networm-i.virus@fp...

[farky]

Jučer su mi se počele dešavati čudne stvari na kompu,
stalno (svakih minutu dvije) iskaču nekekvi popupovi sa informacijom da sam zaražen sa ovim ili onim virusom
i da moram pod hitno skinuti neki program da mi očisti sistem... evo par slika

malo sam proguglao i našao sam da su to sve lažni virusi, i da mi to radi najvjerovatnije trojan downloader ili tak nešto..

Sad mene zanima kako se to moglo prošuljat pokraj nod smart security-ja?
S čim bi bilo najbolje da to maknem i da li mi je dovoljan samo nod smart ili ne? šta mi još treba za potpunu zaštitu?

[_Aris_]

hiJack This skini i postaj Log ovdje...

[farky]

e da i da stvar bude interesantnija, jučer reinstaliro windows i sad ovo...

Evo hijack loga:

Logfile of HijackThis v1.99.1
Scan saved at 17:37:20, on 21.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Documents and Settings\farky\Application Data\Thinstall\SnagIt 8\400000e00002i\TSCHelp.exe
C:\Program Files\PORTABLE\Portable Snag It v.8.2.3\Portable Snag It v.8.2.3\Portable Snag It v.8.2.3.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\farky\LOCALS~1\Temp\Rar$EX00.359\LimeWire Pro 4.14.2 Final\LimeWireWin.exe
C:\DOCUME~1\farky\LOCALS~1\Temp\jrestub.exe
C:\Documents and Settings\farky\Desktop\HijackThis.exe

O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FABFF78-C971-440F-9DA6-2DC6F42F6D2A}: NameServer = 195.29.150.3,195.29.150.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B93FA32E-C1A4-4359-9C35-9DF582A58BF1}: NameServer = 195.29.149.196 195.29.149.197
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

[_Aris_]

C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B93FA32E-C1A4-4359-9C35-9DF582A58BF1}: NameServer = 195.29.149.196 195.29.149.197

nabrojano izbriši tako da staviš kvačice u HiJack Thisu restartaj i prilikom boota F8 stisni i digni u safe modu. Pokreni NOD (nadam se da je updatean), napravi full system scan.

[farky]

Hvala, upalilo je nema više iritantnih poruka.

A za ubuduče da to izbjegnem, da si uz nod smart security instaliram spybot s&d
jel bi to bilo dovoljno, ili neki drugi umjesto njega? neke preporuke?

[_Aris_]

Sve je to ok... samo updejtaj redovno AV program i biti će ok. Malo manje idi po nelegalnim stranicama...