1) Co se posílá na ICQ? Virus se po ICQ rozesílá ve formě adresy, která má tento formát:
kód: | http://{dvěpísmena}.{nějakápísmena}.com/{nejakapismenanebolomitka}/{nic
nebo nejakeznaky.jpg pripadne nejakeznaky.exe} - např.
http://eu.tra{něco}reg.com/IM/rwit/lt.exe |
Adresa odkazuje na .EXE soubor, který když stahnete a spustíte tak aktivuje virus.
2) Kdy se objevil? 6.10.2006
navecer proběhla první vlna tohoto viru, kde se rozesílala adresa po
ICQ která končila lomítkem případně souborem .exe
14.10.2006
dopoledne proběhla druhá vlna, která rozesílala po ICQ adresu. která
končila souborem .jpg, tedy zdánlivě VYPADALA jako OBRÁZEK.
17.10. je rozesílán odkaz Look, a new office killer game. Go download and join the rest of us!.
citace: | Čerstvá
varianta Stration / Warezov se nakonec před případným spuštěním ze
strany uživatele přetransformuje do souboru im_game.exe. Ten pokud je
spuštěn, postahuje další bordel z Internetu v podobě souborů |
//více info na http://www.viry.cz/go.php, nestíhám to sem sepisovat
3) Co když jsem na něj klikl(a) ? Pokud
jste na něj někdo klikl, tak se vám pravděpodobně objevilo okno
vyzývající vás ke stažení souboru .EXE (Mě to třeba nabídlo PIX.EXE o
velikosti 50kB). V okně jistě bylo možná zvolit ANO/NE, tj stahnout či
nestahnout nebo je možné, že vám to rovnou nabídlo STAHNOUT A SPUSTIT.
Jestli že jste soubor pouze stahli nebo klikli na NE, tak vám
teoreticky nic nehrozí. (Pokud jste ho stahli a nespustili, tak ho
smažte!) Horší je to, pokud jste soubor spustili, pak pravděpodobně
bude následovat bod 4.
4) Co mi virus dělá když jsem nakažen? a) zpomaluje net b) zpomaluje pocitac (WinAmp) c) shazuje nektere antiviry/firewally, zakazuje jim aktualizace (i windowsové) a nektere antiviry/firewally ani nedovoluje nainstalovat d) Rozesila se lidem v ICQ kontaktlistu . .
5) Jak se ho zbavit?
1) Nejdříve ukončete rezidentní štíty všech antispywarů.
2) Stáhněte si a spusťte pod účtem administrátora Avenger - http://swandog46.geekstogo.com/avenger.exe - Zvolte možnost Input script manually a klikni na ikonu lupy - Do nového prázdného okna zkopírujte celý tento text:
kód: | Files to delete: %windir%\accm.exe %windir%\ais32.exe %windir%\alerter.exe %windir%\aorvno91m.txt %windir%\attcfg.tmp %windir%\avistat.tmp %windir%\b6iqdkku.scf %windir%\brwmark.ini %windir%\cc2.exe %windir%\cc3.exe %windir%\cc5.exe %windir%\ccsserv.exe %windir%\cct2.exe %windir%\concfg.tmp %windir%\cserv32.exe %windir%\cservv32.exe %windir%\egadata.tmp %windir%\c6wsq6.reg %windir%\cesm9q.reg %windir%\dbmdata.tmp %windir%\dqpdroc.ini %windir%\eba2h6cc.dat %windir%\eevmwk.reg %windir%\f3da8e.reg %windir%\f8or9s.exe %windir%\ftg71cj1qx.dat %windir%\hv4e05.dll %windir%\irk.exe %windir%\chater.exe %windir%\md2icut9a2.dll %windir%\msout.exe %windir%\msserrv32.exe %windir%\msserv.exe %windir%\msserv32.exe %windir%\msupdtwiz.exe %windir%\msupdtwiz.c %windir%\msupdtwiz.s %windir%\msupdtwiz.z %windir%\msupdtwiz.dat %windir%\mswiiz32.exe %windir%\mswiizz32.exe %windir%\mswiz32.exe %windir%\nmac32.exe %windir%\ptr.exe %windir%\reg.exe %windir%\reggserv.exe %windir%\serrv.c %windir%\serrv.exe %windir%\serrv.wax %windir%\serrv.dat %windir%\serv.exe %windir%\serv.wax %windir%\smm126.exe %windir%\sqhost.exe %windir%\sqhost.wax %windir%\sqhost.c %windir%\sqhost.s %windir%\sqhost.z %windir%\sqhost.dat %windir%\sscrs.exe %windir%\sserrvv.exe %windir%\sserrvv.wax %windir%\sserrvv.c %windir%\sserrvv.s %windir%\sserrvv.z %windir%\stm.exe %windir%\t2serv.dll %windir%\t2serv.s %windir%\t2serv.wax %windir%\tpup.wax %windir%\tpup.exe %windir%\tpup.z %windir%\tpup.dat %windir%\update86.exe %windir%\wnet32.exe %windir%\wqpd32.exe %windir%\system32\1.tmp %windir%\system32\11.tmp %windir%\system32\aclekern.dll %windir%\system32\actidmoc.exe %windir%\system32\adpticmp.exe %windir%\system32\advacfgb.dll %windir%\system32\advacfgb.exe %windir%\system32\alrsbatt.dll %windir%\system32\alerter.exe %windir%\system32\amcconf.exe %windir%\system32\appconf.exe %windir%\system32\appmgr32.dll %windir%\system32\appstat.dll %windir%\system32\atkcadpt.dll %windir%\system32\atkcadpt.exe %windir%\system32\atmconf.exe %windir%\system32\atrconf.exe %windir%\system32\attmgr32.dll %windir%\system32\atmprf32.dll %windir%\system32\atmstat.dll %windir%\system32\attperf.exe %windir%\system32\attprf32.dll %windir%\system32\attstat.dll %windir%\system32\audconf.exe %windir%\system32\audmgr32.dll %windir%\system32\audperf.exe %windir%\system32\audprf32.dll %windir%\system32\audstat.dll %windir%\system32\brwconf.exe %windir%\system32\brwmgr32.dll %windir%\system32\brwperf.exe %windir%\system32\brwprf32.dll %windir%\system32\brwstat.dll %windir%\system32\cfgbphot.exe %windir%\system32\cfgcrs.dll %windir%\system32\cfgd3d.dll %windir%\system32\cfgdei.dll %windir%\system32\cfgdsk.dll %windir%\system32\cfgdss.dll %windir%\system32\cfgdxt.dll %windir%\system32\cfgfsd.dll %windir%\system32\cfgisr.dll %windir%\system32\cfgmmprm.dll %windir%\system32\cfgmplus.dll %windir%\system32\cfgmwmid.exe %windir%\system32\clicsaml.dll %windir%\system32\clicsaml.exe %windir%\system32\confapp.dll %windir%\system32\confatm.dll %windir%\system32\confatt.dll %windir%\system32\confaud.dll %windir%\system32\confbrw.dll %windir%\system32\confcon.dll %windir%\system32\confega.dll %windir%\system32\confjpg.dll %windir%\system32\confwmv.dll %windir%\system32\conmgr32.dll %windir%\system32\conperf.exe %windir%\system32\conprf32.dll %windir%\system32\constat.dll %windir%\system32\cp8xpqj.dll %windir%\system32\creconf.exe %windir%\system32\crsconf.exe %windir%\system32\crypds16.dll %windir%\system32\cssewmpd.exe %windir%\system32\decconf.exe %windir%\system32\deiconf.exe %windir%\system32\deiprf32.dll %windir%\system32\deiprov.exe %windir%\system32\deskmcd3.dll %windir%\system32\dfssrasc.dll %windir%\system32\dfssrasc.exe %windir%\system32\diagamc.dll %windir%\system32\diagcre.dll %windir%\system32\diagcrs.dll %windir%\system32\diagd3d.dll %windir%\system32\diagdei.dll %windir%\system32\diagdsk.dll %windir%\system32\diagdss.dll %windir%\system32\diagdxt.dll %windir%\system32\diagfsd.dll %windir%\system32\diagisr.dll %windir%\system32\dic.exe %windir%\system32\dmimmdt2.exe %windir%\system32\docpfram.dll %windir%\system32\dpugmswe.dll %windir%\system32\dpvacdfv.dll %windir%\system32\drmvndde.exe %windir%\system32\drmvndde.dll %windir%\system32\dskconf.exe %windir%\system32\dsprcdfv.dll %windir%\system32\dsprcdfv.exe %windir%\system32\dsqudisp.dll %windir%\system32\dssconf.exe %windir%\system32\dsseds32.dll %windir%\system32\dsseds32.exe %windir%\system32\dxdimqtr.dll %windir%\system32\dxtconf.exe %windir%\system32\dxtmmnmd.dll %windir%\system32\dxtmmnmd.exe %windir%\system32\dxtmsft3.dll %windir%\system32\e1.dll %windir%\system32\e1.sys %windir%\system32\egaavi.exe %windir%\system32\egamgr32.dll %windir%\system32\egastat.dll %windir%\system32\egperf32.dll %windir%\system32\encddpva.dll %windir%\system32\evenncob.dll %windir%\system32\fpwppgpm.exe %windir%\system32\fsdconf.exe %windir%\system32\fsxsh4.dll %windir%\system32\glu3panm.dll %windir%\system32\gpkrmssi.dll %windir%\system32\gtmqf608r7.dll %windir%\system32\hypewmv9.exe %windir%\system32\i57ff9ieo.dll %windir%\system32\iasamsre.dll %windir%\system32\icmpdx3j.dll %windir%\system32\icmuwmad.exe %windir%\system32\imagalrs.exe %windir%\system32\inketype.dll %windir%\system32\inetzlco.dll %windir%\system32\inetzlco.exe %windir%\system32\inpufm20.exe %windir%\system32\jpgmgr32.dll %windir%\system32\ipnardch.dll %windir%\system32\ipsecmon.exe %windir%\system32\ipsmwebh.exe %windir%\system32\ipv6rasm.dll %windir%\system32\ipv6rasm.exe %windir%\system32\ipxpextm.exe %windir%\system32\ipxwshel.exe %windir%\system32\ipxwersv.dll %windir%\system32\isrconf.exe %windir%\system32\isrprf32.dll %windir%\system32\isrprov.exe %windir%\system32\iuennwcf.dll %windir%\system32\ixssregw.exe %windir%\system32\ixsswmas.exe %windir%\system32\j2t3crh.dll %windir%\system32\jgdwadsn.dll %windir%\system32\jgdwadsn.exe %windir%\system32\jgsdrpcn.dll %windir%\system32\jgsdrpcn.exe %windir%\system32\jgawmsne.dll %windir%\system32\jpgconf.exe %windir%\system32\jpgstat.dll %windir%\system32\kbdfwshe.exe %windir%\system32\kbdcrtut.dll %windir%\system32\libdprin.dll %windir%\system32\loghatkc.dll %windir%\system32\lprmneth.dll %windir%\system32\lprmneth.exe %windir%\system32\mcd3mscm.dll %windir%\system32\mcd3stor.dll %windir%\system32\mfcscoma.dll %windir%\system32\mididpnh.dll %windir%\system32\ml7swr.exe %windir%\system32\mmfubits.dll %windir%\system32\mmfubits.exe %windir%\system32\mp4sglmf.dll %windir%\system32\mprmsfma.dll %windir%\system32\mprwanp.dll %windir%\system32\mqadscp3.exe %windir%\system32\mqqmkbdu.dll %windir%\system32\mqqmdisp.dll %windir%\system32\mqqmdisp.exe %windir%\system32\msihftpw.dll %windir%\system32\msisnwcf.dll %windir%\system32\mslskern.dll %windir%\system32\msnepngf.exe %windir%\system32\mspradme.exe %windir%\system32\msrdtscf.exe %windir%\system32\msrdwint.dll %windir%\system32\msrdwint.dat %windir%\system32\msrdwint.exe %windir%\system32\msssfpwp.dll %windir%\system32\msssfpwp.exe %windir%\system32\mstsodbc.exe %windir%\system32\narrwshr.dll %windir%\system32\netfrtm.dll %windir%\system32\netstraf.dll %windir%\system32\netstraf.exe %windir%\system32\nlhtjgdw.exe %windir%\system32\npptdpnm.dll %windir%\system32\npptdpnm.exe %windir%\system32\ntlamsht.dll %windir%\system32\oaklrass.exe %windir%\system32\offfmsre.dll %windir%\system32\olecmsre.dll %windir%\system32\osunuxth.dll %windir%\system32\osunuxth.exe %windir%\system32\p2psifmo.exe %windir%\system32\panmavic.dll %windir%\system32\panmavic.exe %windir%\system32\panmnets.dll %windir%\system32\panmnets.exe %windir%\system32\pngfmsne.dll %windir%\system32\psapdani.dll %windir%\system32\psbaavic.dll %windir%\system32\psbamtxe.dll %windir%\system32\psbamtxe.exe %windir%\system32\qasfole2.dll %windir%\system32\rdpwmsjt.exe %windir%\system32\rtutdmin.dll %windir%\system32\samsusrr.dll %windir%\system32\samsusrr.exe %windir%\system32\sbeddem.dll %windir%\system32\sbeddem.exe %windir%\system32\sbeddem.z1 %windir%\system32\sccsumdm.dll %windir%\system32\sccsumdm.exe %windir%\system32\scsm.exe %windir%\system32\ssdprasa.dll %windir%\system32\shsvmdim.dll %windir%\system32\slbipsch.dll %windir%\system32\slbipsch.exe %windir%\system32\snmpmmcn.dll %windir%\system32\statamc.dll %windir%\system32\statcre.dll %windir%\system32\statcrs.dll %windir%\system32\statd3d.dll %windir%\system32\statdei.dll %windir%\system32\statdsk.dll %windir%\system32\statdss.dll %windir%\system32\statdxt.dll %windir%\system32\statfsd.dll %windir%\system32\statisr.dll %windir%\system32\stcisxum.dll %windir%\system32\strmwin8.dll %windir%\system32\sysshtic.dll %windir%\system32\sysshtic.exe %windir%\system32\tlntrass.exe %windir%\system32\trkwpipa.exe %windir%\system32\tscfvjoy.dll %windir%\system32\ujn6oqt.dll %windir%\system32\ulibofff.exe %windir%\system32\uregdeve.dll %windir%\system32\uregdeve.exe %windir%\system32\vb5dmspo.dll %windir%\system32\vbscqdv.exe %windir%\system32\vdshlicw.exe %windir%\system32\vgnb4c.dll %windir%\system32\vmhevnet.dll %windir%\system32\vmhevnet.exe %windir%\system32\vp31srsv.exe %windir%\system32\vwipsti_.dll %windir%\system32\w3sskbda.dll %windir%\system32\wdmicpui.dll %windir%\system32\wiadwmis.exe %windir%\system32\winbpowr.exe %windir%\system32\wmadmsst.dll %windir%\system32\wmadmsst.exe %windir%\system32\wmnecomc.dll %windir%\system32\wmpcskdl.dll %windir%\system32\wmpssdpb.dll %windir%\system32\wmspmsv1.dll %windir%\system32\wmspmsv1.exe %windir%\system32\wmvconf.exe %windir%\system32\wmvconf.dll %windir%\system32\wmvstat.dll %windir%\system32\wmvmgr32.dll %windir%\system32\wshtlprh.dll %windir%\system32\wstdactx.dll %windir%\system32\wuapsecu.dll %windir%\system32\wupstlnt.dll %windir%\system32\xactcomr.exe %windir%\system32\xpspqdvd.dll %windir%\system32\xpspqdvd.exe %windir%\system32\yapconf.exe %windir%\system32\zlcocard.dll %windir%\system32\zlcocard.exe
Registry values to replace with dummy: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Registry keys to delete: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\advacfgb HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atkcadpt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\appmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atmmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\clicsaml HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crsconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sccsumdm HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\deiconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpvacdfv HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drmvndde HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dskconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dsprcdfv HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dsseds32 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dxdimqtr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dxtconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dxtmmnmd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fsdconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\inketype HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\inetzlco HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ipv6rasm HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\isrconf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgsdrpcn HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jpgmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\libdprin HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mmfubits HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mprwanp HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqqmdisp HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msrdwint HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msssfpwp HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\netstraf HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\npptdpnm HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\osunuxth HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\panmavic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pngfmsne HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psbamtxe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sccsumdm HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sbeddem HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\slbipsch HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmadmsst HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmspmsv1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmvmgr HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wstdactx HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xpspqdvd HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zlcocard
Registry values to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run | adpticmp HKLM\Software\Microsoft\Windows\CurrentVersion\Run | amcdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | appdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | atmconf HKLM\Software\Microsoft\Windows\CurrentVersion\Run | atmdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | audiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | brwdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ccsserv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ciodiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | cfgmwmid HKLM\Software\Microsoft\Windows\CurrentVersion\Run | chater.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run | crediag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | cserv32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | cservv32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | davctool HKLM\Software\Microsoft\Windows\CurrentVersion\Run | dic.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run | dssdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | dxtdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | egdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | fsddiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | icmuwmad HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ipxwshel HKLM\Software\Microsoft\Windows\CurrentVersion\Run | isrdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ixssregw HKLM\Software\Microsoft\Windows\CurrentVersion\Run | jpgdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mac.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mqadscp3 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mspradme HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msserv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msserrv32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msserv32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | msupdtwiz HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mswiiz32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mswiizz32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mswiz32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | reggserv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | serrv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | serv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sqhost HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sscrs.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sserrvv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sys32 HKLM\Software\Microsoft\Windows\CurrentVersion\Run | t2serv HKLM\Software\Microsoft\Windows\CurrentVersion\Run | tpup HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ulibofff HKLM\Software\Microsoft\Windows\CurrentVersion\Run | update86.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run | wmvdiag HKLM\Software\Microsoft\Windows\CurrentVersion\Run | wqpd32
|
3) Poté klikněte na Done 4) Klikněte na ikonu semaforu ke spuštění programu, nakonec klikněte na OK a tvůj počítač se restartuje
5) Poté vložte nový log z HijackThis ke kontrole, nevkládejte ho do [code]
//Poslední aktualizace: 02.03.2007 11:00, smrtelnik ___________________________________________ nežádoucí jevy, které souvisí s tímto virem:
vypnutí NOD32 a jeho automatického spouštění po startu jděte na Start- Spustit- services.msc tam najděte službu NOD32 a podívejte se, zda je typ spouštění nastaven na Automatické. restartujte a mělo by to být ok.
pokud to nepomůže: Spusťte Poznámkový blok přes Start - Programy - Příslušenství a zkopírujte do něj celý tento text:
citace: | Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NOD32krn] "Type"=dword:00000110 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\ 6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,45,00,73,00,65,00,74,00,5c,\ 00,6e,00,6f,00,64,00,33,00,32,00,6b,00,72,00,6e,00,2e,00,65,00,78,00,65,00,\ 22,00,00,00 "DisplayName"="NOD32 Kernel Service" "ObjectName"="LocalSystem" "FailureActions"=hex:2c,01,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\ 00,01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NOD32krn\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NOD32krn\Enum] "0"="Root\\LEGACY_NOD32KRN\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 |
Zvolte
možnost Uložit soubor jako, pojmenujte soubor fix.reg a nastavte Uložit
jako typ Všechny soubory. Uložte soubor na plochu a poté na něj
poklepejte. Odsouhlaste naimportování klíče do registru. Restartujte
počítač.
nefungují aktualizace windows. otevřete si poznámkový blok. zkopírujte do něj následující text:
citace: | cd /d %SystemRoot%\system32 regsvr32 comcat.dll /s regsvr32 shdoc401.dll /s regsvr32 shdoc401.dll /i /s regsvr32 asctrls.ocx /s regsvr32 oleaut32.dll /s regsvr32 shdocvw.dll /I /s regsvr32 shdocvw.dll /s regsvr32 browseui.dll /s regsvr32 browseui.dll /I /s regsvr32 msrating.dll /s regsvr32 mlang.dll /s regsvr32 hlink.dll /s regsvr32 mshtmled.dll /s regsvr32 urlmon.dll /s regsvr32 plugin.ocx /s regsvr32 sendmail.dll /s regsvr32 scrobj.dll /s regsvr32 mmefxe.ocx /s regsvr32 corpol.dll /s regsvr32 jscript.dll /s regsvr32 msxml.dll /s regsvr32 imgutil.dll /s regsvr32 thumbvw.dll /s regsvr32 cryptext.dll /s regsvr32 rsabase.dll /s regsvr32 inseng.dll /s regsvr32 iesetup.dll /i /s regsvr32 cryptdlg.dll /s regsvr32 actxprxy.dll /s regsvr32 dispex.dll /s regsvr32 occache.dll /s regsvr32 occache.dll /i /s regsvr32 iepeers.dll /s regsvr32 urlmon.dll /i /s regsvr32 cdfview.dll /s regsvr32 webcheck.dll /s regsvr32 mobsync.dll /s regsvr32 pngfilt.dll /s regsvr32 licmgr10.dll /s regsvr32 icmfilter.dll /s regsvr32 hhctrl.ocx /s regsvr32 inetcfg.dll /s regsvr32 tdc.ocx /s regsvr32 MSR2C.DLL /s regsvr32 msident.dll /s regsvr32 msieftp.dll /s regsvr32 xmsconf.ocx /s regsvr32 ils.dll /s regsvr32 msoeacct.dll /s regsvr32 inetcomm.dll /s regsvr32 msdxm.ocx /s regsvr32 dxmasf.dll /s regsvr32 l3codecx.ax /s regsvr32 acelpdec.ax /s regsvr32 mpg4ds32.ax /s regsvr32 voxmsdec.ax /s regsvr32 danim.dll /s regsvr32 Daxctle.ocx /s regsvr32 lmrt.dll /s regsvr32 datime.dll /s regsvr32 dxtrans.dll /s regsvr32 dxtmsft.dll /s regsvr32 WEBPOST.DLL /s regsvr32 WPWIZDLL.DLL /s regsvr32 POSTWPP.DLL /s regsvr32 CRSWPP.DLL /s regsvr32 FTPWPP.DLL /s regsvr32 FPWPP.DLL /s regsvr32 WUAPI.DLL /s regsvr32 WUAUENG.DLL /s regsvr32 ATL.DLL /s regsvr32 WUCLTUI.DLL /s regsvr32 WUPS.DLL /s regsvr32 WUWEB.DLL /s regsvr32 wshom.ocx /s regsvr32 wshext.dll /s regsvr32 vbscript.dll /s regsvr32 scrrun.dll mstinit.exe /setup /s regsvr32 msnsspc.dll /SspcCreateSspiReg /s regsvr32 msapsspc.dll /SspcCreateSspiReg /s exit | uložte soubor jako IEreg.bat na plochu. dvojklikem ho rozbalte.
|
Hello, Happykiddi
(NerryDut, 26. 2. 2024 7:39)