Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    Nak Buang Virus Nih Tolong

    Share

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Nak Buang Virus Nih Tolong

    Post by 39cent on Mon Dec 14, 2009 7:29 pm

    salam..
    nak tanya cara nak solve virus nih
    1.pc aku jadi automatik shutdown lepas on shutdown balik
    2.Ada folder new folder setiap folder nak delete tak boleh
    dan dlm folder ada gak folder yg sama
    cth folder A kalo buka folder folder A tadi ada juga folder A
    kalau nak delete folder folder A yg virus ni tak boleh
    sekarang drive D dah penuh dengan folder yg tak boleh nak delete
    pc aku partition drive C & D
    ada sapa2 boleh tolong

    neology
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 372
    Age : 30
    Registration date : 25/04/2009

    Re: Nak Buang Virus Nih Tolong

    Post by neology on Mon Dec 14, 2009 8:26 pm

    run hijackthis dan post log hijackthis kat sini..nanti otai2 di sini cube tolong..

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by test0123 on Mon Dec 14, 2009 10:09 pm

    dah buat scan dgn malwarebytes

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: Nak Buang Virus Nih Tolong

    Post by 39cent on Mon Dec 14, 2009 10:23 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:22:39 PM, on 12/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WebcamMax\wcmmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\program files\internet explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\lqexu.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\pgau.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winyacd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winbdlq.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\icmbe.exe
    C:\WINDOWS\system32\notepad.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintdmefc.exe
    C:\Program Files\ManyCam 2.4\ManyCam.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintmjsgb.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winqtrte.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: FreshDownload - {7CEE2180-23DE-4C25-BA6E-A1BBD15DCCBE} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Windows Recycled Services - Unknown owner - C:\Program.exe (file missing)

    --
    End of file - 5066 bytes

    bazsh
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 401
    Age : 35
    Location : New Castle
    Job/hobbies : Surfing/Games
    Registration date : 20/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by bazsh on Mon Dec 14, 2009 10:42 pm

    Bro guna AV apa yer?
    Nape xder dalam log HJT tu
    Dah cuba scan ngan Malwarebytes?

    sofia
    Ahli Baharu
    Ahli Baharu

    Number of posts : 21
    Registration date : 26/05/2009

    Re: Nak Buang Virus Nih Tolong

    Post by sofia on Mon Dec 14, 2009 10:51 pm

    C:\DOCUME~1\pisi3\LOCALS~1\Temp\lqexu.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\pgau.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winyacd.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winbdlq.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\icmbe.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintdmefc.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintmjsgb.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winqtrte.exe

    delete semua benda ni (mungkin)
    update antivirus dan scan

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by test0123 on Mon Dec 14, 2009 10:55 pm

    O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

    removed ni juga

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: Nak Buang Virus Nih Tolong

    Post by 39cent on Mon Dec 14, 2009 10:56 pm

    av dah delete
    ari tu pakai AVG
    blm scan
    nnt try scan dulu pakai Malwarebytes

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: Nak Buang Virus Nih Tolong

    Post by 39cent on Mon Dec 14, 2009 11:53 pm

    ni logfile lepas scan ngan Malwarebytes

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:33 PM, on 12/14/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WebcamMax\wcmmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Software\New Folder.exe
    D:\Software\New Folder\New Folder.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winwrmbbi.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\windkdad.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winvycpy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    D:\Software\New Folder\New Folder.exe
    D:\Software\New Folder.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: FreshDownload - {7CEE2180-23DE-4C25-BA6E-A1BBD15DCCBE} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 4543 bytes

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: Nak Buang Virus Nih Tolong

    Post by 39cent on Tue Dec 15, 2009 12:32 am

    virus ni dah masuk setiap folder
    duplicate jadi folder asal size 23.8mb
    drive D dah full

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by test0123 on Tue Dec 15, 2009 1:00 am

    R0 - HKCU\Software\Microsoft\InternetExplorer\Main,Local Page =
    F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
    O4 - HKCU\..\Run: [Yahoo Messengger]C:\WINDOWS\System32\RVHOST.exe
    O7 -HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    C:\Documents and Settings\pisi3\LocalSettings\ApplicationData\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    D:\Software\New Folder.exe
    D:\Software\New Folder\New Folder.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winwrmbbi.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\windkdad.exe
    C:\DOCUME~1\pisi3\LOCALS~1\Temp\winvycpy.exe
    O2 - BHO: SingleInstance Class -{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -C:\ProgramFiles\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\ProgramFiles\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documentsand Settings\pisi3\Local Settings\ApplicationData\Google\Update\GoogleUpdate.exe" /c
    O9 - Extra button: FreshDownload -{7CEE2180-23DE-4C25-BA6E-A1BBD15DCCBE} -C:\Program Files\FreshDevices\FreshDownload\fd.exe
    removed semua ni

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: Nak Buang Virus Nih Tolong

    Post by 39cent on Tue Dec 15, 2009 2:21 am

    dah removed semue
    scan pakai Malwarebytes pun sudah
    folder clon tu masih ada lagi
    setiap folder dlm drive D
    terdapat 1 folder clon

    test0123
    Ahli Rajin
    Ahli Rajin

    Gender : Male Number of posts : 1002
    Age : 33
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by test0123 on Tue Dec 15, 2009 3:04 am

    New Folder.exe Virus Removal Tool
    buang folder exe tu

    Datuk_Seri
    Supervisor
    Supervisor

    Gender : Male Number of posts : 307
    Age : 36
    Location : Kuching-Kulim-Melaka-Norway!!!
    Job/hobbies : Gaming
    Registration date : 12/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by Datuk_Seri on Thu Dec 17, 2009 10:48 am

    Dipindahkah kebahagian Utiliti dan Sekuriti...


    --------------------------------------------
    Letak kat siggy,forum,blog,fw,twitter,fb korang.
    Code:
    [img]http://i82.photobucket.com/albums/j249/digolbot/siggyputera.png[/img]

    sayw
    Ahli Baharu
    Ahli Baharu

    Number of posts : 107
    Registration date : 07/03/2009

    Re: Nak Buang Virus Nih Tolong

    Post by sayw on Thu Dec 17, 2009 12:37 pm

    test advice jap
    kalau jadila

    pergi folder option
    untick hide microsoft program
    click yes
    pergi c
    cari ntdetect(fail corrupt) dan delete
    fail sebenar ialah ntdetech(minta nasihat mod-tgh saiko masa menaip xD)

    bazsh
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 401
    Age : 35
    Location : New Castle
    Job/hobbies : Surfing/Games
    Registration date : 20/02/2009

    Re: Nak Buang Virus Nih Tolong

    Post by bazsh on Thu Dec 17, 2009 2:39 pm

    Cuba scan guna CaSIR

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: Nak Buang Virus Nih Tolong

    Post by 39cent on Fri Dec 18, 2009 7:47 pm

    ok dah settle
    thanx semua

    Sponsored content

    Re: Nak Buang Virus Nih Tolong

    Post by Sponsored content Today at 11:01 am


      Current date/time is Sat Dec 10, 2016 11:01 am