user;Trojan.DownLoad.29459;Deleted.;
    msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Incurable.Moved.;
    xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Incurable.Moved.;
    dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.;
    ati7ptxx.sys;c:\windows\system32\drivers;BackDoor.Bulknet.240;Deleted.;
    ndis.sys;c:\windows\system32\drivers;Trojan.NtRootKit.2670;Deleted.;
    logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.;
    netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;
    reader_s.exe;c:\windows\system32;Trojan.DownLoad.29459;Deleted.;
    svchost.exe:ext.exe;c:\windows\system32;Win32.Virut.56;Cured.;
    svchost.exe:ext.exe;c:\windows\system32;Trojan.Spambot.4348;Deleted.;
    sxepetxv.dll;c:\windows\system32;BackDoor.JackBot.1;Deleted.;
    sxepetxv32.dll;c:\windows\system32;BackDoor.JackBot.1;Deleted.;
    wscntfy.exe;c:\windows\system32;Win32.Virut.56;Cured.;
    bn1.tmp;c:\windows\temp;Trojan.Packed.438;Deleted.;
    lxd2d.tmp;c:\windows\temp;BackDoor.JackBot.1;Deleted.;

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 9:13 pm

    lepas ekin deleted n cure ni kan..internet lak x leh connect..so ekin restore balik..cane erk

    ekin_mache
    Ahli Baharu
    Ahli Baharu

    Gender : Female Number of posts : 46
    Age : 31
    Location : MaChe,Q_Late
    Job/hobbies : karaoke
    Registration date : 17/02/2009

    Re: Virus/Spyware cina .cn

    Post by ekin_mache on Tue Mar 03, 2009 9:14 pm

    guna dr web

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: Virus/Spyware cina .cn

    Post by baok on Tue Mar 03, 2009 10:47 pm

    Ekin..

    netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.;

    Itu Virut variant baru.. Nothing cure that one, not even Dr.Web at this time...

    Please backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer/screensaver and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar/.php/.asp files...

    Make sure you back-up everything ONLY via CD or DVD (non-rewritable).. If you need to backup into external hard drive or thumbdrive, make sure it is EMPTY.. Meaning NO FILE inside it.. Format the external drive first before attach it to the infected computer.. A single .exe file inside the external drive may infected other computers as well..


    A quote from an expert (sUBs)

    http://forum.lowyat.net/index.php?showtopic=538671&view=findpost&p=23701573

    Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

    If you do not know how to perform a fresh install, use this website > http://www.windowsreinstall.com/

    Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.

    full reformat means, format on ALL partitions..


    Last edited by baok on Tue Mar 03, 2009 10:59 pm; edited 1 time in total

    baok
    Ahli Baharu
    Ahli Baharu

    Number of posts : 169
    Registration date : 20/02/2009

    Re: Virus/Spyware cina .cn

    Post by baok on Tue Mar 03, 2009 10:49 pm

    Lagi satu, carik file dibawah, zip kan die, upload kat Rapidshare atau 2shared, pm link die kat aku.. aku perlukan sample tersebut...

    C:\WINDOWS\System32\reader_s.exe
    C:\Documents and Settings\hazrulhaffiz\reader_s.exe

    wanjihan
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1106
    Age : 36
    Location : Kaybee, Kelate
    Job/hobbies : Tenet jer....
    Registration date : 21/02/2009

    Re: Virus/Spyware cina .cn

    Post by wanjihan on Tue Mar 03, 2009 11:05 pm

    virus ada kt tgn awak kot ekin? hahhahaha

    Sponsored content

    Re: Virus/Spyware cina .cn

    Post by Sponsored content Today at 6:46 pm


      Current date/time is Sat Dec 10, 2016 6:46 pm