banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thảo luận virus, trojan, spyware, worm... 1 con virut 80avp08.com mới  XML
  [Question]   1 con virut 80avp08.com mới 02/01/2008 13:38:37 (+0700) | #1 | 107678
[Avatar]
kieuphong87
Member

[Minus]    0    [Plus]
Joined: 29/07/2007 13:00:06
Messages: 19
Offline
[Profile] [PM]
con virut này em đã search trên google các trang đến từ việt nam thì bảo ko có .search nước ngoài thì đầy
đây là mã code
[
AutoRun]
;;;;;asgggg0000dsdafdsaSASDCXVBDSG
open=80avp08.com
shell\open\Command=80avp08.com
shell\open\Default=1
shell\explore\Command=80avp08.com 


khi em dùng HijackThis thif được thế này
Code:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\help\F3C74E3FA248.EXE
C:\80avp08.com
C:\80avp08.com
C:\80avp08.com
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wwws.ameritrade.com/apps/LogIn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\od2media.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170923460504
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thấy nó mới nên mới post . Còn nếu đã cũ rích rồi thì cho em xin lỗi smilie
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 02/01/2008 20:13:26 (+0700) | #2 | 107706
LeVuHoang
HVA Friend

Joined: 08/03/2003 16:54:07
Messages: 1155
Offline
[Profile] [PM]
Bạn post log lên là sao ? Nó nằm ở C:\80avp08.com kìa smilie
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 03/01/2008 05:42:07 (+0700) | #3 | 107823
[Avatar]
kieuphong87
Member

[Minus]    0    [Plus]
Joined: 29/07/2007 13:00:06
Messages: 19
Offline
[Profile] [PM]
em vào trang www.cuuhomaytinh.vn để up mẫu virut mới , nhưng tìm mãi chả thấy phần new topic mới đâu hết .Em chỉ muốn Fire Lion biết được nhiều con virut mới thôi . Ngay cả cái hjack em copy từ forum nước ngoài. FIRE-LION rất tuyệt . nhưng muốn tự mình diẹt bắng tay thì sướng hơn.
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 03/01/2008 23:24:35 (+0700) | #4 | 107996
[Avatar]
Look2Me
Member

[Minus]    0    [Plus]
Joined: 26/07/2006 23:30:57
Messages: 235
Location: Tủ quần nào
Offline
[Profile] [PM]

kieuphong87 wrote:
FIRE-LION rất tuyệt .  

Không đồng ý lắm! Mình nghĩ: "bác Hoàng rất tuyệt!" thì chính xác hơn .
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 04/01/2008 02:54:37 (+0700) | #5 | 108061
[Avatar]
hacnho
HVA Friend

Joined: 28/01/2003 12:07:45
Messages: 199
Location: OEP
Offline
[Profile] [PM]
Diệt bằng tay nè. Con này cũng cùi mà. File bat diệt nó, nếu bồ có nhiều ổ đĩa thì thêm vào.

Code:
Del C:\WINDOWS\system32\amvo0.dll
Del C:\WINDOWS\system32\amvo.exe
Del C:\80avp08.com
Del C:\autorun.inf


Sau khi nhiểm nó sẽ không cho hiện file ẩn. Export key này để enable:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
Mọi câu hỏi vui lòng gửi lên diễn đàn!
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 04/01/2008 09:05:47 (+0700) | #6 | 108156
[Avatar]
kieuphong87
Member

[Minus]    0    [Plus]
Joined: 29/07/2007 13:00:06
Messages: 19
Offline
[Profile] [PM]
ê , hacknho ơi , tôi hơi tối dạ . Mấy cái file kia ở đâu ra . Tôi chưa tìm thấy mấy cái file đó ở trên log kia . Giải thích hộ tôi dùm cái
Code:
Del C:\WINDOWS\system32\amvo0.dll
 Del C:\WINDOWS\system32\amvo.exe

Tôi hơi dốt , ông chỉ bảo hộ cái
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 04/01/2008 10:46:36 (+0700) | #7 | 108177
[Avatar]
tmd
Member

[Minus]    0    [Plus]
Joined: 28/06/2006 03:39:48
Messages: 2951
Offline
[Profile] [PM]
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe 

3 giai đoạn của con... người, ban đầu dek biết gì thì phải thăm dò, sau đó biết rồi thì phải thân thiết, sau cùng khi quá thân thiết rồi thì phải tình thương mến thương. Nhưng mà không thương được thì ...
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 31/03/2008 05:16:51 (+0700) | #8 | 122189
nuocda
Member

[Minus]    0    [Plus]
Joined: 12/02/2008 22:46:34
Messages: 1
Offline
[Profile] [PM] [Email] [WWW] [Yahoo!] [MSN]
Del C:\WINDOWS\system32\amvo0.dll
Del C:\WINDOWS\system32\amvo.exe
Del C:\80avp08.com
Del C:\autorun.inf 


xin mode help hộ, hiện tại đang bị dính con này, làm mãi del trên cái cmd nó vẫn báo ".....not find", giờ máy em không thể hiển thị file ẩn, mở bất cứ ổ disk nào từ my computer đều ra explore mới hết smilie
[Up] [Print Copy]
  [Question]   Re: 1 con virut 80avp08.com mới 31/03/2008 11:58:26 (+0700) | #9 | 122215
[Avatar]
minhdau77
Member

[Minus]    0    [Plus]
Joined: 10/10/2007 14:17:38
Messages: 19
Offline
[Profile] [PM]
dơn giản thôi bồ à bạn gõ del c:\autorun.inf /a:h /f la được thôi a
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|