Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan fake alert verwijderen

None
8 antwoorden
  • hallo
    kan iemand mij helpen om deze trojan te verwijderen
    ik kryg er een punt hoofd van weet kryg het niet weg

    weet iemand iets om te downloaden of iets dergelijks

    heb in mn toolbar iets van gxvpsafm.dll maar kryg het niet weg
    ik hoor graag van jullie

    bvd
  • dat is geen fake

    maak toch voor de zekerheid een hijackthis log
  • weet nie of je dit bedoeld

    heb late scanne met malwarebytes

    als dit niet is wat je bdoelt dan hoor ik het wel


    Malwarebytes' Anti-Malware 1.24
    Database versie: 1045
    Windows 5.1.2600 Service Pack 2

    19:34:36 12/08/2008
    mbam-log-8-12-2008 (19-34-36).txt

    Scan type: Snelle Scan
    Objecten gescand: 53574
    Verstreken tijd: 13 minute(s), 13 second(s)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 4
    Registersleutels geïnfecteerd: 19
    Registerwaarden geïnfecteerd: 5
    Registerdata bestanden geïnfecteerd: 3
    Mappen geïnfecteerd: 7
    Bestanden geïnfecteerd: 45

    Geheugenprocessen geïnfecteerd:
    C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe (Rogue.DriveCleaner) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\khfGaaXq.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\awtqnolM.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\gxvpsafm.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\gfetqaxsbfk.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40360797-5444-4a66-8317-9dd9b95ffa3d} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{40360797-5444-4a66-8317-9dd9b95ffa3d} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{e55e1c86-434d-46f9-a253-2de4ab3f9734} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e55e1c86-434d-46f9-a253-2de4ab3f9734} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqnolm (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{2f4b2f9e-6e2d-4fcc-a0ac-10b97b0bec38} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{fcec91ba-d0aa-4c87-ac80-45891152c8bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63733480-2cc8-4334-8627-35651aaf74f4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{53600c72-ac0c-4766-bd48-b5f3530eb5e5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f712b746-2cb5-4c3a-bcdd-7c26bd4dac97} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{78e1b695-9027-496a-99dc-f3f340f4b6f0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bdf21582-f109-4bab-a660-437476cf0d2a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdf21582-f109-4bab-a660-437476cf0d2a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\gxvpsafm.bnae (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e55e1c86-434d-46f9-a253-2de4ab3f9734} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{63733480-2cc8-4334-8627-35651aaf74f4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wa6pm_check (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgaaxq -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgaaxq -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00305) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    C:\Program Files\Common Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Start Menu\Programs\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\khfGaaXq.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\qXaaGfhk.ini (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\qXaaGfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtqnolM.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\Sys8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\gxvpsafm.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\gfetqaxsbfk.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\pntqkflv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\efks.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys18.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys1A.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys1B.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys80.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Sys81.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXNHYpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnllmlI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\administratorrr\Local Settings\Temp\doycdifk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\administratorrr\Local Settings\Temporary Internet Files\Content.IE5\LT78XWCD\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\administratorrr\Local Settings\Temporary Internet Files\Content.IE5\LT78XWCD\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\DriveCleaner Free\udcwap.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\tovafrnm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\qegbdmwf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\pat\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  • een dikke vundo infectie dus

    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358

    heb je meer informatie

    laat de rest aan goede lezers over
  • Een logje met HiJackThis - zie de verwijzing van Sjouwer - zou nog wel erg nuttig kunnen zijn om de rest van de besmetting op te ruimen.
  • nou kape

    deze wil geloof ik niet verder geholpen worden
  • [quote:211b39f9ca="sjouwer"]deze wil geloof ik niet verder geholpen worden[/quote:211b39f9ca] Daar lijkt het wel op. Moet het zelf weten, natuurlijk :?
  • [quote:462afad6d4="sjouwer"]een dikke vundo infectie dus[/quote:462afad6d4]

    Of systeem overleden aan de infectie…….

    :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.