Jump to content
Sign in to follow this  
Followers 0
rizal

Pc Akak Saya Bermasalah!

By rizal, in Utiliti & Sekuriti

Recommended Posts

rizal    1

rizal
Posted (edited)

Buat masa ni, saya dah install nod32 dlm pc akak saya.Tapi ada beberapa simptom.

1)Ram yang didetect ialah 64 MB sahaja.sebenarnya RAM dia ialah 256 + 128 keping.cam na jadi camni?Virus ker?So, pc jd sgt lembab.

2)Tray cd rom asik ndak terbukak ajer walaupun dah cuba tutup ngan tangan lepaih tutup dia kuar balik.ampeh la.

3)WIndow task manager disabled.pelikla rasanya komp akaka sy administrator.bila masuk safe mode ada dua plak satu Administrator satu lagi akak saya punya .Kira dua akaun.Masa loading cam biasa x nampak pung akaun Administrator tuh.Bila check akaun akak ianya akaun administrator.Camna boleh ada 2 akaun?

Laptop abg ipar plak

1)Symantec antivirus asik detect ada banyak worm dlm laptop padahal nod 32 relaks aja cam x da apapung.Dah isap update dr internet pung still selamba xda apa2.Cuma symantec aja yg kecoh.Asik ada worm dlm mcm fail.

saya bg scan log hijack this.Tolong tengok yer..

Pc Akak Punya

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:31:53 PM, on 15-Apr-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\WINDOWS\RavMonE.exe

D:\Scansoft Omnipage SE 4\OpwareSE4.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\system32\rundll32.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

G:\ccsetup206.exe

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\ytb3.exe

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\GLB1B.tmp

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\TEMP\YCOMP_~1.EXE

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\GLB22.tmp

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\GLJ24.tmp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ali213.126.com/

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "D:\Scansoft Omnipage SE 4\OpwareSE4.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe

O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA0398D-CF1B-4AA2-A1F3-FF38BDC04BD2}: NameServer = 202.188.0.133,202.188.1.5

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

--

End of file - 4166 bytes

Laptop abg ipar punya

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:05:38 PM, on 4/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Eset\nod32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swisspac.com.my/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{68FCF0F2-6DA4-4153-9FEC-11AB8B15F642}: NameServer = 202.188.0.133 202.188.1.5

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--

End of file - 7956 bytes

Saya ucapkan terima kasih berbanyak...

Edited by rizal

Share this post

Link to post
Share on other sites

Hiruka    4

Hiruka
Posted

Buat masa ni, saya dah install nod32 dlm pc akak saya.Tapi ada beberapa simptom.

1)Ram yang didetect ialah 64 MB sahaja.sebenarnya RAM dia ialah 256 + 128 keping.cam na jadi camni?Virus ker?So, pc jd sgt lembab.

2)Tray cd rom asik ndak terbukak ajer walaupun dah cuba tutup ngan tangan lepaih tutup dia kuar balik.ampeh la.

3)WIndow task manager disabled.pelikla rasanya komp akaka sy administrator.bila masuk safe mode ada dua plak satu Administrator satu lagi akak saya punya .Kira dua akaun.Masa loading cam biasa x nampak pung akaun Administrator tuh.Bila check akaun akak ianya akaun administrator.Camna boleh ada 2 akaun?

Laptop abg ipar plak

1)Symantec antivirus asik detect ada banyak worm dlm laptop padahal nod 32 relaks aja cam x da apapung. Dah isap update dr internet pung still selamba xda apa2.Cuma symantec aja yg kecoh.Asik ada worm dlm mcm fail.

1. Cuba try bukak notebook tu. cabut, bersihkan gold plate RAM tu guna pemadam. pasang blik try boot. pastikan msuk btul².

2. Klik start > run > dxdiag. cek jumlah RAM. klu tepat kira ok.

3. Window task manager disable ader 2 kemungkinan. 1st, technician setting (klu die sengal la)..2nd, Virus attack. Cara nk retrieve task manager guna internal setting: Start > Run > taip gpedit.msc > Admin template > System > CTRL+ALT+DEL option > Remove Task Manager > tick Disable > apply & OK.

Administrator account pada safe mode adalah normal. Bukan virus ke ape. itu mmg khas untuk system admin, contoh jika lost user password leh msuk safe mode ikut situ retrieve/tukar password.

4. Aku sarankn ko donlod antispyware nih. SUPERantispyware yg free je. Lepas install run system scan. Delete yg mane dier detect. pastu reboot.

5. Klu masih ade probs, aku rase better ko buat system fix guna windows XP CD. Jgn ko tersalah msuk format lak. Nangis nnti :lol:

6. Symantec Antivirus aku tak baper suka. System load berat. Klu takat memory 1GB kebawah. mmg cam siput pc..tukarla kepada Antivirus lain cam Bitdefender Pro/Plus/2008 or Kapersky or ESET Nod32..ni rank bagus nyer software..klu tak update serupa gak :P

So papehal report lepas wat sumer nih..tgk amacam system ko.. ^_^

Share this post

Link to post
Share on other sites

BasicCX    27

BasicCX
Posted

Buat masa ni, saya dah install nod32 dlm pc akak saya.Tapi ada beberapa simptom.

1)Ram yang didetect ialah 64 MB sahaja.sebenarnya RAM dia ialah 256 + 128 keping.cam na jadi camni?Virus ker?So, pc jd sgt lembab.

2)Tray cd rom asik ndak terbukak ajer walaupun dah cuba tutup ngan tangan lepaih tutup dia kuar balik.ampeh la.

3)WIndow task manager disabled.pelikla rasanya komp akaka sy administrator.bila masuk safe mode ada dua plak satu Administrator satu lagi akak saya punya .Kira dua akaun.Masa loading cam biasa x nampak pung akaun Administrator tuh.Bila check akaun akak ianya akaun administrator.Camna boleh ada 2 akaun?

Laptop abg ipar plak

1)Symantec antivirus asik detect ada banyak worm dlm laptop padahal nod 32 relaks aja cam x da apapung.Dah isap update dr internet pung still selamba xda apa2.Cuma symantec aja yg kecoh.Asik ada worm dlm mcm fail.

RAM ni masa mula-mula install & sebelum perkara ni berlaku memang detect betul 384 MB atau tidak? Kalau tidak kemungkinan RAM tersebut adalah high-density RAM. Sila gunakan RAM jenis low-density.

Berikut terdapat dua jenis TROJAN di dalam komputer kakak ko iaitu RVHOST & RAVMONE:

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\RavMonE.exe

C:\WINDOWS\system32\RVHOST.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ali213.126.com/

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe

O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe

O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Laptop abang ipar kau OK. NOD32, keupayaan mengesan memang telah disetkan supaya tidak terlalu sensitif. Maka, seperti yg anda katakan anda, WORM biasanya masuk PC anda melalui installatasi toolbar, shareware, freeware program ke dalam PC.

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

Hello...

Pc Akak Punya

1. Download Flash_Disinfector oleh sUBs dan run.. Pastikan attach sekali pendrive yang selalu digunakan kat PC tu..

2. Carik dan delete file nih

C:\WINDOWS\system32\RVHOST.exe
C:\WINDOWS\RavMonE.exe
G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe

3. Fix entry nih dalam HijackThis

F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe

O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe

O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

4. Download ATF Cleaner oleh Atribune. Tandakan semua yg ko rasa patut dan run.

5. Restart PC.. Download Deckard System Scanner.. dan run.. Yes atau Ok kan ajer ape-ape pop-up..

Nanti ada dua log (main.txt dan extra.txt) pos kan dua-dua sekali log dia kat sini...

Laptop abg ipar punya

1. Ada dua antivirus.. Norton dan NOD32... uninstall salah satu dari dua-dua tu..

2. Download Deckard System Scanner.. dan run.. Yes atau Ok kan ajer ape-ape pop-up..

Nanti ada dua log (main.txt dan extra.txt) pos kan dua-dua sekali log dia kat sini...

3. Buat online scan dengan Kaspersky WebScanner

  • Install dia punya ActiveX

Kat scan setting, select nih

  • Scan using the following Anti-Virus database: Extended

Scan Options: Scan Archives dan Scan Mail Bases

Kat "select a target to scan": pilih My Computer

Kemudian post kan semua log kat sini.. Edited by baok

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

Rizal.. yg hijackthis akak punya pc tu log lama bukan baru

dan saya mintak dss log bukannya hijackthis

ok..yg pc abang ipar tu baru format ker 28/3 aritu. log nampak ok pada aku. tapi abang ipar kau ada 2 antivirus dan 2 firewall

antivirus tu Symantec dan ESET manakala firewall pulak Symantec dan Comodo.

jangan dengar kata orang yg ada banyak firewall dan antivirus tu bagus. diorang tak tau apa-apa sebenarnya. buang satu antivirus dan satu firewall.

aku cadangkan ko buang Symantec/Norton dan tinggalkan ESET dan Comodo dalam pc abg ipar ko.

dan postkan kaspersky online kat sini

atau lebih baik lagi.. masuk laman web nih dan pilih mana-mana forum yg tertera kt belah kiri website tu..

http://asap.maddoktor2.com/

Edited by baok

Share this post

Link to post
Share on other sites

Ku2_BiO_X    0

Ku2_BiO_X
Posted

3)WIndow task manager disabled.pelikla rasanya komp akaka sy administrator.bila masuk safe mode ada dua plak satu Administrator satu lagi akak saya punya .Kira dua akaun.Masa loading cam biasa x nampak pung akaun Administrator tuh.Bila check akaun akak ianya akaun administrator.Camna boleh ada 2 akaun?

Laptop abg ipar plak

1)Symantec antivirus asik detect ada banyak worm dlm laptop padahal nod 32 relaks aja cam x da apapung.Dah isap update dr internet pung still selamba xda apa2.Cuma symantec aja yg kecoh.Asik ada worm dlm mcm fail.

pasal akaun Administrator tu, benda tu mmg camtu...kalau nak selamat, letak password kat akaun Admin tu..kalau x, org lain leh masuk sesuka ati jer..

pasal laptop abg ipar ko, aku dulu guna norton jugak...tiap kali scan mesti ade worm, pastu tak boleh delete...aku pun x faham; skrg ni guna KIS7..

biasanya kalau ko nak bersihkan virus RVHOST.exe, ko kena delete sekali file dia kat system32 tu, kalau tak, ko restart nanti dia ada balik...

mula2 sekali buang source dia, than baru repair benda2 lain contohnya task man, regedit dll...

Share this post

Link to post
Share on other sites

mfaizul89    3

mfaizul89
Posted

camna ndak buang symantec?sy dah uninstall, tapi sebahagian file dia masih ada.

tulah salah satu problm symantec...

aku pun x tahu cam ner nak wat...

klau dah uninstall, ttp ada jgak, folder pun delete x bleh... adeh...

ok, sy dah wat apa yg korang siruh, cuma bab scanning guna kapersky aja belum sempat

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\WINDOWS\RavMonE.exe

C:\WINDOWS\system32\RVHOST.exe

C:\WINDOWS\system32\rundll32.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

G:\NOD32 Antivirus Software 2.70.32 + fix\NOD32 Antivirus Software 2.70.32 + fix.exe

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\ytb3.exe

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\GLB1B.tmp

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\TEMP\YCOMP_~1.EXE

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\GLB22.tmp

C:\DOCUME~1\RIZAL~1.RIZ\LOCALS~1\Temp\GLJ24.tmp

O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe

--

End of file - 4166 bytes

hijack this abg ipar sy

F:\dss.exe

--

adeh... ko nak pkai kaspersky plak dah....

nie je yg aku nampak...

Share this post

Link to post
Share on other sites

rizal    1

rizal
Posted

waaa....

kener pakai balik symantec kot .laptop abg ipar sy 2 gb.

eh, kapersky =nod32? sy ndak install nod32 pasal boleh transfer update nod32 ke pc aka yg pakai nod 32 gak.cuma pc akak xda internet.skang sedang google how to remove symantec.

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

@mfaiz

cuba tengok betul2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:31:53 PM, on 15-Apr-08

tengok kat pos no.1 dan pos no.6.. sama tak???

F:\dss.exe tu Deckard System Scanner yg di run dari F:\

dah banyak kali aku cakap.. pergi belajar HijackThis kat tempat yang sepatutnya.. bukan buat tekaan liar semata-mata...

nak buang Symantec kene pakai Norton Removal Tool.. pergi kat laman web di bawah,.,

http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Share this post

Link to post
Share on other sites

mfaizul89    3

mfaizul89
Posted

@mfaiz

cuba tengok betul2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:31:53 PM, on 15-Apr-08

tengok kat pos no.1 dan pos no.6.. sama tak???

F:\dss.exe tu Deckard System Scanner yg di run dari F:\

oopsss.... sorry!

aku x tengok btol2... aku just tengok yg saspen jerk... sory ek... thanks!

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

oopsss.... sorry!

aku x tengok btol2... aku just tengok yg saspen jerk... sory ek... thanks!

don't worry.. we all learn from our mistakes :)

Share this post

Link to post
Share on other sites

mfaizul89    3

mfaizul89
Posted

don't worry.. we all learn from our mistakes :)

yaa... thats right...

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...