banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thảo luận virus, trojan, spyware, worm... máy tính của mình bị vius phải không ?  XML
  [Question]   máy tính của mình bị vius phải không ? 27/05/2009 12:12:55 (+0700) | #1 | 182053
pjboyjp
Member

[Minus]    0    [Plus]
Joined: 17/07/2008 19:05:47
Messages: 16
Offline
[Profile] [PM]


máy tính của mình dùng chương trình diệt vius avira free. cho mình hỏi máy tính của mình có bình thường không









Username: RoCkEr
//////////////////// KILL MALWARE LOG \\\\\\\\\\\\\\\\\\\\
NO Malware found !
[ 9:20:37.31 Sun 07/26/2009]
---------------------
//////////////////// INFO AUTORUN \\\\\\\\\\\\\\\\\\\\
NO Autorun info
//////////////////// RUNNING PROCESSES \\\\\\\\\\\\\\\\\\\\
Username : RoCkEr
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
windll.exe 1800 Console 0 6,692 K
explorer.exe 1840 Console 0 29,084 K
hkcmd.exe 1956 Console 0 2,956 K
igfxpers.exe 1968 Console 0 2,452 K
igfxsrvc.exe 2004 Console 0 2,828 K
HDeck.exe 2012 Console 0 12,744 K
avgnt.exe 2040 Console 0 1,364 K
svchost.exe 160 Console 0 7,828 K
IDMan.exe 184 Console 0 8,924 K
IEMonitor.exe 2136 Console 0 3,776 K
Ymsgr_tray.exe 3356 Console 0 4,960 K
wmplayer.exe 2064 Console 0 6,832 K
Quick (Remove Malware) (F 1784 Console 0 7,140 K
cmd.exe 2656 Console 0 1,424 K
tasklist.exe 884 Console 0 4,024 K

Username : LOCAL SERVICE or NETWORK SERVICE
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 K
System 4 Console 0 220 K
smss.exe 596 Console 0 372 K
csrss.exe 644 Console 0 3,556 K
winlogon.exe 668 Console 0 3,264 K
services.exe 712 Console 0 5,108 K
lsass.exe 724 Console 0 1,584 K
svchost.exe 732 Console 0 7,784 K
svchost.exe 928 Console 0 4,596 K
svchost.exe 1100 Console 0 25,260 K
spoolsv.exe 1368 Console 0 4,172 K
sched.exe 1496 Console 0 316 K
avguard.exe 456 Console 0 8,344 K
svchost.exe 612 Console 0 3,712 K
svchost.exe 2536 Console 0 3,100 K

Username : SYSTEM
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
svchost.exe 1004 Console 0 3,952 K
svchost.exe 1212 Console 0 2,988 K
svchost.exe 1268 Console 0 6,484 K
alg.exe 468 Console 0 3,200 K
wmiprvse.exe 3592 Console 0 5,508 K
//////////////////// STARTUP ITEMS \\\\\\\\\\\\\\\\\\\\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
shell REG_SZ Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UIHost REG_EXPAND_SZ logonui.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager REG_SZ "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
IDMan REG_SZ C:\Program Files\Internet Download Manager\IDMan.exe /onboot
AdobeUpdater REG_SZ "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HDAudDeck REG_SZ C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
BigDogPath REG_SZ C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
svchost REG_SZ C:\WINDOWS\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Installed REG_SZ 1
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
NoChange REG_SZ 1
Installed REG_SZ 1
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Installed REG_SZ 1
<NO NAME> REG_SZ
//////////////////// IMAGE FILE EXECUTION OPTIONS \\\\\\\\\\\\\\\\\\\\
//////////////////// HIDDEN FILES IN WINDOWS SYSTEM FOLDERS \\\\\\\\\\\\\\\\\\\\
Directory of C:\WINDOWS
05/17/2009 09:10 AM <DIR> $NtUninstallKB888111WXPSP2$
07/23/2009 02:10 AM <DIR> inf
07/23/2009 09:41 PM <DIR> Installer
07/18/2009 12:16 PM <DIR> PIF
08/03/2004 06:07 PM 48,680 winnt.bmp
08/03/2004 06:07 PM 48,680 winnt256.bmp
04/23/2009 11:03 AM 350,823 explore.exe
05/20/2009 12:30 AM 418,434 svchost.exe
05/17/2009 10:29 PM 749 WindowsShell.Manifest
5 Hidden File(s) 867,366 bytes
4 Hidden Dir(s) 11,014,307,840 bytes free
Directory of C:\WINDOWS\Fonts
05/17/2009 10:30 PM 67 desktop.ini
08/03/2004 06:07 PM 24,124 marlett.ttf
130 Hidden File(s) 3,353,375 bytes
0 Hidden Dir(s) 11,014,291,456 bytes free
Directory of C:\WINDOWS\system
Directory of C:\WINDOWS\system32
07/25/2009 02:49 PM <DIR> dllcache
05/20/2009 12:30 AM 418,434 windll.exe
05/17/2009 10:29 PM 749 cdplayer.exe.manifest
05/17/2009 10:29 PM 488 logonui.exe.manifest
05/17/2009 10:29 PM 749 ncpa.cpl.manifest
05/17/2009 10:29 PM 749 nwc.cpl.manifest
05/17/2009 10:29 PM 749 sapi.cpl.manifest
05/17/2009 10:29 PM 488 WindowsLogon.manifest
05/17/2009 10:29 PM 749 wuaucpl.cpl.manifest
8 Hidden File(s) 423,155 bytes
1 Hidden Dir(s) 11,014,299,648 bytes free
Directory of C:\WINDOWS\system32\config
07/26/2009 08:32 AM 1,024 default.LOG
07/26/2009 08:25 AM 1,024 SAM.LOG
07/26/2009 08:35 AM 1,024 SECURITY.LOG
07/26/2009 09:20 AM 24,576 software.LOG
07/26/2009 09:19 AM 1,024 system.LOG
05/17/2009 03:14 PM 1,024 TempKey.LOG
05/17/2009 03:14 PM 1,024 userdiff.LOG
7 Hidden File(s) 30,720 bytes
0 Hidden Dir(s) 11,014,299,648 bytes free
Directory of C:\WINDOWS\system32\dllcache
07/25/2009 02:49 PM <DIR> .
07/25/2009 02:49 PM <DIR> ..
0 Hidden File(s) 0 bytes
2 Hidden Dir(s) 11,014,299,648 bytes free
Directory of C:\WINDOWS\system32\drivers
Directory of C:\WINDOWS\system32\drivers\etc
//////////////////// WINDOWS VERSION \\\\\\\\\\\\\\\\\\\\
BuildLab REG_SZ 2600.xpsp_sp2_rtm.040803-2158
CSDVersion REG_SZ Service Pack 2
PathName REG_SZ C:\WINDOWS
ProductName REG_SZ Microsoft Windows XP
SystemRoot REG_SZ C:\WINDOWS
//////////////////// TEMP address \\\\\\\\\\\\\\\\\\\\
C:\DOCUME~1\RoCkEr\LOCALS~1\Temp
//////////////////// Registry Monitor \\\\\\\\\\\\\\\\\\\\
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableTaskMgr
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools
[normal] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoFolderOptions
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ CheckedValue
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ Hidden
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ HideFileExt
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ShowSuperHidden
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ CheckedValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ DefaultValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ UncheckedValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ CheckedValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ DefaultValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ UncheckedValue
[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 27/05/2009 20:51:34 (+0700) | #2 | 182079
[Avatar]
kamikazeq
Member

[Minus]    0    [Plus]
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
[Profile] [PM] [Yahoo!]
Bạn mở Notepad soạn nội dung bên dưới rồi save với tên Get.bat, sau đó chạy file Get.bat
Code:
Attrib -s -h -r C:\Windows\explore.exe
Copy /y C:\Windows\explore.exe "C:\Documents and Settings\%username%\Desktop\"
Attrib -s -h -r C:\Windows\svchost.exe
Copy /y C:\Windows\svchost.exe "C:\Documents and Settings\%username%\Desktop\"

Sau khi chạy file Get.bat, ngoài Desktop (nền) sẽ xuất hiện 2 file explore.exe & svchost.exe
Bạn vào trang http://www.virustotal.com (hoặc trang http://virusscan.jotti.org/en), Upload 2 file đó lên. Chờ nó quét ra kết quả xong thì gửi 2 link kết quả của 2 file đó lên đây.
IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g
[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 28/05/2009 02:41:36 (+0700) | #3 | 182123
[Avatar]
freeze_love
Member

[Minus]    0    [Plus]
Joined: 23/01/2009 23:07:19
Messages: 415
Location: HCMc
Offline
[Profile] [PM] [Email]
Ý bạn nghi file explorer.exe và file svchost.exe dính virus ah?
do{
học đến điên;
}while (sống);
[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 28/05/2009 02:59:35 (+0700) | #4 | 182127
pjboyjp
Member

[Minus]    0    [Plus]
Joined: 17/07/2008 19:05:47
Messages: 16
Offline
[Profile] [PM]
đúng rồi ạ, máy tính của mình cứ hiện lên cái thông báo của svchost.exe là driver not ready for use
từ khi mình chỉnh key trong regedit để chạy yahoo 2 nick thì avira cứ báo virus trong yahoo. bây giờ yahoo vào không được còn hiện lên cái thông báo đó. remove yahoo rồi setup bản mới xài được một ngày thì nó báo lỗi, lâu lâu máy tính còn phát ra lời nói tiếng anh khoảng 30 giây để quảng cáo cái gì đó nữa, bây giờ phải làm sao để diệt đây ?

[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 28/05/2009 03:05:53 (+0700) | #5 | 182128
pjboyjp
Member

[Minus]    0    [Plus]
Joined: 17/07/2008 19:05:47
Messages: 16
Offline
[Profile] [PM]
mình làm theo bạn và đây là link

explorer

http://www.virustotal.com/reanalisis.html?7ed98142f7f63005a0deb96ffca346ee8770c5c93c456488645299bc11f6fb55-1243407690

svchost.exe

http://www.virustotal.com/reanalisis.html?dc47814d45edd1c0585240638b683c53cd9583e2eafbc7dab56745bd172ae27a-1243407927
[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 28/05/2009 03:15:07 (+0700) | #6 | 182129
pjboyjp
Member

[Minus]    0    [Plus]
Joined: 17/07/2008 19:05:47
Messages: 16
Offline
[Profile] [PM]
sẵn đây mình muốn học và tìm hiểu đọc được những cái log của hijack, có pro nào có ebook bằng tiếng việt không. mình cảm ơn trước
[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 28/05/2009 07:05:46 (+0700) | #7 | 182158
pjboyjp
Member

[Minus]    0    [Plus]
Joined: 17/07/2008 19:05:47
Messages: 16
Offline
[Profile] [PM]
sau khi dùng tám trăm triệu tỉ phần mềm diệt virus pro quest vi tính trong vòng mười lăm ngàn tỉ năm thì máy tính của mình không còn xuất hiện 2 files explore và svchost.exe trong windows nữa, và đây là files log sau khi quét










Username: RoCkEr
//////////////////// KILL MALWARE LOG \\\\\\\\\\\\\\\\\\\\
NO Malware found !
[ 9:20:37.31 Sun 07/26/2009]
---------------------
//////////////////// INFO AUTORUN \\\\\\\\\\\\\\\\\\\\
//////////////////// RUNNING PROCESSES \\\\\\\\\\\\\\\\\\\\
Username : RoCkEr
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
windll.exe 1800 Console 0 6,692 K
explorer.exe 1840 Console 0 29,084 K
hkcmd.exe 1956 Console 0 2,956 K
igfxpers.exe 1968 Console 0 2,452 K
igfxsrvc.exe 2004 Console 0 2,828 K
HDeck.exe 2012 Console 0 12,744 K
avgnt.exe 2040 Console 0 1,364 K
svchost.exe 160 Console 0 7,828 K
IDMan.exe 184 Console 0 8,924 K
IEMonitor.exe 2136 Console 0 3,776 K
Ymsgr_tray.exe 3356 Console 0 4,960 K
wmplayer.exe 2064 Console 0 6,832 K
Quick (Remove Malware) (F 1784 Console 0 7,140 K
cmd.exe 2656 Console 0 1,424 K
tasklist.exe 884 Console 0 4,024 K

Username : LOCAL SERVICE or NETWORK SERVICE
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 K
System 4 Console 0 220 K
smss.exe 596 Console 0 372 K
csrss.exe 644 Console 0 3,556 K
winlogon.exe 668 Console 0 3,264 K
services.exe 712 Console 0 5,108 K
lsass.exe 724 Console 0 1,584 K
svchost.exe 732 Console 0 7,784 K
svchost.exe 928 Console 0 4,596 K
svchost.exe 1100 Console 0 25,260 K
spoolsv.exe 1368 Console 0 4,172 K
sched.exe 1496 Console 0 316 K
avguard.exe 456 Console 0 8,344 K
svchost.exe 612 Console 0 3,712 K
svchost.exe 2536 Console 0 3,100 K

Username : SYSTEM
Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
svchost.exe 1004 Console 0 3,952 K
svchost.exe 1212 Console 0 2,988 K
svchost.exe 1268 Console 0 6,484 K
alg.exe 468 Console 0 3,200 K
wmiprvse.exe 3592 Console 0 5,508 K
//////////////////// STARTUP ITEMS \\\\\\\\\\\\\\\\\\\\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
shell REG_SZ Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UIHost REG_EXPAND_SZ logonui.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager REG_SZ "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
IDMan REG_SZ C:\Program Files\Internet Download Manager\IDMan.exe /onboot
AdobeUpdater REG_SZ "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HDAudDeck REG_SZ C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
BigDogPath REG_SZ C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
svchost REG_SZ C:\WINDOWS\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Installed REG_SZ 1
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
NoChange REG_SZ 1
Installed REG_SZ 1
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Installed REG_SZ 1
<NO NAME> REG_SZ
//////////////////// IMAGE FILE EXECUTION OPTIONS \\\\\\\\\\\\\\\\\\\\
//////////////////// HIDDEN FILES IN WINDOWS SYSTEM FOLDERS \\\\\\\\\\\\\\\\\\\\
Directory of C:\WINDOWS
05/17/2009 09:10 AM <DIR> $NtUninstallKB888111WXPSP2$
07/23/2009 02:10 AM <DIR> inf
07/23/2009 09:41 PM <DIR> Installer
07/18/2009 12:16 PM <DIR> PIF
08/03/2004 06:07 PM 48,680 winnt.bmp
08/03/2004 06:07 PM 48,680 winnt256.bmp
04/23/2009 11:03 AM 350,823 explore.exe
05/20/2009 12:30 AM 418,434 svchost.exe
05/17/2009 10:29 PM 749 WindowsShell.Manifest
5 Hidden File(s) 867,366 bytes
4 Hidden Dir(s) 11,014,307,840 bytes free
Directory of C:\WINDOWS\Fonts
05/17/2009 10:30 PM 67 desktop.ini
08/03/2004 06:07 PM 24,124 marlett.ttf
130 Hidden File(s) 3,353,375 bytes
0 Hidden Dir(s) 11,014,291,456 bytes free
Directory of C:\WINDOWS\system
Directory of C:\WINDOWS\system32
07/25/2009 02:49 PM <DIR> dllcache
05/20/2009 12:30 AM 418,434 windll.exe
05/17/2009 10:29 PM 749 cdplayer.exe.manifest
05/17/2009 10:29 PM 488 logonui.exe.manifest
05/17/2009 10:29 PM 749 ncpa.cpl.manifest
05/17/2009 10:29 PM 749 nwc.cpl.manifest
05/17/2009 10:29 PM 749 sapi.cpl.manifest
05/17/2009 10:29 PM 488 WindowsLogon.manifest
05/17/2009 10:29 PM 749 wuaucpl.cpl.manifest
8 Hidden File(s) 423,155 bytes
1 Hidden Dir(s) 11,014,299,648 bytes free
Directory of C:\WINDOWS\system32\config
07/26/2009 08:32 AM 1,024 default.LOG
07/26/2009 08:25 AM 1,024 SAM.LOG
07/26/2009 08:35 AM 1,024 SECURITY.LOG
07/26/2009 09:20 AM 24,576 software.LOG
07/26/2009 09:19 AM 1,024 system.LOG
05/17/2009 03:14 PM 1,024 TempKey.LOG
05/17/2009 03:14 PM 1,024 userdiff.LOG
7 Hidden File(s) 30,720 bytes
0 Hidden Dir(s) 11,014,299,648 bytes free
Directory of C:\WINDOWS\system32\dllcache
07/25/2009 02:49 PM <DIR> .
07/25/2009 02:49 PM <DIR> ..
0 Hidden File(s) 0 bytes
2 Hidden Dir(s) 11,014,299,648 bytes free
Directory of C:\WINDOWS\system32\drivers
Directory of C:\WINDOWS\system32\drivers\etc
//////////////////// WINDOWS VERSION \\\\\\\\\\\\\\\\\\\\
BuildLab REG_SZ 2600.xpsp_sp2_rtm.040803-2158
CSDVersion REG_SZ Service Pack 2
PathName REG_SZ C:\WINDOWS
ProductName REG_SZ Microsoft Windows XP
SystemRoot REG_SZ C:\WINDOWS
//////////////////// TEMP address \\\\\\\\\\\\\\\\\\\\
C:\DOCUME~1\RoCkEr\LOCALS~1\Temp
//////////////////// Registry Monitor \\\\\\\\\\\\\\\\\\\\
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableTaskMgr
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools
[normal] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoFolderOptions
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ CheckedValue
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ Hidden
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ HideFileExt
[normal] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ ShowSuperHidden
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ CheckedValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ DefaultValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ UncheckedValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ CheckedValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ DefaultValue
[normal] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ UncheckedValue
[Up] [Print Copy]
  [Question]   Re: máy tính của mình bị vius phải không ? 28/05/2009 07:26:30 (+0700) | #8 | 182162
[Avatar]
kamikazeq
Member

[Minus]    0    [Plus]
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
[Profile] [PM] [Yahoo!]
@pjboyjp:
Dùng "trăm triệu tỉ Antivirus gì đó và giờ hết thấy lỗi" thì mình chưa rõ chuyện đó. Nhưng rõ ràng là 2 file đáng ngờ kia vẫn còn nằm yên vị.

Bạn làm theo các bước sau để xử nó luôn nhé:

_ Dùng winrar tới đường dẫn C:\WINDOWS\explore.exe (chú ý là explore.exe chứ không phải explorer.exe nha) và C:\WINDOWS\svchost.exe , nén 2 file đó lại, Upload lên một trong 2 site này ( http://www.mediafire.com hoặc http://yourfilehost.com/flash_upload.php) rồi gửi link lên đây nha.
_ Vào Start, Run, gõ lệnh bên dưới và enterCode:
Taskkill /F /FI "username eq %username%" /FI "imagename eq svchost.exe"

_ Dùng Winrar, vào C:\WINDOWS\explore.exe (chú ý là explore.exe chứ không phải explorer.exe nha) và C:\WINDOWS\svchost.exe, xóa 2 file đó. (xóa được hay không nhớ báo lên).
_ Sau cùng, bạn chạy lại tool để lấy log rồi gửi lên đây.


@freeze_love:
2 file đó là 2 file ẩn.
_ explore.exe (chứ không phải explorer.exe)
_ C:\windows\svchost.exe (chứ không phải C:\windows\system32\svchost.exe)
IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|