ApoKalypse 1 Report post Posted June 14, 2007 (edited) salam, bleh aku tau tak apakah benda yg dlm startup tu? aku dah delete sblm ni tp ada lg... location nya di C:\WINDOWS\netconfig.exe Edited June 16, 2007 by ApoKalypse Quote Share this post Link to post Share on other sites
Amer 0 Report post Posted June 14, 2007 cuba ko klik kanan kat netconfig tu dan tengok "Target" dia dlm Properties.. Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 14, 2007 target dia terus p ke C:\WINDOWS Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 14, 2007 kemungkinan NETCONF virus..Update AV dan buat full scan.. Quote Share this post Link to post Share on other sites
neutron 5 Report post Posted June 14, 2007 mcm virus je tu... ko dah cuba buat full scan ke? cuba scan dgn PAV... Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 14, 2007 erk,virus ke??? benda ni even aku dah del dia kat startup tp dia akan ada balik lepas aku restart pc.... aku pakai kaspersky... mmg dah update... Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted June 15, 2007 upload utk scan kat http://www.virustotal.com/ supaya lebih confirm. Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 15, 2007 er,nak upload apa tu??? Quote Share this post Link to post Share on other sites
joetbg_x 0 Report post Posted June 15, 2007 (edited) upload C:\WINDOWS\netconfig.exeklu ada scanner lain yg kata tu virus, post log HijackThis kat sini. Edited June 15, 2007 by joetbg_x Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 15, 2007 Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 9:35:10 AM, on 6/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\netcmd.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeD:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeD:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Program Files\uTorrent\uTorrent.exeD:\Program Files\Ufasoft\SocksChain\SocksChain.exeC:\Documents and Settings\Administrator\My Documents\Downloads\Programs\HiJackThis_v2.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Thunder Browser Helper - {0055C088-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dllO2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintrayO4 - HKCU\..\Run: [iDMan] "D:\Program Files\Internet Download Manager\IDMan.exe" /onbootO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')O4 - Global Startup: netconfig.lnk = C:\WINDOWS\netconfig.exeO8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{536CF224-6DEA-4D9B-B426-98DC5F3AD4E5}: NameServer = 202.188.0.133 202.188.1.5O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeO23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe--End of file - 7414 bytesmmg ada AV lain detect virus...ni HijackThis log aku baru check..AhnLab-V3 2007.6.12.2 06.14.2007 no virus foundAntiVir 7.4.0.32 06.14.2007 no virus foundAuthentium 4.93.8 06.15.2007 no virus foundAvast 4.7.997.0 06.14.2007 no virus foundAVG 7.5.0.467 06.14.2007 PSW.Generic3.PGJBitDefender 7.2 06.15.2007 no virus foundCAT-QuickHeal 9.00 06.14.2007 (Suspicious) - DNAScanClamAV devel-20070416 06.15.2007 no virus foundDrWeb 4.33 06.14.2007 no virus foundeSafe 7.0.15.0 06.14.2007 no virus foundeTrust-Vet 30.7.3719 06.14.2007 no virus foundEwido 4.0 06.14.2007 no virus foundFileAdvisor 1 06.15.2007 Low threat detectedFortinet 2.85.0.0 06.15.2007 PossibleThreatni result dari VirusTotal... Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 15, 2007 First, disable dulu protection SpySweeper sbb bleh ganggu hijackThis untuk remove entri2 bermasalah tu..Jlnkan hijackThis dan tandakan entri2 berikut:O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')O4 - Global Startup: netconfig.lnk = C:\WINDOWS\netconfig.exeO9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)Download ibprocmanJalankan aplikasi tersebut dan matikan process C:\WINDOWS\system32\netcmd.exe.Pergi ke C:\WINDOWS\ dan delete netconfig.exePergi ke C:\Windows\System32 dan delete netcmd.exeRestart Pc dan scan dngn hijackThis dan pastekan log baru.. Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 15, 2007 bro johnburn, ko pernah kena virus ni ke? bahaya tak virus ni? Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 15, 2007 bro johnburn, ko pernah kena virus ni ke? bahaya tak virus ni?Aku tak penah kene..Sori, arhn yg aku bg kat atas tu tak lengkap sbb aku nak cpt time tu.. Ni yg lengkap:First, disable dulu protection SpySweeper sbb bleh ganggu hijackThis untuk remove entri2 bermasalah tu..Jlnkan hijackThis dan tandakan entri2 berikut:O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')O4 - Global Startup: netconfig.lnk = C:\WINDOWS\netconfig.exeO9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)Tutup semua windows dan tekan butang 'Fix checked'Download ibprocmanJalankan aplikasi tersebut dan matikan process C:\WINDOWS\system32\netcmd.exe.Pergi ke C:\WINDOWS\ dan delete netconfig.exePergi ke C:\Windows\System32 dan delete netcmd.exeRestart Pc dan scan dngn hijackThis dan pastekan log baru.. Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 16, 2007 NETCONFIG.exe adalah Trojan, tgk site bwh ni:http://www.castlecops.com/s2432-netconfig.htmlhttp://www.tasklist.org/task_netconfig_exe_2213.htmlhttp://www.sysinfo.org/startuplist.php?let...&offset=150http://fileinfo.prevx.com/fileinfo.asp?PXC=f14a56108101*by the way,probs aku dah settle Quote Share this post Link to post Share on other sites
scorps 1 Report post Posted June 16, 2007 NETCONFIG.exe adalah Trojan, tgk site bwh ni:http://www.castlecops.com/s2432-netconfig.htmlhttp://www.tasklist.org/task_netconfig_exe_2213.htmlhttp://www.sysinfo.org/startuplist.php?let...&offset=150http://fileinfo.prevx.com/fileinfo.asp?PXC=f14a56108101*by the way,probs aku dah settle ApoKalypse, kenapa tak bagi je link nii http://forum.lowyat.net/topic/472932dah boleh tutup nii Quote Share this post Link to post Share on other sites
ApoKalypse 1 Report post Posted June 16, 2007 scorps, bleh ke kasi link tu? bukan satu kesalahan ke? sbb mcm 'inviter' je...*aku baru dlm forum ni so kena la jaga2...x salah kan aku tanya... Quote Share this post Link to post Share on other sites