Hama_kecil 0 Report post Posted May 11, 2007 maaf,Tetiba ajer pc tak boleh nak masuk kemsconfig, regeditbila end task keluartask manager has beendisable by your administrator.dah cuba emergencuutils.exetapi nampak masih tak berjayaapa yang perlu saya lakukan..tolong bantu saya Quote Share this post Link to post Share on other sites
civ3 9 Report post Posted May 11, 2007 Regedit:cuba scan pc tu dengan mana² antivirus.kalau bukan disebabkan virus, boleh cuba bawah ni:cuba download (save as) REG fix. lepas download, double klik pada REG fix tu.ataupergi run > taipkan gpedit.msc dan klik ok > pergi user configuration > Administrative Templates > System > Ctrl+Alt+Delete Options > Remove Task Manager > double klik pada option Remove Task Manager > setkan policy kepada Not Configuredatau1) download http://www.resplendence.com/download/rrtri.exe dan install2) lepas install pergi ke entri bawah ni:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System3) cari DisableRegistryTools dalam entri yang aku bagi tu4) double click pada DisableRegistryTools tersebut dan tukar value dari 1 kepada 0 kemudian cuba buka pergi run dan taipkan regedit dan lihat hasilnya.... ni:Sila rujuk topik² lama regedit have been disabled by administrator menerusi link² bawah ini. Dan lain kali sebelum buka apa² topik sila search topik² lama dengan menggunakan fungsi search.http://forum.putera.com/tanya/index.php?show...t+administratorhttp://forum.putera.com/tanya/index.php?show...t+administratorhttp://forum.putera.com/tanya/index.php?show...t+administratorhttp://forum.putera.com/tanya/index.php?show...t+administratorhttp://forum.putera.com/tanya/index.php?show...t+administratorhttp://forum.putera.com/tanya/index.php?show...t+administratorhttp://forum.putera.com/tanya/index.php?show...t+administratorTask Manager:cuba pergi start menu > run > taipkan gpedit.msc dan enter > klik pada Administrative Templates > klik system > klik Ctrl+Alt+Delete Options > pilih remove task manager > double klik pada remove task manager group > setkan policy kepada not configured > restart pc untuk lihat ada effect atau tidakatau bukak regedit, navigate ke keyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Systemdouble clik kat "DisableTaskMgr" valuename (kalau ada), pastu tukar 1 jadi 0 (kosong). kemudian, restart pc untuk lihat ada effect atau tidak Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 11, 2007 Regedit:Task Manager:maaf krn bukak topik barutapi maslah nyer setiap kali sayaguna kaedah yang di berikanmasalah tetap timbulkaedah pertama reg. fixsetelah dloadbuat seperti yang diarahkantapi keluar box tapi hanya sekejap ajerbegitujuga utk pergi ke regedithanya keluar box sekejap ajerlepas tu tertutup sendiriguna kaedah 2 gpeditsemua setting not configured telah disetkan tolong bantu saya Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 11, 2007 post log HijackThis kat sini.Download: http://www.spywareinfo.com/~merijn/programs.php#hijackthistapi kalau HijackThis ni tertutup sendiri gak, kemungkinan besar ada virus la tu. Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 12, 2007 post log HijackThis kat sini.Download: http://www.spywareinfo.com/~merijn/programs.php#hijackthistapi kalau HijackThis ni tertutup sendiri gak, kemungkinan besar ada virus la tu.2 antivirus dah cubaspyware terminator dah jumpadadan dah removekaedah yang ketiga seperti yang diberi iaitudownload http: //www.resplendence.com/download/rrtri.exe dan installdah cuba tapidiolog box tertutup sendiribuat pegetahuanguna bitdefender seblum nieingat firewall problemso buang antivirus tusaki bakinyer tak boleh deletewrite protectedperlukan bantuan lagitq Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted May 12, 2007 puteri.com, ko buat cam joetbg_x cakap, donlod hijackThis, scan, paste lognyer sini.. Quote Share this post Link to post Share on other sites
webweb 0 Report post Posted May 12, 2007 pergi kat run dan copy paste benda-benda niuntuk enable registry editorREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f untuk enable task manager REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fokey now sepatutnya kau dah boleh run registry editor dan taskmanager. Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 12, 2007 (edited) puteri.com, ko buat cam joetbg_x cakap, donlod hijackThis, scan, paste lognyer sini..Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 1:03:24 PM, on 5/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\RVHOST.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Softwin\BitDefender10\bdagent.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RVHOST.exeC:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\CAPRPCSK.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\user\My Documents\HiJackThis_v2.exeF2 - REG:system.ini: Shell=Explorer.exe RVHOST.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /regO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exeO4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{F24ABCF0-D715-4E43-B096-A2D3CBE8FCB7}: NameServer = 202.188.0.132,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe--End of file - 5315 bytesnie log diafix checkedperlu tick kat box manatolong bantu sayatq Edited May 12, 2007 by puteri.com Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 12, 2007 [quote1) download http://www.resplendence.com/download/rrtri.exe dan install2) lepas install pergi ke entri bawah ni:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System3) cari DisableRegistryTools dalam entri yang aku bagi tu4) double click pada DisableRegistryTools tersebut dan tukar value dari 1 kepada 0 kemudian cuba buka pergi run dan taipkan regedit dan lihat hasilnya.... ni: Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted May 12, 2007 (edited) mule2, ko donlod nih dan runkan bende nih(double click)..pastu ko donlod hijackThis nih dan runkannye..hijackThis yg trend micro tuh beta version, ade kes false positive..pas ko jlnkan hijackThis tuh, tandakan kotak entri2 nih dan tekan butang Fix checked..F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')pastu ko scan skali lg dan paste log baru sini.. Edited May 13, 2007 by johnburn Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 15, 2007 mule2, ko donlod nih dan runkan bende nih(double click)..pastu ko donlod hijackThis nih dan runkannye..hijackThis yg trend micro tuh beta version, ade kes false positive..pas ko jlnkan hijackThis tuh, tandakan kotak entri2 nih dan tekan butang Fix checked..F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')pastu ko scan skali lg dan paste log baru sini..log terbaruLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 3:26:23 PM, on 5/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CAPRPCSK.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEC:\WINDOWS\system32\RVHOST.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RVHOST.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\user\My Documents\HiJackThis_v2.exeC:\Documents and Settings\user\My Documents\hijackthis_sfx.exeC:\Documents and Settings\user\My Documents\hijackthis_sfx.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{F24ABCF0-D715-4E43-B096-A2D3CBE8FCB7}: NameServer = 202.188.0.132,202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 4296 bytesdi ambil hijack from micro trendsbab download yg baru diberikan3 perkara tidak disenaraikan Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted May 15, 2007 Masalah RVHOST ko tak settle lg..Cube ko copy dan pastekan bende nih dlm notepad dan savekan sebagai fix.battaskkill /IM RVHOST.exe /f attrib -s -h -r %systemroot%\system32\RVHOST.exe del %systemroot%\system32\RVHOST.exe /f reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /fPastu ko double click ape yg ko save tadi..Ape maksud ko ngan tiga perkara tak disenaraikan? Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 16, 2007 Masalah RVHOST ko tak settle lg..Cube ko copy dan pastekan bende nih dlm notepad dan savekan sebagai fix.battaskkill /IM RVHOST.exe /f attrib -s -h -r %systemroot%\system32\RVHOST.exe del %systemroot%\system32\RVHOST.exe /f reg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /fPastu ko double click ape yg ko save tadi..Ape maksud ko ngan tiga perkara tak disenaraikan?alhamdulillah..akhirnyaer dah berjayamasuk ke regedit, msconfig, dan task managercuma kuatir masalah timbul semula3 perkara yang telah anda senarai kanO4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE'hairan juga virus detectedfrom cybertech blaa- blaatak faham sanagt terusremoveapapun tqdengan semua bantuan anda Quote Share this post Link to post Share on other sites
MalaysianSecurityForce 0 Report post Posted May 16, 2007 Topik perbincangan ini ditutup kerana perbincangan telah tamat atau persoalan telah diselesaikan. Harap maklum. Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 23, 2007 seperti yang dijangkakanmasalah timbul semulamsconfig, task manager dan regedit open dialogtak timbulMasalah RVHOST ko tak settle lg..Cube ko copy dan pastekan bende nih dlm notepad dan savekan sebagai fix.batCODEtaskkill /IM RVHOST.exe /fattrib -s -h -r %systemroot%\system32\RVHOST.exedel %systemroot%\system32\RVHOST.exe /freg delete "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /fdah cuba kaedah yang Johnburn berikancuma nak save as dia hanya ada .txtmohon bantuan semula Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 23, 2007 masa save kat Notepad tu, pilih Save As. pastu kat Save as type, pilih All Files. kat File name plak buh fix.bat Quote Share this post Link to post Share on other sites
kutak 0 Report post Posted May 23, 2007 puteri.com, aku rasa pc ko tu dah terkena brontok variant 32m.b first cadangan aku ..aku assume hang pakai winxp pegi pada system restore, restore hang punyer pc pada restore point yang hang rasa belum kena virus tuor aku cadangkan ..hang cabut hdd tu ..then jadikan dia sebagai slave.masukkan ke dalam pc yang ok ...gunakan antivirus and cleanup hdd yang di jadikkan slave tu ...dapatkan beberapa utilities yang member sarankan seperti registry cleanup, brontok removal,hijakthis.exe,killvb, download and save dalam hang punyer folder dalam slave hdd tu, kendian cabut hdd tu ...masuk balik ke dalam pc yang asal ..masa boot tu ...tekan f8 ..go save mode, ok hang remove at1 dan at2 pada schdule taks, kendian ..guna kan tools seperti brontok removal tu, untuk bersihkan ..dah settel guna kan killvb untuk stop variant tu, removed and file yang ada kene mengena dengan brontok tu dah selesai ..reboot pc ..insyaallah everthing going fun ..tapi paling berkesan ..hang guna cara pertama ..lepas tu update av..and scan .. Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 23, 2007 masa save kat Notepad tu, pilih Save As. pastu kat Save as type, pilih All Files. kat File name plak buh fix.bat Trojan/W32.ShipUp : C:\WINDOWS\ldup.exe Trojan/W32.ShipUp : C:\Documents and Settings\user\Templates\ldup.exeselepas scan yang terkini keluarvirus seperti di atas.seperti yang diarahkan save file dan namakan fix.batkemudian double klik file tersebut..apa langkah seterusnya...tolong bantu saya.. Quote Share this post Link to post Share on other sites
PinguSpy 3 Report post Posted May 23, 2007 macam mane kalo korang x bleh gune mouse aka mau tarik keseluruhan icon ..?? bile di block?heher... Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted May 24, 2007 Trojan/W32.ShipUp : C:\WINDOWS\ldup.exe Trojan/W32.ShipUp : C:\Documents and Settings\user\Templates\ldup.exeselepas scan yang terkini keluarvirus seperti di atas.seperti yang diarahkan save file dan namakan fix.batkemudian double klik file tersebut..apa langkah seterusnya...tolong bantu saya..Tu virus lain lak tu..Ko pakai av aper? Apesal dier leh detect jer tp tak buang virus tuh..Per2 pon, virusnih dah lame, so cube ko update dulu av ko dan buat full scan dlm Safe mode..Lepas siap scan, logon cam biase balik dan scan pakai hijackThis dan paste lognye sini..*************************Apesal virus minat sangat masuk PC ko nih.. Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 24, 2007 Tu virus lain lak tu..Ko pakai av aper? Apesal dier leh detect jer tp tak buang virus tuh..Per2 pon, virusnih dah lame, so cube ko update dulu av ko dan buat full scan dlm Safe mode..Lepas siap scan, logon cam biase balik dan scan pakai hijackThis dan paste lognye sini..*************************Apesal virus minat sangat masuk PC ko nih.. guna spyware terminatorsemalam dah cuba save fix.batdah cantik dah...pc ok macam biasatapi paginie pulakjadi semulaah .. ah la virus berkenan kat pc nie nak kata cantik tak lah pulakhitam legam berkilat Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted May 24, 2007 guna spyware terminatorsemalam dah cuba save fix.batdah cantik dah...pc ok macam biasatapi paginie pulakjadi semulaah .. ah la virus berkenan kat pc nie nak kata cantik tak lah pulakhitam legam berkilat Yg batch yg aku bg memule tuh bukan tuk virus baru nih, so kalo masih takleh, cam aku ckp td, pakai hijackTHis dan paste log sni.. Quote Share this post Link to post Share on other sites
Hama_kecil 0 Report post Posted May 24, 2007 Yg batch yg aku bg memule tuh bukan tuk virus baru nih, so kalo masih takleh, cam aku ckp td, pakai hijackTHis dan paste log sni..Logfile of HijackThis v1.99.1Scan saved at 11:10:43 AM, on 5/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Spyware Terminator\SpywareTerminatorShield.exeC:\WINDOWS\system32\CAPRPCSK.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Spyware Terminator\sp_rsser.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Spyware Terminator\SpywareTerminator.exeC:\Program Files\WinClamAVShield\sp_clamsrv.exeC:\Documents and Settings\user\My Documents\HiJackThis_v2.exeC:\Program Files\HijackThis\HijackThis.exeF2 - REG:system.ini: Shell=Explorer.exe RVHOST.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dllO3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: Crawler Search - tbr:iemenuO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{F24ABCF0-D715-4E43-B096-A2D3CBE8FCB7}: NameServer = 202.188.0.132,202.188.1.5O18 - Protocol: msnim - (no CLSID) - (no file)O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dllO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exeini log terbaru Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted May 24, 2007 Logfile of HijackThis v1.99.1Scan saved at 11:10:43 AM, on 5/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exe.......1. Pergi ke Add or Remove Programs(Start >> Control Panel >> Add or Remove Programs)2. Uninstall CToolbar atau Crawler Toolbar3. Jalankan hijackThis dan tandakan kotak entri2 berikut dan tekan "Fix checked"F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Crawler Search - tbr:iemenu O18 - Protocol: msnim - (no CLSID) - (no file) O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll4. Restart PC dan scan dan past log hijackThis yg baru.. Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted May 24, 2007 Per2 pon, virusnih dah lame, so cube ko update dulu av ko dan buat full scan dlm Safe mode..scan dlm Safe Mode ni mmg aku pun cadangkan sangat. kebanyakkan virus ni x aktif masa boot dlm Safe Mode. bila scan nanti, senang je nak delete virus tu. Quote Share this post Link to post Share on other sites