Usunięcie wirusa z karty pamięci na telefonie

Dla specjalistów Bezpieczeństwo
#1

Siemka!

Niestety mam wirusa na karcie w swoim fonie. Po podłączeniu zamiast otwórz mam Open O lub jakieś Xx. Jak to usunąć?

#2

Podłacz telefon do kompa i:

Podaj log z Combofix

#3

Masz go na karcie pamięci więc wystarczy, że kartę podłączysz do komputera czytnik i kartę, a potem usuniesz wirusa. Większy problem jeśli wirus zainfekował komórkę.

#4

Usunać wirusa Spod Windowsa jest trudno, ale pomoże nam w tym combofix

#5

Komórka nie jest zainfekowana tylko karta pamięci.

#6

To podłącz ja do kompa i daj log a Combofix

#7

OK i tak zrobię mam tylko pytanie. Mój fon obsługuje karty mini-SD i nie mam czytnika obsługującego ten format. Wystarczy podłączyć fon i powinno wszystko grać.

#8

Tak

#9

Log:

ComboFix 08-07-28.4 - Levuss 2008-07-29 9:15:02.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.729 [GMT 2:00]

Running from: C:\Documents and Settings\Levuss\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\windows\system32\explorer.exe

C:\WINDOWS\system32\install.exe

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))

.

2008-07-27 09:21 . 2008-07-27 09:21

2008-07-27 09:21 . 2002-12-26 15:57 86,016 --a------ C:\WINDOWS\system32\FCVAP.dll

2008-07-27 09:21 . 2002-12-26 15:57 65,536 --a------ C:\WINDOWS\system32\EZFRD.dll

2008-07-26 09:20 . 2008-07-29 08:46 186,097 --a------ C:\WINDOWS\system32\nvapps.xml

2008-07-26 09:19 . 2008-07-26 09:19

2008-07-26 09:19 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-07-26 09:19 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-07-26 09:19 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-07-24 15:53 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-24 15:52 . 2008-07-24 15:53

2008-07-24 15:52 . 2008-07-24 15:52

2008-07-23 22:57 . 2008-07-23 22:57

2008-07-23 22:56 . 2008-07-14 19:29

2008-07-23 22:56 . 2008-07-14 19:29

2008-07-23 22:56 . 2008-07-14 17:34

2008-07-23 22:56 . 2008-07-14 19:29

2008-07-23 22:56 . 2008-07-14 19:29

2008-07-23 22:56 . 2008-07-14 19:29

2008-07-23 22:56 . 2008-07-14 19:29

2008-07-23 22:56 . 2008-07-23 22:56

2008-07-23 22:55 . 2008-07-23 22:55

2008-07-23 13:02 . 2008-07-23 22:46

2008-07-22 20:51 . 2008-07-22 20:51

2008-07-22 20:51 . 2008-07-22 20:51

2008-07-21 22:13 . 2008-07-21 22:13

2008-07-21 15:10 . 2008-07-21 15:10 4,096 --a------ C:\WINDOWS\d3dx.dat

2008-07-21 15:08 . 2008-07-21 15:18

2008-07-21 15:08 . 2006-12-15 12:04 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl

2008-07-20 19:08 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-20 16:42 . 2008-07-20 16:42

2008-07-19 13:19 . 2008-07-25 07:24

2008-07-16 18:12 . 2008-07-16 18:13

2008-07-16 17:58 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-07-16 17:58 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-07-16 17:58 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-07-16 17:58 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-07-15 21:47 . 2008-07-22 21:40

2008-07-15 21:46 . 2008-07-15 21:46

2008-07-15 21:46 . 2006-12-27 14:30 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-07-15 21:46 . 2006-12-27 14:30 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-07-15 21:46 . 2006-12-27 14:30 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-15 21:46 . 2006-12-27 14:30 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-07-15 21:45 . 2008-07-15 21:45

2008-07-15 21:45 . 2008-07-15 21:45

2008-07-15 21:45 . 2008-07-15 21:45

2008-07-15 21:45 . 2008-07-28 18:36 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-14 18:51 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-07-14 18:51 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-07-14 18:50 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL

2008-07-14 18:50 . 2004-03-11 18:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe

2008-07-14 18:50 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL

2008-07-14 18:49 . 2005-02-08 14:12 2,670,592 --------- C:\WINDOWS\UNNMP.exe

2008-07-14 18:49 . 2005-06-07 11:40 49,655 --------- C:\WINDOWS\UNNMP.cfg

2008-07-14 18:48 . 2008-07-14 18:48

2008-07-14 18:48 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-07-14 18:46 . 2008-07-14 18:46

2008-07-14 18:46 . 2008-07-14 18:49

2008-07-14 18:46 . 2008-07-14 18:46

2008-07-14 18:46 . 2005-04-20 13:32 2,916,352 --------- C:\WINDOWS\UNNeroVision.exe

2008-07-14 18:46 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-07-14 18:46 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-07-14 18:46 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-07-14 18:46 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-07-14 18:46 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-07-14 18:46 . 2005-06-07 11:40 154,855 --------- C:\WINDOWS\UNNeroVision.cfg

2008-07-14 18:46 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-07-14 18:46 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-07-14 18:46 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-07-14 18:41 . 2008-07-14 18:41 427 --a------ C:\WINDOWS\ODBC.INI

2008-07-14 18:40 . 2008-07-14 18:40

2008-07-14 18:25 . 2008-07-14 18:25 1,160 --a------ C:\WINDOWS\mozver.dat

2008-07-14 18:15 . 2008-07-27 09:16

2008-07-14 18:15 . 2008-07-19 16:55

2008-07-14 18:11 . 2008-07-14 18:11 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-14 18:09 . 2008-07-14 18:10

2008-07-14 18:09 . 2008-07-28 21:13 95 --a------ C:\WINDOWS\winamp.ini

2008-07-14 18:05 . 2008-07-14 18:05

2008-07-14 18:05 . 2006-08-08 16:18 5,713,920 --a------ C:\WINDOWS\system\c6501.cpl

2008-07-14 18:05 . 2006-07-11 14:05 1,419,776 --a------ C:\WINDOWS\system32\drivers\c6501.sys

2008-07-14 18:05 . 2001-11-23 12:08 712,704 --a–c— C:\WINDOWS\system32\dllcache\a3d.dll

2008-07-14 18:05 . 2001-11-23 12:08 712,704 --a------ C:\WINDOWS\system32\c6501a3d.dll

2008-07-14 18:05 . 2001-11-23 12:08 712,704 --a------ C:\WINDOWS\system32\a3d.dll

2008-07-14 18:05 . 2006-06-30 14:05 262,144 --a------ C:\WINDOWS\Cmi6501Uninstall.exe

2008-07-14 18:05 . 2006-06-27 17:14 253,952 --a------ C:\WINDOWS\system32\c6501rm.exe

2008-07-14 18:05 . 2005-12-26 17:23 53,248 --a------ C:\WINDOWS\system32\c6501rm.dll

2008-07-14 18:05 . 2006-06-27 14:54 32,768 --a------ C:\WINDOWS\system32\c6501p.dll

2008-07-14 18:05 . 2008-07-28 19:45 213 --a------ C:\WINDOWS\system\C6501.ini

2008-07-14 18:01 . 2008-07-14 18:01

2008-07-14 18:01 . 2008-07-14 18:01

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-25 15:29 --------- d-----w C:\Program Files\InstallShield Installation Information

2008-07-25 15:26 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-14 15:55 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-07-14 15:38 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-14 15:36 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“EXPLORER.EXE”=“EXPLORER.EXE” [2006-03-02 14:00 1033728 C:\WINDOWS\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-16 14:01 13529088]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-05-16 14:01 86016]

“nwiz”=“nwiz.exe” [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

LaunchU3.exe.lnk - C:\WINDOWS\Installer{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}_294823.exe [2008-07-23 22:55:02 22486]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

–a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“E:\Counter-Strike 1.6\hl.exe”=

R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-07-11 14:05]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

        • ORPHANS REMOVED - - - -

HKCU-Run-wsctf.exe - wsctf.exe

MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\Winampa.exe

MSConfigStartUp-C6501Sound - c6501.cpl

.

------- Supplementary Scan -------

.

O8 -: Eksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 09:15:55

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-29 9:16:33

ComboFix-quarantined-files.txt 2008-07-29 07:16:22

Pre-Run: 4,914,151,424 bajtów wolnych

Post-Run: 4,921,667,584 bajtów wolnych

173

#10

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Podłącz telefon i:

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!