Jump to content
Sign in to follow this  
Followers 0
Hama_kecil

Msconfig, Regedit, Dan Task Manager

By Hama_kecil, in Utiliti & Sekuriti

Recommended Posts

Hama_kecil    0

Hama_kecil
Posted

maaf,

Tetiba ajer pc tak boleh nak masuk ke

msconfig, regedit

bila end task

keluar

task manager has been

disable by your administrator.

dah cuba emergencuutils.exe

tapi nampak masih tak berjaya

apa yang perlu saya lakukan..

tolong bantu saya

Share this post

Link to post
Share on other sites

civ3    9

civ3
Posted

Regedit:

cuba scan pc tu dengan mana² antivirus.

kalau bukan disebabkan virus, boleh cuba bawah ni:

cuba download (save as) REG fix. lepas download, double klik pada REG fix tu.

atau

pergi run > taipkan gpedit.msc dan klik ok > pergi user configuration > Administrative Templates > System > Ctrl+Alt+Delete Options > Remove Task Manager > double klik pada option Remove Task Manager > setkan policy kepada Not Configured

atau

1) download http://www.resplendence.com/download/rrtri.exe dan install

2) lepas install pergi ke entri bawah ni:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

3) cari DisableRegistryTools dalam entri yang aku bagi tu

4) double click pada DisableRegistryTools tersebut dan tukar value dari 1 kepada 0 kemudian cuba buka pergi run dan taipkan regedit dan lihat hasilnya.... ni:

Sila rujuk topik² lama regedit have been disabled by administrator menerusi link² bawah ini. Dan lain kali sebelum buka apa² topik sila search topik² lama dengan menggunakan fungsi search.

http://forum.putera.com/tanya/index.php?show...t+administrator

http://forum.putera.com/tanya/index.php?show...t+administrator

http://forum.putera.com/tanya/index.php?show...t+administrator

http://forum.putera.com/tanya/index.php?show...t+administrator

http://forum.putera.com/tanya/index.php?show...t+administrator

http://forum.putera.com/tanya/index.php?show...t+administrator

http://forum.putera.com/tanya/index.php?show...t+administrator

Task Manager:

cuba pergi start menu > run > taipkan gpedit.msc dan enter > klik pada Administrative Templates > klik system > klik Ctrl+Alt+Delete Options > pilih remove task manager > double klik pada remove task manager group > setkan policy kepada not configured > restart pc untuk lihat ada effect atau tidak

atau bukak regedit, navigate ke key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

double clik kat "DisableTaskMgr" valuename (kalau ada), pastu tukar 1 jadi 0 (kosong). kemudian, restart pc untuk lihat ada effect atau tidak

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

Regedit:

Task Manager:

maaf krn bukak topik baru

tapi maslah nyer setiap kali saya

guna kaedah yang di berikan

masalah tetap timbul

kaedah pertama reg. fix

setelah dload

buat seperti yang diarahkan

tapi keluar box tapi hanya sekejap ajer

begitujuga utk pergi ke regedit

hanya keluar box sekejap ajer

lepas tu tertutup sendiri

guna kaedah 2 gpedit

semua setting not configured telah disetkan

tolong bantu saya

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

post log HijackThis kat sini.

Download: http://www.spywareinfo.com/~merijn/programs.php#hijackthis

tapi kalau HijackThis ni tertutup sendiri gak, kemungkinan besar ada virus la tu.

2 antivirus dah cuba

spyware terminator dah jumpada

dan dah remove

kaedah yang ketiga seperti yang diberi iaitu

download http: //www.resplendence.com/download/rrtri.exe dan install

dah cuba tapi

diolog box tertutup sendiri

buat pegetahuan

guna bitdefender seblum nie

ingat firewall problem

so buang antivirus tu

saki bakinyer tak boleh delete

write protected

perlukan bantuan lagi

tq

Share this post

Link to post
Share on other sites

webweb    0

webweb
Posted

pergi kat run dan copy paste benda-benda ni

untuk enable registry editor

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
untuk enable task manager 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

okey now sepatutnya kau dah boleh run registry editor dan taskmanager.

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted (edited)

puteri.com, ko buat cam joetbg_x cakap, donlod hijackThis, scan, paste lognyer sini..

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:03:24 PM, on 5/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RVHOST.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\CAPRPCSK.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\user\My Documents\HiJackThis_v2.exe

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F24ABCF0-D715-4E43-B096-A2D3CBE8FCB7}: NameServer = 202.188.0.132,202.188.1.5

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--

End of file - 5315 bytes

nie log dia

fix checked

perlu tick kat box mana

tolong bantu saya

tq

Edited by puteri.com

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

[quote1) download http://www.resplendence.com/download/rrtri.exe dan install

2) lepas install pergi ke entri bawah ni:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

3) cari DisableRegistryTools dalam entri yang aku bagi tu

4) double click pada DisableRegistryTools tersebut dan tukar value dari 1 kepada 0 kemudian cuba buka pergi run dan taipkan regedit dan lihat hasilnya.... ni:

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted (edited)

mule2, ko donlod nih dan runkan bende nih(double click)..

pastu ko donlod hijackThis nih dan runkannye..

hijackThis yg trend micro tuh beta version, ade kes false positive..

pas ko jlnkan hijackThis tuh, tandakan kotak entri2 nih dan tekan butang Fix checked..

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')

pastu ko scan skali lg dan paste log baru sini..

Edited by johnburn

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

mule2, ko donlod nih dan runkan bende nih(double click)..

pastu ko donlod hijackThis nih dan runkannye..

hijackThis yg trend micro tuh beta version, ade kes false positive..

pas ko jlnkan hijackThis tuh, tandakan kotak entri2 nih dan tekan butang Fix checked..

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')

pastu ko scan skali lg dan paste log baru sini..

log terbaru

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 3:26:23 PM, on 5/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\CAPRPCSK.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RVHOST.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\user\My Documents\HiJackThis_v2.exe

C:\Documents and Settings\user\My Documents\hijackthis_sfx.exe

C:\Documents and Settings\user\My Documents\hijackthis_sfx.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F24ABCF0-D715-4E43-B096-A2D3CBE8FCB7}: NameServer = 202.188.0.132,202.188.1.5

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 4296 bytes

di ambil hijack from micro trend

sbab download yg baru diberikan

3 perkara tidak disenaraikan

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

Masalah RVHOST ko tak settle lg..

Cube ko copy dan pastekan bende nih dlm notepad dan savekan sebagai fix.bat

taskkill /IM RVHOST.exe /f
attrib -s -h -r %systemroot%\system32\RVHOST.exe
del %systemroot%\system32\RVHOST.exe /f
reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /f

Pastu ko double click ape yg ko save tadi..

Ape maksud ko ngan tiga perkara tak disenaraikan?

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

Masalah RVHOST ko tak settle lg..

Cube ko copy dan pastekan bende nih dlm notepad dan savekan sebagai fix.bat

taskkill /IM RVHOST.exe /f
attrib -s -h -r %systemroot%\system32\RVHOST.exe
del %systemroot%\system32\RVHOST.exe /f
reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /f

Pastu ko double click ape yg ko save tadi..

Ape maksud ko ngan tiga perkara tak disenaraikan?

alhamdulillah..

akhirnyaer dah berjaya

masuk ke regedit, msconfig, dan task manager

cuma kuatir masalah timbul semula

3 perkara yang telah anda senarai kan

O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE'

hairan juga virus detected

from cybertech blaa- blaa

tak faham sanagt terus

remove

apapun tq

dengan semua bantuan anda

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

seperti yang dijangkakan

masalah timbul semula

msconfig, task manager dan regedit

open dialog

tak timbul

Masalah RVHOST ko tak settle lg..

Cube ko copy dan pastekan bende nih dlm notepad dan savekan sebagai fix.bat

CODE

taskkill /IM RVHOST.exe /f

attrib -s -h -r %systemroot%\system32\RVHOST.exe

del %systemroot%\system32\RVHOST.exe /f

reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /f

dah cuba kaedah yang Johnburn berikan

cuma nak save as dia hanya ada .txt

mohon bantuan semula

Share this post

Link to post
Share on other sites

kutak    0

kutak
Posted

puteri.com,

aku rasa pc ko tu dah terkena brontok variant 32m.b

first cadangan aku ..aku assume hang pakai winxp

pegi pada system restore, restore hang punyer pc pada restore point yang hang rasa belum kena virus tu

or

aku cadangkan ..hang cabut hdd tu ..then jadikan dia sebagai slave.masukkan ke dalam pc yang ok ...gunakan antivirus and cleanup hdd yang di jadikkan slave tu ...dapatkan beberapa utilities yang member sarankan seperti registry cleanup, brontok removal,hijakthis.exe,killvb, download and save dalam hang punyer folder dalam slave hdd tu,

kendian cabut hdd tu ...masuk balik ke dalam pc yang asal ..masa boot tu ...tekan f8 ..go save mode, ok hang remove at1 dan at2 pada schdule taks, kendian ..guna kan tools seperti brontok removal tu, untuk bersihkan ..dah settel guna kan killvb untuk stop variant tu, removed and file yang ada kene mengena dengan brontok tu

dah selesai ..reboot pc ..insyaallah everthing going fun ..

tapi paling berkesan ..hang guna cara pertama ..lepas tu update av..and scan ..

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

masa save kat Notepad tu, pilih Save As. pastu kat Save as type, pilih All Files. kat File name plak buh fix.bat

Trojan/W32.ShipUp : C:\WINDOWS\ldup.exe

Trojan/W32.ShipUp : C:\Documents and Settings\user\Templates\ldup.exe

selepas scan yang terkini keluar

virus seperti di atas.

seperti yang diarahkan save file dan namakan fix.bat

kemudian double klik file tersebut..

apa langkah seterusnya...

tolong bantu saya..

Share this post

Link to post
Share on other sites

PinguSpy    3

PinguSpy
Posted

macam mane kalo korang x bleh gune mouse aka mau tarik keseluruhan icon ..?? bile di block?

heher...

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

Trojan/W32.ShipUp : C:\WINDOWS\ldup.exe

Trojan/W32.ShipUp : C:\Documents and Settings\user\Templates\ldup.exe

selepas scan yang terkini keluar

virus seperti di atas.

seperti yang diarahkan save file dan namakan fix.bat

kemudian double klik file tersebut..

apa langkah seterusnya...

tolong bantu saya..

Tu virus lain lak tu..

Ko pakai av aper? Apesal dier leh detect jer tp tak buang virus tuh..

Per2 pon, virusnih dah lame, so cube ko update dulu av ko dan buat full scan dlm Safe mode..

Lepas siap scan, logon cam biase balik dan scan pakai hijackThis dan paste lognye sini..

*************************

Apesal virus minat sangat masuk PC ko nih.. :lol:

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

Tu virus lain lak tu..

Ko pakai av aper? Apesal dier leh detect jer tp tak buang virus tuh..

Per2 pon, virusnih dah lame, so cube ko update dulu av ko dan buat full scan dlm Safe mode..

Lepas siap scan, logon cam biase balik dan scan pakai hijackThis dan paste lognye sini..

*************************

Apesal virus minat sangat masuk PC ko nih.. :lol:

guna spyware terminator

semalam dah cuba save fix.bat

dah cantik dah...

pc ok macam biasa

tapi paginie pulak

jadi semula

ah .. ah la virus berkenan kat pc nie

nak kata cantik tak lah pulak

hitam legam berkilat

:rolleyes::wacko:

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

guna spyware terminator

semalam dah cuba save fix.bat

dah cantik dah...

pc ok macam biasa

tapi paginie pulak

jadi semula

ah .. ah la virus berkenan kat pc nie

nak kata cantik tak lah pulak

hitam legam berkilat

:rolleyes::wacko:

Yg batch yg aku bg memule tuh bukan tuk virus baru nih, so kalo masih takleh, cam aku ckp td, pakai hijackTHis dan paste log sni..

Share this post

Link to post
Share on other sites

Hama_kecil    0

Hama_kecil
Posted

Yg batch yg aku bg memule tuh bukan tuk virus baru nih, so kalo masih takleh, cam aku ckp td, pakai hijackTHis dan paste log sni..

Logfile of HijackThis v1.99.1

Scan saved at 11:10:43 AM, on 5/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\CAPRPCSK.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Spyware Terminator\SpywareTerminator.exe

C:\Program Files\WinClamAVShield\sp_clamsrv.exe

C:\Documents and Settings\user\My Documents\HiJackThis_v2.exe

C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F24ABCF0-D715-4E43-B096-A2D3CBE8FCB7}: NameServer = 202.188.0.132,202.188.1.5

O18 - Protocol: msnim - (no CLSID) - (no file)

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

ini log terbaru

Share this post

Link to post
Share on other sites

johnburn    6

johnburn
Posted

Logfile of HijackThis v1.99.1

Scan saved at 11:10:43 AM, on 5/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

.......

1. Pergi ke Add or Remove Programs(Start >> Control Panel >> Add or Remove Programs)

2. Uninstall CToolbar atau Crawler Toolbar

3. Jalankan hijackThis dan tandakan kotak entri2 berikut dan tekan "Fix checked"

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: msnim - (no CLSID) - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

4. Restart PC dan scan dan past log hijackThis yg baru..

Share this post

Link to post
Share on other sites

joetbg_x    0

joetbg_x
Posted

Per2 pon, virusnih dah lame, so cube ko update dulu av ko dan buat full scan dlm Safe mode..

scan dlm Safe Mode ni mmg aku pun cadangkan sangat. kebanyakkan virus ni x aktif masa boot dlm Safe Mode. bila scan nanti, senang je nak delete virus tu.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...