Jump to content
Sign in to follow this  
Followers 0
zack037

Remove Trojan/spyware/virus Dalam System Folder

By zack037, in Utiliti & Sekuriti

Recommended Posts

zack037    0

zack037
Posted (edited)

Assalammualaikum,

Saya nak minta tolong sesangat kat sini, comp sy nie dijangkiti FraudWare @ atau virus yang mengatakan sistem dijangkiti spyware tapi sebenarnya tidak dan disuruh download program tertentu yang sebenarnya fraud.

Dah macam2 antivirus sy guna, Kaspersky, Norton 2008, Avira, AVG 8... jumpa infection

dalam c:/windows/system32/obghva.dll <--- file dijangkiti

c:/windows/system32/obghva32.dll <--- file dijangkiti

Pastu ada la menatang nie :

c:windows/system32/ph3obr3sc3lc.scr

c:windows/system32/ph3obr3sc3lc.exe

c:windows/system32/ph3obr3sc3lc.bmp

Semua tue didetect sebagai trojan downloader/fraudload.AKBE.

Dalam saya punya display properties lak, ada dua tab hilang.

yang tinggal themes, appearence, setting...

Saya pun dah guna spyware remover, ad adware, mcm2 lg la...

Setiap kali sy restart system.. benda tu sumer ada balik. Padahal sebelum restart, sy dah buang.

Lepas masuk system jek wallpaper jadi Your system infected by bla..bla..bla..bla please download bla..bla..blaa to remove it... tension sungguh.. saya dah google tp tak jumpa gak penyelesaiannye...

Saya tak tahu la kat mana dia menyorok program asal nie. asyik duplicate balik bila restart.

Tolonglah saya, kalau boleh saya xnak format komputer.. sbb susah kat tempat saya nie.

Lgpown byk kerja2 saya dalam komputer sy nie.

Minta tolong sangat2 kepada yang professional

Edited by zack037

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

Download >> Install >> Update >> Perform Full Scan >> Remove semua infection dengan Malwarebytes' Anti-Malware.. Nanti akan ada log keluar. Postkan log tu kat sini..

Kemudian, Download dan scan dengan OTViewIt oleh OldTimer..

  • Pastikan kotak bertulis Scan all Users dan Use Whitelist ditandakan
  • Pastikan kotak File Ages ditetapkan pada 30 Days
  • Tutup semua Windows dan tekan Run Scan
  • Nanti ada 2 log (OTViewIt.txt dan Extras.txt)
  • Uploadkan kedua-dua log tersebut pada laman web di bawah dan tunggu sehingga process upload itu lengkap

    http://www.easy-share.com/
Pada Download url: copy/paste link pada file url: di sini..

So, dalam next reply.. Sila postkan

1. Log Malwarebytes'

2. Link file url:

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted (edited)

Ok, saya akan cuba.

Tengah Scan...

Ok, dah siap scan nie log file dari Malwarebytes':

Malwarebytes' Anti-Malware 1.26

Database version: 1122

Windows 5.1.2600 Service Pack 2

9/7/2008 5:54:31 PM

mbam-log-2008-09-07 (17-54-31).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)

Objects scanned: 81545

Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 10

Registry Values Infected: 4

Registry Data Items Infected: 2

Folders Infected: 13

Files Infected: 40

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\blphc3aoj0e3b7.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\spox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolie.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{86dff136-77b4-472c-b3b3-dddee57ac1a1} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ea2a4962-9d7c-4912-82a6-4abc1655f003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7e61bb38-a952-40ba-98f0-0ad229658cb7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e61bb38-a952-40ba-98f0-0ad229658cb7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\rhc7aoj0e3b7 (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3aoj0e3b7 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\ScanSpyware v3.7 (Rogue.ScanSpyware) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\blphc3aoj0e3b7.scr (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\lphc3aoj0e3b7.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\drivers\b3de58cd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\eetF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\zqm10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\icq1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\qefF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

D:\Antivirus & Cleaner\Virus Remover\Flash remover.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\Antivirus & Cleaner\Virus Remover\Folder Options.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\Antivirus & Cleaner\Virus Remover\haha Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\Antivirus & Cleaner\Virus Remover\Tok Wan Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\Antivirus & Cleaner\Virus Remover\Topui & HistoryJMTi Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\Antivirus & Cleaner\Virus Remover\Virus Remover & Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\ScanSpyware v3.7\ssdb082708.db (Rogue.ScanSpyware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\phc3aoj0e3b7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator.MICROSOF-AE5C48\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator.MICROSOF-AE5C48\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by zack037

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

jangan edit post.. terus post baru.. nanti saya tak tahu bila kamu reply.. ok.. OTViewIT pulak? :)

Scan type: Full Scan (C:\|D:\|E:\|H:\|)

Objects scanned: 81545

Time elapsed: 16 minute(s), 21 second(s)

Punya banyak drive, scan 16 minit sahaja?.. Kamu stop-kan scan kan? :P

Edited by baok

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted (edited)

Mmg banyak drive, C: dengan D: jek ada file. E: tue partition kosong.

Pastu H: tue thumb drive.

Tak stop scan pown, complete habis scan tue.

Lagi satu kan lepaskan scan ngan malware tadi tue,

ada file yang kene delete on reboot, bila reboot window takleh load,

so saya load last good known configuration, n menatang tue ada lagi... boleh gila camnie....

Nie OTViewIt :

OTviewIT

Extras

Bukan sengaja nak edit, kang kene double post... kene delete ngan mod lak.

Edited by zack037

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

bagi saya masa nak analisis log ok.. Jangan risau dengan mods.. mereka sepatutnya faham dengan situasi kamu.. kalau mereka tak faham gak tak tau laa..

Erm.. Ada vundo dengan rootkit.. Pergi kat laman web di bawah.. fahamkan betul2 cara nak guna ComboFix (oleh sUBs)..

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download ComboFix dan save direct kat Desktop.. Install Recovery Console seperti yang dinyatakan dalam tutorial..

Kemudian disable semua antivirus/antispyware/firewall.. Pergi ke laman web di bawah jika tak tahu macam mana nak disable-kan

http://www.bleepingcomputer.com/forums/topic114351.html

Kemudian run dan postkan log ComboFix di sini..

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted (edited)

Ok thanks,

Harap awk dapat membantu. Nie kalau ada kat tempat saya nie dah belanja berbuka pose dah.

Setakat nie yang MalwareBytes' dah fix ialah display properties. Smua dah ada balik.

Tinggal yang tak tau asal usul jek nie.

p/s : Lama dah tak layan putera.com sampai post dulu dah kene delete. Huhu...

Edited by zack037

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted (edited)

tak boleh nak drag pown bootdisk atas icon combofix.

bila saya lepaskan atas icon combofix.exe nanti kuar untuk run this program...

ke memang camtue?

cis, dah tau dah. Kene block rupenye combofix. dah boleh tp...

Edited by zack037

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

tak boleh nak drag pown bootdisk atas icon combofix.

bila saya lepaskan atas icon combofix.exe nanti kuar untuk run this program...

ke memang camtue?

yup.. sori..td kuar beli makan buke..

run that program ok :)

again.. don't edit your post.. just post it as new post.. I will ignore you if you repeat that again next time..

reboot kat safe mode dan run ComboFix dalam safe mode..

<<tensen betul aku post kat putera nih.. bukan jadi new post... tp add balik kat post atas.. :( >>

Edited by baok

Share this post

Link to post
Share on other sites

scorps    1

scorps
Posted

pindah ke bahagian yg sepatutnya

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted

spyware detect trojan nie : Trojan-PWS.Bancos

pastu ada lak kuar C:\327882R2FWJFW\pv.cfexe is not a valid Win32 application.

macam ada yang x betul jek sy buat nie ke saya kene off spyware doctor nie?

sory2 tak wat lg dah, cuma dah terbiasa...

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

Create satu Restore Point sebelum proceed dengan fix di bawah.. Klik sini jika tak tahu caranya

Kemudian sila show hidden files and folders

Pergi kat VirusTotal (laman web di bawah) dan upload >> scan file ini..

http://www.virustotal.com/

C:\WINDOWS\System32\drivers\gzberq.sys

Copy/paste result dia kat sini..

----------------------------

Download OTMoveIt2 by OldTimer dan save kat Desktop..

  • Double-click OTMoveIt2
  • Biarkan kotak Unregister Dll's and Ocx's bertanda dan Zip Files After Moves kosong
  • copy/paste di bawah pada "Paste List of Files/Folders to Move" window (pada kotak kaler KUNING bar)

    [kill explorer]
b3de58cd <delete service>
restore <delete service>
C:\WINDOWS\system32\drivers\b3de58cd.sys
C:\WINDOWS\system32\drivers\restore.sys
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage
HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage
EmptyTemp
[start explorer]

  • Click butang Moveit! yang kaler merah
  • Postkan log OTMoveIt2 yang ada dalam kotak kaler HIJAU

Kalau dia suruh restart >> restart saja..

Postkan log di bawah..

1. result VirusTotal

2. OTMoveIt2

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted

Nie result Virustotal :

AhnLab-V3 2008.9.3.0 2008.09.03 -

AntiVir 7.8.1.23 2008.09.03 -

Authentium 5.1.0.4 2008.09.03 -

Avast 4.8.1195.0 2008.09.03 -

AVG 8.0.0.161 2008.09.03 -

BitDefender 7.2 2008.09.03 -

CAT-QuickHeal 9.50 2008.09.02 -

ClamAV 0.93.1 2008.09.03 -

DrWeb 4.44.0.09170 2008.09.03 -

eSafe 7.0.17.0 2008.09.03 -

eTrust-Vet 31.6.6066 2008.09.03 -

Ewido 4.0 2008.09.03 -

F-Prot 4.4.4.56 2008.09.03 -

F-Secure 8.0.14332.0 2008.09.03 -

Fortinet 3.14.0.0 2008.09.03 -

GData 19 2008.09.03 -

Ikarus T3.1.1.34.0 2008.09.03 -

K7AntiVirus 7.10.439 2008.09.03 Trojan.Win32.Malware.2

Kaspersky 7.0.0.125 2008.09.03 -

McAfee 5376 2008.09.03 -

Microsoft 1.3903 2008.09.03 -

NOD32v2 3412 2008.09.03 -

Norman 5.80.02 2008.09.03 -

Panda 9.0.0.4 2008.09.03 -

PCTools 4.4.2.0 2008.09.03 -

Prevx1 V2 2008.09.03 -

Rising 20.60.21.00 2008.09.03 -

Sophos 4.33.0 2008.09.03 -

Sunbelt 3.1.1592.1 2008.08.30 -

Symantec 10 2008.09.03 -

TheHacker 6.3.0.8.070 2008.09.02 -

TrendMicro 8.700.0.1004 2008.09.03 -

VBA32 3.12.8.4 2008.09.02 -

ViRobot 2008.9.2.1361 2008.09.03 -

VirusBuster 4.5.11.0 2008.09.03 -

Webwasher-Gateway 6.6.2 2008.09.03 -

Additional information

File size: 61440 bytes

MD5...: 589312a3b46721c5a751e4d5222a89be

SHA1..: 3a497d3968a4f6e3c648d196da38e5f98e75ec30

SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f

69ae

SHA512: c8abe050c97efe34541c3ef293a750e34b82117ae41f41d83db1f1489eb5

d776

a1d59d0b4a1e13536e5bebda630693daf4be66cc386f587a69288c76df98

cf7b

PEiD..: -

TrID..: File type identification

Clipper DOS Executable (33.3%)

Generic Win/DOS Executable (33.0%)

DOS Executable Generic (33.0%)

VXD Driver (0.5%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1d394

timedatestamp.....: 0x476b398b (Fri Dec 21 03:56:59 2007)

machinetype.......: 0x14c (I386)

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x400 0xd756 0xd780 5.52 e0dc8fff10e3a7c6343455cd02a67954

.rdata 0xdb80 0x10e 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302

.data 0xdd00 0xc0 0x100 0.04 66a415a49d751cb335895306ecfb3389

INIT 0xde00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc

.reloc 0xe180 0xe2c 0xe80 6.60 4f845320301140370066cbceee4c5e4c

( 1 imports )

> ntoskrnl.exe: ZwWriteFile, wcslen, RtlUpcaseUnicodeChar, ZwClose, ZwCreateFile, RtlInitUnicodeString, wcscat, wcscpy, _wcsicmp, ZwQueryValueKey, ZwOpenKey, ZwDeleteKey, swprintf, ZwEnumerateKey, ExFreePoolWithTag, DbgPrint, ExAllocatePoolWithTag, RtlPrefixUnicodeString, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, ZwEnumerateValueKey, ZwOpenFile, ZwSetInformationFile, KeTickCount, ZwQueryInformationFile, KeBugCheck, MmGetSystemRoutineAddress, ZwFlushKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, RtlCheckRegistryKey, KeDelayExecutionThread, ZwReadFile, PsCreateSystemThread, PsGetVersion

( 0 exports )

yang nie lak OTMoveit2 :

Explorer killed successfully

b3de58cd service deleted successfully.

restore service deleted successfully.

File/Folder C:\WINDOWS\system32\drivers\b3de58cd.sys not found.

File/Folder C:\WINDOWS\system32\drivers\restore.sys not found.

< HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage >

Registry value HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage deleted successfully.

< HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage >

Registry value HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage deleted successfully.

< EmptyTemp >

File delete failed. C:\DOCUME~1\ADMINI~1.MIC\LOCALS~1\Temp\etilqs_ZRi8mqtTsqQSB5DmwzAC scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_205144

Files moved on Reboot...

File C:\DOCUME~1\ADMINI~1.MIC\LOCALS~1\Temp\etilqs_ZRi8mqtTsqQSB5DmwzAC not found!

Alhamdulillah, dah takde kuar lagi dah. Rasanya dah takde lg menatang tue.

Lega rasanya, nk dekat seminggu dok perang sendiri, almaklumlah bukan tau sgt pasal computer program nie.

Ermm.. lagi satu, camne nak manage startup program?

byk sgt load masa on window nie jadi slow lak..

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

nak manage startup pergi kat Start >> Run >> msconfig >> enter

--edit-- scrap off td.. maybe false positive..

Edited by baok

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted (edited)

ok dah, nie lognyer :

Explorer killed successfully

C:\WINDOWS\System32\drivers\gzberq.sys moved successfully.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_210631

ape yang kita tengah buat sebenarnya, sy tahu buat tp tak tau aper maknanya...

Nak faham sket...

Edited by zack037

Share this post

Link to post
Share on other sites

baok    0

baok
Posted (edited)

Ah.. ko dah buat.. takpelah.. try observe dulu pc tu selama sehari.. kalau takde apa-apa problem boleh la close topic.. :)

kalau dah takde pape selepas sehari, ko buat nih..

Pastikan ada internet connection.. Bukak OTMoveIt2 >> Tekan butang CleanUp! >> biarkan sampai dia habis proses clean up :)

again... don't edit your topic..

apa yang kita buat? buang virus bodo tu laa.. :wacko:

Edited by baok

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted

Ok, terima kasih banyak2. Sangat2 membantu, ko memang pro. Kalau ada apa2 terjadi lagi dalam 2,3 hari lepas dah wat smua nie.. aku post kat sini k.

Kalau xde ape2, aku close topic nie.

Share this post

Link to post
Share on other sites

baok    0

baok
Posted

Ok.. lepas 2-3 hari, kalau takde pape, buat seperti di atas (butang CleanUp!) penting untuk clean trace malware kat backup OTMoveIt2 :)

Share this post

Link to post
Share on other sites

zack037    0

zack037
Posted

Ok dah buat, terima kasih banyak2.

Kalau la ko nie pompuan, pastu kat tempat aku, aku dah peluk2 cium dah ko.

Memang penyelamat, kene amik kursus komputer ngan ko la nie huhu.

Share this post

Link to post
Share on other sites

titanbullet    0

titanbullet
Posted

Ok dah buat, terima kasih banyak2.

Kalau la ko nie pompuan, pastu kat tempat aku, aku dah peluk2 cium dah ko.

Memang penyelamat, kene amik kursus komputer ngan ko la nie huhu.

x senonoh betul ekau ni jang..

ade ke patut!

anyway, memang 1 topic yg amat berguna.. :)

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...