Trojan z pendrive-a

:Processes Explorer.EXE :OTL PRC - [2008-09-09 19:31:52 | 00,015,884 | ---- | M] () – C:\WINDOWS\lsass.exe O4 - HKLM…\Run: [lsass.exe] C:\WINDOWS\lsass.exe () O4 - HKLM…\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs () O32 - AutoRun File - [2009-11-28 12:38:26 | 00,000,104 | RHS- | M] () - C:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-11-28 12:38:26 | 00,000,104 | RHS- | M] () - D:\autorun.inf – [NTFS] O33 - MountPoints2{534a2258-d7ad-11de-bdc9-4d6564696130}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{534a2258-d7ad-11de-bdc9-4d6564696130}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{7c98d1ca-b6be-11de-84f5-806d6172696f}\Shell - “” = AutoRun O33 - MountPoints2{7c98d1cb-b6be-11de-84f5-806d6172696f}\Shell - “” = AutoRun O33 - MountPoints2{a249ce5b-c0ef-11de-bda7-4d6564696130}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{a249ce5b-c0ef-11de-bda7-4d6564696130}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{a249ce5c-c0ef-11de-bda7-4d6564696130}\Shell\AutoRun\command - “” = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{a249ce5c-c0ef-11de-bda7-4d6564696130}\Shell\open\command - “” = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{b6badc98-d77a-11de-bdc8-4d6564696130}\Shell - “” = AutoRun O33 - MountPoints2{b6badc9a-d77a-11de-bdc8-4d6564696130}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{b6badc9a-d77a-11de-bdc8-4d6564696130}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{b6badc9b-d77a-11de-bdc8-4d6564696130}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{b6badc9b-d77a-11de-bdc8-4d6564696130}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{e9fbcf9a-d6c6-11de-bdc6-4d6564696130}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{e9fbcf9a-d6c6-11de-bdc6-4d6564696130}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{e9fbcf9d-d6c6-11de-bdc6-4d6564696130}\Shell\AutoRun\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{e9fbcf9d-d6c6-11de-bdc6-4d6564696130}\Shell\open\command - “” = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found [2009-11-28 12:39:00 | 00,003,642 | RHS- | M] () – C:\MS32DLL.dll.vbs :Commands [emptytemp] [start explorer]

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

giga89 · 28 Listopad 2009 11:52

tu jeszcze log z enginera : http://wklej.org/id/218220/ zabieram sie za powyższe wskazówki

– Dodane 28.11.2009 (So) 12:57 –

log z OTL po fixie http://wklej.org/id/218225/ . W czasie fixu wyskoczył błąd że trwa zamykanie procesu lsass.exe i było odliczanie 1min do restartu systemu. ALe tak chyba miało być ?

– Dodane 28.11.2009 (So) 13:01 –

Nowy log z OTL http://wklej.org/id/218227/

– Dodane 29.11.2009 (N) 13:15 –

Odkąd załapałęm vira nie moge otworzyć dysków z dwukliku … zamiast otwarcia pojawia się “wyszukaj” . Więc zeby otworzyć dysk , muszę kliknąć prawym i dać “otwórz” . Zainstalowałem NIS 2010, wykrył co nieco no ale problem z otwieraniem dysku został . LOG z HJT : http://wklej.org/id/219225/

– Dodane 01.12.2009 (Wt) 23:04 –

Dalej czekam na odpowiedź…