1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Tietoa näistä viruksista kiitos.

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi weirdis 19.09.2005.

  1. spertti

    spertti Active member

    Liittynyt:
    01.06.2005
    Viestejä:
    1,222
    Kiitokset:
    0
    Pisteet:
    66
    Joo. Totta, olenkin ihmetellyt missä Toymaatti on piileskellyt =) Nyt jos ei loki tuu puhtaaks, kun on sekä Toymaatti että Kemisti niin on kyllä.......
     
  2.  
  3. weirdis

    weirdis Member

    Liittynyt:
    19.09.2005
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    tässä on sen evidon scannin reportti:
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 1:35:20, 22.9.2005
    + Report-Checksum: 39CE86C2

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{C398F337-51D5-40C3-AA3B-684E833D8888} -> Spyware.eAcceleration : Cleaned with backup
    HKLM\SOFTWARE\Classes\Tetra.Tetra -> Spyware.eAcceleration : Cleaned with backup
    HKLM\SOFTWARE\Classes\Tetra.Tetra\CLSID -> Spyware.eAcceleration : Cleaned with backup
    HKLM\SOFTWARE\Classes\Tetra.Tetra\CurVer -> Spyware.eAcceleration : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{5FC3BB0F-D421-4587-AA1F-0E27358E0905} -> Spyware.eAcceleration : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
    HKU\S-1-5-21-1229272821-1343024091-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
    HKU\S-1-5-21-1229272821-1343024091-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Koti\Cookies\koti@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Koti\Cookies\koti@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Koti\Local Settings\Temp\Cookies\koti@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Koti\Local Settings\Temp\Cookies\koti@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Koti\Local Settings\Temp\Temporary Internet Files\Content.IE5\THKYT3CN\pokapoka69[1].exe -> Trojan.EliteBar.c : Cleaned with backup
    C:\Documents and Settings\Koti\Local Settings\Temporary Internet Files\Content.IE5\09OLUJST\pokapoka67[1].exe -> TrojanDownloader.Agent.tv : Cleaned with backup
    C:\temp\WinCtlAdInstPack.exe -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\1.exe -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\system32\1xa.exe -> Spyware.WinAD : Cleaned with backup


    ::Report End

    ......Katson tuota toymaatin juttua huomenna..
     
  4. weirdis

    weirdis Member

    Liittynyt:
    19.09.2005
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    noniin!! nyt näyttää jo hijackin logikin valoisalta tuon toymaatin vinkin jälkeen.. eli tässä on se logi, ei pitäisi olla mitään ihmeellistä?

    Logfile of HijackThis v1.99.1
    Scan saved at 16:51:55, on 22.9.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Toivottavasti nyt ei enää örkit vaivaa..? :p Kiitoksia kaikille auttajille!! loistavaa että maailmassa on tuollaisia kuin te. :DD
     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Jep, kunnossa on. Ole hyvä vaan :)
     
  6. weirdis

    weirdis Member

    Liittynyt:
    19.09.2005
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    no hyvä!! :) olisiko vielä ohjeita tulevalle? :) eli miten voin estää sen ettei örkkejä tule enää tulevaisuudessa?
     
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Huolehdi viruspäivityksistä ja palommurista, käytä selaimena Firefoxia ja käytä spywaren torjuntaohjelmia (Spywareblaster, Ad-aware, Spybot jne.) ja älä käy "hämärillä" sivuilla :)
     
  8. weirdis

    weirdis Member

    Liittynyt:
    19.09.2005
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    ookoo. kiitoksia vielä kerran kaikesta avusta. :D
     

Jaa tämä sivu