Vraag & Antwoord

Beveiliging & privacy

Trojan verwijderen?

7 antwoorden
  • Overgestapt naar NOD32; vond gelijk een trojan die NAV niet gefixt/gezien heeft!!!!!!!!!!! Laatste update geinstalleerd en na scannen volgt dit .log bestand. Scanning Log NOD32 version 1.912 (20041029) NT Checking CRC of the NOD32.EXE file: status OK Operating memory is OK. Error occured while scanning MBR sector of the 2. physical disk. Error reading sector. date: 29.10.2004 time: 16:16:49 Scanned disks, directories and files: C:; D: C:\pagefile.sys - error opening (access denied) [4] C:\hiberfil.sys - error opening (access denied) [4] [b:e8b63cd702]C:\WINDOWS\system32\msdlupd.dll - Win32/TrojanDownloader.Dyfica.CU trojan[/b:e8b63cd702] C:\WINDOWS\system32\config\system.LOG - error opening (file locked) [4] C:\WINDOWS\system32\config\software.LOG - error opening (file locked) [4] C:\WINDOWS\system32\config\default.LOG - error opening (file locked) [4] C:\WINDOWS\system32\config\SAM.LOG - error opening (file locked) [4] C:\WINDOWS\system32\config\SECURITY.LOG - error opening (file locked) [4] C:\WINDOWS\system32\config\DEFAULT - error opening (file locked) [4] C:\WINDOWS\system32\config\SECURITY - error opening (file locked) [4] C:\WINDOWS\system32\config\SOFTWARE - error opening (file locked) [4] C:\WINDOWS\system32\config\SYSTEM - error opening (file locked) [4] C:\WINDOWS\system32\config\SAM - error opening (file locked) [4] C:\WINDOWS\Temp\ZLT05d98.TMP - error opening (file locked) [4] C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (file locked) [4] C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (file locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (file locked) [4] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (file locked) [4] C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (file locked) [4] C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (file locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (file locked) [4] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (file locked) [4] C:\Documents and Settings\Jos \ntuser.dat.LOG - error opening (file locked) [4] C:\Documents and Settings\Jos \ntuser.dat - error opening (file locked) [4] C:\Documents and Settings\Jos \Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (file locked) [4] C:\Documents and Settings\Jos \Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (file locked) [4] number of scanned files: 149907 number of viruses found: 1 time of completion: 16:29:02 total scanning time: 733 sec (00:12:13) Notes: [4] File cannot be open. It is being exclusively used by another application or operating system. Kan ik msdlupd.dll verwijderen zonder problemen te krijgen :-?
  • Ja.
  • http://www.giantcompany.com/antispyware/research/spyware/spyware-MoneyTree.aspx [quote:0c5e457e40]MonyeTree may also install a Browser helper Object (BHO). MonyeTree may also use direct EXE file downloads to distribute the same dialers; this process does not leave an ActiveX control loaded. MoneyTree variants: MoneyTree/NSUpdate: installs nsupdate.dll and NSupd9x.inf in the Downloaded Program Files folder. MoneyTree/NSLite: installs nslite.dll and nslite.inf in the Downloaded Program Files folder. MoneyTree/UniDist: installs UniDist.ocx and UniDist.inf in the Downloaded Program Files folder. MoneyTree/MultiDist: installs MulDist.ocx and MulDist.inf in the Downloaded Program Files folder. MoneyTree/DyFuCA: installs dyfuca.ocx and dyfuca.inf in the Downloaded Program Files folder. This variant typically installs the InternetOptimizer parasite. The DyFuCA variant typically installs the InternetOptimizer threat which is an error page hijacker for Internet Explorer. [/quote:0c5e457e40]
  • [quote:b3e5eee8aa="turbulence"]http://www.giantcompany.com/antispyware/research/spyware/spyware-MoneyTree.aspx [quote:b3e5eee8aa]MonyeTree may also install a Browser helper Object (BHO). MonyeTree may also use direct EXE file downloads to distribute the same dialers; this process does not leave an ActiveX control loaded. MoneyTree variants: MoneyTree/NSUpdate: installs nsupdate.dll and NSupd9x.inf in the Downloaded Program Files folder. MoneyTree/NSLite: installs nslite.dll and nslite.inf in the Downloaded Program Files folder. MoneyTree/UniDist: installs UniDist.ocx and UniDist.inf in the Downloaded Program Files folder. MoneyTree/MultiDist: installs MulDist.ocx and MulDist.inf in the Downloaded Program Files folder. MoneyTree/DyFuCA: installs dyfuca.ocx and dyfuca.inf in the Downloaded Program Files folder. This variant typically installs the InternetOptimizer parasite. The DyFuCA variant typically installs the InternetOptimizer threat which is an error page hijacker for Internet Explorer. [/quote:b3e5eee8aa][/quote:b3e5eee8aa] Zou je misschien iets meer uitleg kunnen geven bij de hyperlinks :-?
  • das gewoon een site die jou verteld wat voor trojan het is .. eentje die spyware op je pc zet dus ... overigens is internet optimiser terug te vinden in je software gedeelte .. dus lijkt het me logisch als money tree er ook zal staan ... spybot vind hem ook, ik weet eigenlijk alleen niet of die de bestanden ook verwijdert ... maar het verwijderen van die bestanden staat prima uitgelegd op die giantdinges site :) zal dus ook wel een zooi bagger in je program files staan .. Zet anders eens een hijack this logje neer en laat ze die ff sjeckuhh ...
  • Ad-aware & Spybot systeem laten scannen. Vervolgens Spywareblaster geinstalleerd! Hierna Spy Sweeper geinstalleerd en laten scannen. Deze vond nog 16 stuks spyware en "180 tracks". Voor de zekerheid maar een HijackThis.log: Logfile of HijackThis v1.98.2 Scan saved at 15:55:25, on 31-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AutoSizer\AutoSizer.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\ups.exe C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\iexplore.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccnet.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hccnet.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hccnet.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &HCC Hulp - {0BFDDA12-9C1A-46B8-9681-AFF63C2A1EF0} - C:\PROGRA~1\hcchulp\HCCHulp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.biblioservice.net/msrdp.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7 O17 - HKLM\System\CS1\Services\Tcpip\..\{1F368752-FE48-4A58-8534-1B7F1EE3E58F}: NameServer = 62.251.0.6 62.251.0.7 Nog iets fixen :-?
  • Deze: [b:6c31ac76f7]O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -[/b:6c31ac76f7]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.