Trojan win32.kryptik.MHB , logi OTL,HJT


(Marusg) #1

Witam! Mam problem z wspomnianym trojanem, NOD32 go wykrył ale nie potrafi usunąć. Objawy to spowolnienie działania kompa i crashowanie wszystkich przeglądarek.

oto logi z OTL i HiJackThis, chciałem zrobić loga Combofixem ale wywala bluescreena przy uruchamianiu programu.

OTL http://wklej.org/id/522603/

Extras http://wklej.org/id/522605/

HJT http://wklej.org/id/522606/

z góry dzięki za pomoc.

pozdrawiam

Marek


(Acorus) #2

Przeskanuj programem Dr.WEB CureIt http://ftp.drweb.com/pub/drweb/cureit/launch.exe


(Marusg) #3

wirus backDoor.tdss.4005

wcisnąłem wylecz ale natychmiat się zrestartował, nie wiem czy powinno tak być.

Teraz skanuje Malwarebytes i jeszcze jakieś infekcje znajduje.


(Filips849) #4

Backdoor.TDSS to jest koń trojański, który naraża pliki systemowe i dane osobowych na duże ryzyko kradzieży lub zagrożone. :!: :!: :!:

Jak chcesz go usunąć musisz wykonać czynności poniżej, no chyba, że udało ci się go usunąć.

Pliki związane z zakażeniem Backdoor.TDSS:

TDSScfub.dll

TDSSnrsr.dll

TDSSmaxt.sys

TDSSriqp.dll

TDSSoeqh.dll

TDSSfpmp.dll

TDSSnrse.dll

TDSSciou.dll

TDSScfgb.dll

TDSSmhxt.sys

TDSSliqp.dll

TDSSmhct.sys

TDSSosvn.dat

instalacji [1]. exe

ati8quxx.sys

Setupapi.dll

~ Tmpa.exe

bnmio.exe

bd3q0qix.exe

vamsoft.exe

iii [1]. exe

obciążenie [1]. exe

winafoe.exe

ParisHilton [1]. Exe

winkfmc.exe

TckBX673.exe

karty [1]. exe

ert51791.exe

AdwarePro.exe

AdwarePro_Setup [1]. Exe

SSEngine.dll

StartApp.exe

1 [1]. Exe

sysguardn.exe

free_scan.exe

ntos.exe

usp10.dll

Omahonafazeq.dll

new23 [1]. exe

gr [2]. exe

adv111 [1]. exe

new26 [1]. exe

281681216.exe

SetupAntivirusXP [1]. Exe

ieupdates.exe

28823330.exe

Test.exe

ładowarka [1]. exe

Hyves_Browser.exe

Hyves_Browser_Instalation.exe

i386si.sys

duzfajdjnnyxethwo.dll

fwanqtvosgmeh.dll

9179499.exe

1462403437.exe

uxeqipuzimocin.dll

cvucujahoza.dll

oqarib.dll

Winlogin.exe

AntivirusXP.exe

vvunbwrhxa.exe

imod3.dll

file.exe

winlogon.exe

UACd.sys

svchost.exe

tdssadw.dll

hapldpbpoz.dll

ytasfwkoslyqdk.dll

googletoolbar_download.exe

gasfkyfpcrnmxg.dll

gasfkydovvwqoh.dll

ktk57D9.tmp.exe

wow64main.exe

wscsvc32.exe

TDSScfub.dll

TDSSnrsr.dll

TDSSmaxt.sys

TDSSriqp.dll

TDSSoeqh.dll

TDSSfpmp.dll

TDSSnrse.dll

TDSSciou.dll

TDSScfgb.dll

TDSSmhxt.sys

TDSSliqp.dll

TDSSmhct.sys

services.exe

svhost.exe

iemodule.dll

clspackxq.exe

settdebugx.exe

Installer.exe

winhbt.exe

cliconfg64.exe

winhlp64.exe

eventcreatexp.exe

wsdkrlxp.exe

mscdexnt.exe

D.tmp

file.exe, winlogon.exe

file.exe, winlogon.exe

iv.exe

kbiwkmvttkqppj.dll

lasmcnyjaa.dll

mdqhqxcejju.dll

mplay32xe.exe

osajuhzzwtyo.dll

TDSSosvd.dll, TDSSofxh.dll

twunk_32x.exe

UACnqxnsethfqsyxcr.dll

UACqkppyodbawkldgu.dll

UACqxtiekcnbouoins.dll

UACwusibnevxscvntv.dll

UACyctgyibvpiextci.dll

Backdoor.TDSS biblioteki DLL do usunięcia:

TDSScfub.dll

TDSSnrsr.dll

TDSSriqp.dll

TDSSoeqh.dll

TDSSfpmp.dll

TDSSnrse.dll

TDSSciou.dll

TDSScfgb.dll

TDSSliqp.dll

Setupapi.dll

SSEngine.dll

usp10.dll

Omahonafazeq.dll

duzfajdjnnyxethwo.dll

fwanqtvosgmeh.dll

uxeqipuzimocin.dll

cvucujahoza.dll

oqarib.dll

imod3.dll

tdssadw.dll

hapldpbpoz.dll

ytasfwkoslyqdk.dll

gasfkyfpcrnmxg.dll

gasfkydovvwqoh.dll

TDSScfub.dll

TDSSnrsr.dll

TDSSriqp.dll

TDSSoeqh.dll

TDSSfpmp.dll

TDSSnrse.dll

TDSSciou.dll

TDSScfgb.dll

iemodule.dll

kbiwkmvttkqppj.dll

lasmcnyjaa.dll

mdqhqxcejju.dll

osajuhzzwtyo.dll

TDSSosvd.dll, TDSSofxh.dll

UACnqxnsethfqsyxcr.dll

UACqkppyodbawkldgu.dll

UACqxtiekcnbouoins.dll

UACwusibnevxscvntv.dll

UACyctgyibvpiextci.dll

Backdoor.TDSS procesów kill:

instalacji [1]. exe

~ Tmpa.exe

bnmio.exe

bd3q0qix.exe

vamsoft.exe

iii [1]. exe

obciążenie [1]. exe

winafoe.exe

ParisHilton [1]. Exe

winkfmc.exe

TckBX673.exe

karty [1]. exe

ert51791.exe

AdwarePro.exe

AdwarePro_Setup [1]. Exe

StartApp.exe

1 [1]. Exe

sysguardn.exe

free_scan.exe

ntos.exe

new23 [1]. exe

gr [2]. exe

adv111 [1]. exe

new26 [1]. exe

281681216.exe

SetupAntivirusXP [1]. Exe

ieupdates.exe

28823330.exe

Test.exe

ładowarka [1]. exe

Hyves_Browser.exe

Hyves_Browser_Instalation.exe

9179499.exe

1462403437.exe

Winlogin.exe

AntivirusXP.exe

vvunbwrhxa.exe

file.exe

winlogon.exe

svchost.exe

googletoolbar_download.exe

ktk57D9.tmp.exe

wow64main.exe

wscsvc32.exe

services.exe

svhost.exe

clspackxq.exe

settdebugx.exe

Installer.exe

winhbt.exe

cliconfg64.exe

winhlp64.exe

eventcreatexp.exe

wsdkrlxp.exe

mscdexnt.exe

file.exe, winlogon.exe

file.exe, winlogon.exe

iv.exe

mplay32xe.exe

twunk_32x.exe

Usuń wpisy Backdoor.TDSS rejestru:

TDSS

Microsoft \ Windows NT \ CurrentVersion \ tdssdata

Microsoft \ Windows \ CurrentVersion \ Run \ kxva

Microsoft \ Windows \ CurrentVersion \ Uninstall \ AdwarePro

Microsoft \ Windows \ CurrentVersion \ Run \ AdwareProMFCT

Adware Pro

Microsoft \ Windows \ CurrentVersion \ App Paths \ AdwarePro.exe

Microsoft \ Windows \ CurrentVersion \ Run \ sysguardn

Microsoft \ Windows \ CurrentVersion \ Run \ Mmexofumutokara

Microsoft \ Windows \ CurrentVersion \ Run \ 281681216

AntivirusXP

Microsoft \ Windows \ CurrentVersion \ Explorer \ MenuOrder \ Start Menu2 \ Programy \ AntivirusXP

Microsoft \ Windows \ CurrentVersion \ Uninstall Browser \ Hyves

Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {bbe160c6-8bd8-4ac6-2473-08baeca009ec}

Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {CDAA8EDA-5EBE-B4C8-8205-5C732F6F815E}

:stuck_out_tongue: :stuck_out_tongue: :stuck_out_tongue: