[Virus] tolongggg...

bzzts · Post time 1-7-2008 02:24 AM

ko tau masuk SAFEMODE tak?
kalo buleh, gi safemode. masa dalam safemode, senang sikit nak cuci pc ni.

kmkd · Post time 1-7-2008 09:20 AM

penat je aku bagi link tu, ah dia jenguk ke tak tah

http://siri.geekstogo.com/SmitfraudFix.php <-- ni pagenya
http://siri.urz.free.fr/Fix/SmitfraudFix.exe <-- ni downloadnya

This tool removes Desktop Hijack malware:AdwarePunisher, AdwareSheriff, AlphaCleaner, AntiSpyCheck, AntispywareSoldier, AntiVermeans, AntiVermins, AntiVerminser, AntiVirGear,AntivirusGolden, AVGold, Awola, BraveSentry, IE Defender, MalwareCrush,MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro,MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com,Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush,SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal,SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop,SpywareLocked, SpywareQuake, SpywareKnight, SpywareRemover,SpywareSheriff, SpywareStrike, Startsearches.net, TitanShieldAntispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusHeat, Virus Protect, Virus Protect Pro, VirusBlast, VirusBurst,VirusRay, Win32.puper, WinHound, Brain Codec, ChristmasPorn,DirectAccess, DirectVideo, EliteCodec, eMedia Codec, EZVideo,FreeVideo, Gold Codec, HQ Codec, iCodecPack, IECodec, iMediaCodec,Image ActiveX Object, Image Add-on, IntCodec, iVideoCodec, JPEGEncoder, Key Generator, LookForPorn, Media-Codec, MediaCodec,MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, NetProject,Online Image Add-on, Online Video Add-on, PCODEC, Perfect Codec,PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec,Silver Codec, SearchPorn, SiteEntry, SiteTicket, SoftCodec, strCodec,Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video AccessActiveX Object, Video ActiveX Object, Video Add-on,VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro,WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...

dan diupdate selalu, maknanya boleh la tu.. kalau tak mau try pun tak pe.. bukan K kisah pun

gurau jerkkk

[ Last edited by kmkd at 1-7-2008 09:27 AM ]

melor_wangi · Post time 1-7-2008 02:58 PM

dak cuba dah smithfraud tu.....hasilnya benda alah tu tetap ada jugak. aku nak uninstall program antiviruss tu pun tak dapat2.
btol ke ni hasilnya kalau kite smithfrd tu...laptop kite kembali ke asal...maksudnya..screen saver ke hapa ilang. itulah yg blaku skrg...biru jerrr...
kalau dh bjaya dlm misi aku tu....apesal lptop aku still lemah jer... ???

melor_wangi · Post time 1-7-2008 03:02 PM

tahu...aku pun try delete northon antivirus melalui safe mod tapi takleh....
aku jugak ada try yg mcm di sajest oleh meha tu....tapi leh ke connect ke intnet mlalui safe mode?? aku wat tak boleh pun...so aku tk tahu apa yang aku buat tu efektif ke idakk....
apa pendapat ko??

melor_wangi · Post time 1-7-2008 03:04 PM

meha...lepas step scan betdefender tu....ada lagi ke step yang perlu aku buat????

melor_wangi · Post time 1-7-2008 03:06 PM

bzzts....kalau masuk save mode apa aku perlu buat?? just scan guna antivirus yang aku guna tu je ke macamana????

bzzts · Post time 1-7-2008 03:23 PM

scan guna antivirus yg ko guna tu.
pastu guna spybot jugak.

melor_wangi · Post time 1-7-2008 03:51 PM

ini hasil yang aku buat smithfrd tu...betul ke macamni. efektif dah ke? yang aku perasan lepas aku try ni dah tak kaur dah virus2... cuma warning dari antivirus advanced tu je ada. suruh aku install bayar2.
camne nak buang???

unuk pngetahuan aku buat semua step (6 tak salah) yang ada dlm smtfrd tu.....bermasalah ke tak hah???

ni report yang di kasi..........

""""""""""""""""SmitFraudFix v2.328

Scan done at 15:20:12.40, 01-Jul-08
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

换换换换换换换换换换换换 SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}"="dysmenorrhoea"

[HKEY_CLASSES_ROOT\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}\InProcServer32]
@="C:\WINDOWS\system32\jhzpcn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}\InProcServer32]
@="C:\WINDOWS\system32\jhzpcn.dll"

换换换换换换换换换换换换 Killing process

换换换换换换换换换换换换 hosts

127.0.0.1 localhost

换换换换换换换换换换换换 VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

换换换换换换换换换换换换 Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

换换换换换换换换换换换换 Generic Renos Fix

GenericRenosFix by S!Ri

换换换换换换换换换换换换 Deleting infected files

换换换换换换换换换换换换 IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

换换换换换换换换换换换换 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

换换换换换换换换换换换换 DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 202.188.1.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A965CAB4-C67D-4191-BBAA-4CF1C0B9A121}: NameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CF5261D2-5A72-4BDD-869C-C0D5839480DF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A965CAB4-C67D-4191-BBAA-4CF1C0B9A121}: NameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CF5261D2-5A72-4BDD-869C-C0D5839480DF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CF5261D2-5A72-4BDD-869C-C0D5839480DF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

换换换换换换换换换换换换 Deleting Temp Files

换换换换换换换换换换换换 Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

换换换换换换换换换换换换 Registry Cleaning

Registry Cleaning done.

换换换换换换换换换换换换 SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}"="dysmenorrhoea"

[HKEY_CLASSES_ROOT\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}\InProcServer32]
@="C:\WINDOWS\system32\jhzpcn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}\InProcServer32]
@="C:\WINDOWS\system32\jhzpcn.dll"

换换换换换换换换换换换换 End
"""""""""""""""""""""""""""""""""""""""""""""""""""""'

melor_wangi · Post time 1-7-2008 03:52 PM

ini lagi report....

mitFraudFix v2.328

Scan done at 15:28:23.35, 01-Jul-08
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

换换换换换换换换换换换换 Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AAV\aav.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe

换换换换换换换换换换换换 hosts

换换换换换换换换换换换换 C:\

换换换换换换换换换换换换 C:\WINDOWS

换换换换换换换换换换换换 C:\WINDOWS\system

换换换换换换换换换换换换 C:\WINDOWS\Web

换换换换换换换换换换换换 C:\WINDOWS\system32

换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles

换换换换换换换换换换换换 C:\Documents and Settings\user

换换换换换换换换换换换换 C:\Documents and Settings\user\Application Data

换换换换换换换换换换换换 Start Menu

换换换换换换换换换换换换 C:\DOCUME~1\user\FAVORI~1

换换换换换换换换换换换换 Desktop

换换换换换换换换换换换换 C:\Program Files

换换换换换换换换换换换换 Corrupted keys

换换换换换换换换换换换换 Desktop Components

换换换换换换换换换换换换 IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

换换换换换换换换换换换换 VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

换换换换换换换换换换换换 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

换换换换换换换换换换换换 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}"="dysmenorrhoea"

[HKEY_CLASSES_ROOT\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}\InProcServer32]
@="C:\WINDOWS\system32\jhzpcn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2a7a8ce2-1eaf-4fc0-9158-958bb6bfa5c4}\InProcServer32]
@="C:\WINDOWS\system32\jhzpcn.dll"

换换换换换换换换换换换换 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

换换换换换换换换换换换换 Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

换换换换换换换换换换换换 Rustock

换换换换换换换换换换换换 DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 202.188.1.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A965CAB4-C67D-4191-BBAA-4CF1C0B9A121}: NameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CF5261D2-5A72-4BDD-869C-C0D5839480DF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A965CAB4-C67D-4191-BBAA-4CF1C0B9A121}: NameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CF5261D2-5A72-4BDD-869C-C0D5839480DF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CF5261D2-5A72-4BDD-869C-C0D5839480DF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

换换换换换换换换换换换换 Scanning for wininet.dll infection

换换换换换换换换换换换换 End

melor_wangi · Post time 1-7-2008 04:00 PM

anyway...TQ banyak2 atas bantuan smua yang tolong menghilangkan raplah aku slama 2 hari ni... aku dah cuba stp cadangan yang korang kasi....sbb aku memang tak tahu menahu bab2 dalaman badan comp ni.....so aku main redah je....kalau korang tipu tertipulah aku....gitulah kiranya..........
lagi satu aku nak mintak.........nasihat2 yang mesti aku patuhi untuk mengelakkan masalah tadi berulang.

kmkd · Post time 1-7-2008 10:27 PM

errr.. dah siap ke prob tu? tu paling penting.. selesai kan masalah asal dulu.

benda tu payah nak kata macam mana boleh terkena.. selalunya kalau ada "popup" belilah barangan kami.. try lah barangan kami dan macam2 lagi la dalam bahawa inggeris, jangan tekan.. ingat, tekan pun jangan. abaikan.. anggap hanya gurauan dan ancaman..

p/s: kalau nak connect tenet guna save mod, guna save mode with networking