Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


    ym hantar virus kat id member dlm list

    Share

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    ym hantar virus kat id member dlm list

    Post by 39cent on Fri Jan 08, 2010 3:37 am

    salam
    nak tanya
    virus pe kt ym aku
    tetiba je send link Vao day nghe bai nay di ban http://nhattruongquang.0catch.com
    kt id member kt list ym
    siap jd status lagi

    bazsh
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 401
    Age : 35
    Location : New Castle
    Job/hobbies : Surfing/Games
    Registration date : 20/02/2009

    Re: ym hantar virus kat id member dlm list

    Post by bazsh on Fri Jan 08, 2010 7:10 am

    Maybe bro boleh try rujuk kat SINI

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: ym hantar virus kat id member dlm list

    Post by 39cent on Fri Jan 08, 2010 8:23 pm

    sori..
    bro tak boleh nak display Registry
    dah type kt run-regedit-ok
    benda tu display pastu hilang

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: ym hantar virus kat id member dlm list

    Post by johnburn on Fri Jan 08, 2010 10:33 pm

    Download malwarebyte, install, update, dan scan. Then paste log dia beserta log hijackthis di sini.


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: ym hantar virus kat id member dlm list

    Post by 39cent on Fri Jan 08, 2010 11:22 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:54 PM, on 1/8/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\RVHOST.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Autorun Eater\oldmcdonald.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\WINDOWS\system32\RVHOST.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Autorun Eater\billy.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\ManyCam 2.4\ManyCam.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    D:\Software\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
    O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
    O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: FreshDownload - {48FB6306-D106-4D29-B356-424FAB38689D} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6903 bytes

    MaXi32
    Ahli Baharu
    Ahli Baharu

    Number of posts : 3
    Registration date : 08/01/2010

    Re: ym hantar virus kat id member dlm list

    Post by MaXi32 on Fri Jan 08, 2010 11:24 pm

    Dah ok ke? kalau x ok aku ada solution lain.

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: ym hantar virus kat id member dlm list

    Post by johnburn on Fri Jan 08, 2010 11:25 pm

    Log malwarebyte? log hijackthis ni sblom scan ngan malwarebyte ke selepas malwarebyte?


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: ym hantar virus kat id member dlm list

    Post by 39cent on Fri Jan 08, 2010 11:38 pm

    selepas scan malwarebyte
    malwarebyte tgh scan time tu

    bazsh
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 401
    Age : 35
    Location : New Castle
    Job/hobbies : Surfing/Games
    Registration date : 20/02/2009

    Re: ym hantar virus kat id member dlm list

    Post by bazsh on Fri Jan 08, 2010 11:42 pm

    Kalo tengok pada log ada RVHOST.exe worm
    Cuba scan ngan Malwarebytes johnburn suruh
    Maybe dengan membuang worm tersebut registy editor bro akan kembali normal

    Entry ni maybe boleh di fix

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
    O9 - Extra button: FreshDownload - {48FB6306-D106-4D29-B356-424FAB38689D} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

    johnburn
    Moderators
    Moderators

    Gender : Male Number of posts : 755
    Location : Terengganu
    Registration date : 07/03/2009

    Re: ym hantar virus kat id member dlm list

    Post by johnburn on Fri Jan 08, 2010 11:51 pm

    Bagi log malwarebyte dan log hijackthis selepas scan dengan malwarebyte.


    --------------------------------------------

    tahukah kamu saat kamu menangis
    adalah air mata ku yang jatuh berlinang
    tahukah kamu saat kamu tersakiti
    adalah aku yang pertama terluka
    Jangan Klik

    39cent
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 15
    Registration date : 16/06/2009

    Re: ym hantar virus kat id member dlm list

    Post by 39cent on Sat Jan 09, 2010 12:16 am

    Malwarebytes' Anti-Malware 1.43
    Database version: 3477
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/9/2010 12:14:11 AM
    mbam-log-2010-01-09 (00-14-11).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 159729
    Time elapsed: 43 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ni log lepas aku scan balik
    1st scan dah remove file infected

    bazsh
    Ahli Baharu
    Ahli Baharu

    Gender : Male Number of posts : 401
    Age : 35
    Location : New Castle
    Job/hobbies : Surfing/Games
    Registration date : 20/02/2009

    Re: ym hantar virus kat id member dlm list

    Post by bazsh on Sat Jan 09, 2010 12:59 am

    Cuba bg log hijackthis lepas disinfection

    aura
    Ahli Baharu
    Ahli Baharu

    Number of posts : 14
    Registration date : 05/03/2009

    Re: ym hantar virus kat id member dlm list

    Post by aura on Sat Jan 09, 2010 10:39 pm

    takyah nak cuba cuba la...
    format jer pc tu..
    Even pakai deep freeze pun leh kena juga virus tu...
    Tah cam ne pembuat virus tu buat aku pun tak tahu lol
    Komp adik aku kena virus tu walaupun thaw dengan deep freeze. Dia delete file windows secara random.. tak tahu la.. lepas kena asik itu missing ini missing..
    alih-alih format satu pc lol walau pun pakai deep freeze.
    Portable HD dia pun kena juga.. HD tu kena format juga.
    lol!

    Aku check nampak cam dari vietnam jer..

    aura
    Ahli Baharu
    Ahli Baharu

    Number of posts : 14
    Registration date : 05/03/2009

    Re: ym hantar virus kat id member dlm list

    Post by aura on Sat Jan 09, 2010 10:46 pm

    mungkin virus tu ader kat sini:
    dalam folder ni kat setiap partition hd ko dalam folder System Volume Information

    pastu folder asal System Volume Information patutnya tak leh klick mean cannot acess la.. tapi yang asal telah di delete dan diganti dgn folder virus.. lol bijak bijak... patut la deep freeze pun hanxcur juga ....

    Satu lagi anti deepfreeze juga ada yang berasal dari vietnam jugak hehehe.... same creator or what? lol!

    Sponsored content

    Re: ym hantar virus kat id member dlm list

    Post by Sponsored content Today at 4:28 am


      Current date/time is Sun Dec 11, 2016 4:28 am