Esurf biz - wirus strona startowa


(Suicider) #1

FRST


(Acorus) #2

b.txt


(Suicider) #3

esurf.biz jako strona startowa nadal jest.

FRST


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
AutoConfigURL: [S-1-5-21-3449514795-620400099-3138170-1002] = hxxp://get-access.me/wpad.dat?bd20cd05149f8bd89d0e6b069aec122a1584460
R2 Adobe Updater Service; C:\ProgramData\Adobe Roaming\adb_upd.exe [3613710 2014-07-29] () [Brak podpisu cyfrowego]
2015-11-08 13:58 - 2015-11-08 15:03 - 00000000 ____ D C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
C:\ProgramData\*.log
C:\ProgramData\Adobe Roaming
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST

 

 


(Suicider) #5

Nadal to samo.

Strona główna po uruchomieniu FF to http://esurf.biz/?ssid=1446987427&a=1003800

FRST


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - "hxxp://esurf.biz/?ssid=1446987427a=1003800"
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj C:\FRST


(Suicider) #7

Włączyłem FF, najpierw normalna strona startowa potem znowu esurf biz.

FRST


(Atis) #8

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-21-3449514795-620400099-3138170-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
R2 iAuthSvc; C:\ProgramData\Apple Europe\iAuthSvc.exe [19456 2015-04-26] () [Brak podpisu cyfrowego]
S4 Realtek HD Audio Service Bundle; C:\ProgramData\Realtek Bundle\rsvb_svc.exe [32256 2015-06-30] () [Brak podpisu cyfrowego]
C:\ProgramData\Realtek Bundle
C:\ProgramData\Apple Europe
2014-01-04 18:35 - 2014-01-04 18:35 - 0000331 ____ H () C:\Users\Admin\AppData\Local\CacheConfig.dat
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1446987427&a=1003800"
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.