zack037 0 Report post Posted September 7, 2008 (edited) Assalammualaikum,Saya nak minta tolong sesangat kat sini, comp sy nie dijangkiti FraudWare @ atau virus yang mengatakan sistem dijangkiti spyware tapi sebenarnya tidak dan disuruh download program tertentu yang sebenarnya fraud.Dah macam2 antivirus sy guna, Kaspersky, Norton 2008, Avira, AVG 8... jumpa infectiondalam c:/windows/system32/obghva.dll <--- file dijangkiti c:/windows/system32/obghva32.dll <--- file dijangkitiPastu ada la menatang nie : c:windows/system32/ph3obr3sc3lc.scr c:windows/system32/ph3obr3sc3lc.exe c:windows/system32/ph3obr3sc3lc.bmpSemua tue didetect sebagai trojan downloader/fraudload.AKBE.Dalam saya punya display properties lak, ada dua tab hilang.yang tinggal themes, appearence, setting...Saya pun dah guna spyware remover, ad adware, mcm2 lg la...Setiap kali sy restart system.. benda tu sumer ada balik. Padahal sebelum restart, sy dah buang.Lepas masuk system jek wallpaper jadi Your system infected by bla..bla..bla..bla please download bla..bla..blaa to remove it... tension sungguh.. saya dah google tp tak jumpa gak penyelesaiannye...Saya tak tahu la kat mana dia menyorok program asal nie. asyik duplicate balik bila restart.Tolonglah saya, kalau boleh saya xnak format komputer.. sbb susah kat tempat saya nie.Lgpown byk kerja2 saya dalam komputer sy nie.Minta tolong sangat2 kepada yang professional Edited September 7, 2008 by zack037 Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 Download >> Install >> Update >> Perform Full Scan >> Remove semua infection dengan Malwarebytes' Anti-Malware.. Nanti akan ada log keluar. Postkan log tu kat sini..Kemudian, Download dan scan dengan OTViewIt oleh OldTimer.. Pastikan kotak bertulis Scan all Users dan Use Whitelist ditandakanPastikan kotak File Ages ditetapkan pada 30 DaysTutup semua Windows dan tekan Run ScanNanti ada 2 log (OTViewIt.txt dan Extras.txt)Uploadkan kedua-dua log tersebut pada laman web di bawah dan tunggu sehingga process upload itu lengkaphttp://www.easy-share.com/Pada Download url: copy/paste link pada file url: di sini..So, dalam next reply.. Sila postkan1. Log Malwarebytes'2. Link file url: Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 (edited) Ok, saya akan cuba.Tengah Scan...Ok, dah siap scan nie log file dari Malwarebytes':Malwarebytes' Anti-Malware 1.26Database version: 1122Windows 5.1.2600 Service Pack 29/7/2008 5:54:31 PMmbam-log-2008-09-07 (17-54-31).txtScan type: Full Scan (C:\|D:\|E:\|H:\|)Objects scanned: 81545Time elapsed: 16 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 10Registry Values Infected: 4Registry Data Items Infected: 2Folders Infected: 13Files Infected: 40Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\blphc3aoj0e3b7.scr (Trojan.FakeAlert) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\spox (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolie.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{86dff136-77b4-472c-b3b3-dddee57ac1a1} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{ea2a4962-9d7c-4912-82a6-4abc1655f003} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{7e61bb38-a952-40ba-98f0-0ad229658cb7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e61bb38-a952-40ba-98f0-0ad229658cb7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\rhc7aoj0e3b7 (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3aoj0e3b7 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\ScanSpyware v3.7 (Rogue.ScanSpyware) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7 (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\rhc7aoj0e3b7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\blphc3aoj0e3b7.scr (Trojan.FakeAlert) -> Delete on reboot.C:\WINDOWS\system32\lphc3aoj0e3b7.exe (Trojan.Agent) -> Delete on reboot.C:\WINDOWS\system32\drivers\b3de58cd.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\eetF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\zqm10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\icq1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\qefF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.D:\Antivirus & Cleaner\Virus Remover\Flash remover.exe (Adware.Agent) -> Quarantined and deleted successfully.D:\Antivirus & Cleaner\Virus Remover\Folder Options.exe (Adware.Agent) -> Quarantined and deleted successfully.D:\Antivirus & Cleaner\Virus Remover\haha Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.D:\Antivirus & Cleaner\Virus Remover\Tok Wan Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.D:\Antivirus & Cleaner\Virus Remover\Topui & HistoryJMTi Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.D:\Antivirus & Cleaner\Virus Remover\Virus Remover & Washer.exe (Adware.Agent) -> Quarantined and deleted successfully.C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.C:\Program Files\ScanSpyware v3.7\ssdb082708.db (Rogue.ScanSpyware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.C:\WINDOWS\system32\phc3aoj0e3b7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator.MICROSOF-AE5C48\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator.MICROSOF-AE5C48\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Edited September 7, 2008 by zack037 Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 Ok, saya akan cuba.Saya akan reply lepas berbuka atau lepas tarawih (kalau pergi tarawih laa..) Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 (edited) jangan edit post.. terus post baru.. nanti saya tak tahu bila kamu reply.. ok.. OTViewIT pulak? Scan type: Full Scan (C:\|D:\|E:\|H:\|)Objects scanned: 81545Time elapsed: 16 minute(s), 21 second(s)Punya banyak drive, scan 16 minit sahaja?.. Kamu stop-kan scan kan? Edited September 7, 2008 by baok Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 (edited) Mmg banyak drive, C: dengan D: jek ada file. E: tue partition kosong.Pastu H: tue thumb drive. Tak stop scan pown, complete habis scan tue.Lagi satu kan lepaskan scan ngan malware tadi tue, ada file yang kene delete on reboot, bila reboot window takleh load,so saya load last good known configuration, n menatang tue ada lagi... boleh gila camnie....Nie OTViewIt :OTviewITExtrasBukan sengaja nak edit, kang kene double post... kene delete ngan mod lak. Edited September 7, 2008 by zack037 Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 bagi saya masa nak analisis log ok.. Jangan risau dengan mods.. mereka sepatutnya faham dengan situasi kamu.. kalau mereka tak faham gak tak tau laa..Erm.. Ada vundo dengan rootkit.. Pergi kat laman web di bawah.. fahamkan betul2 cara nak guna ComboFix (oleh sUBs).. http://www.bleepingcomputer.com/combofix/how-to-use-combofixDownload ComboFix dan save direct kat Desktop.. Install Recovery Console seperti yang dinyatakan dalam tutorial.. Kemudian disable semua antivirus/antispyware/firewall.. Pergi ke laman web di bawah jika tak tahu macam mana nak disable-kanhttp://www.bleepingcomputer.com/forums/topic114351.html Kemudian run dan postkan log ComboFix di sini.. Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 (edited) Ok thanks, Harap awk dapat membantu. Nie kalau ada kat tempat saya nie dah belanja berbuka pose dah.Setakat nie yang MalwareBytes' dah fix ialah display properties. Smua dah ada balik. Tinggal yang tak tau asal usul jek nie.p/s : Lama dah tak layan putera.com sampai post dulu dah kene delete. Huhu... Edited September 7, 2008 by zack037 Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 just buat combofix and then post the log here ok .. I'll be back after maghrib Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 (edited) tak boleh nak drag pown bootdisk atas icon combofix.bila saya lepaskan atas icon combofix.exe nanti kuar untuk run this program...ke memang camtue?cis, dah tau dah. Kene block rupenye combofix. dah boleh tp... Edited September 7, 2008 by zack037 Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 (edited) tak boleh nak drag pown bootdisk atas icon combofix.bila saya lepaskan atas icon combofix.exe nanti kuar untuk run this program...ke memang camtue?yup.. sori..td kuar beli makan buke..run that program ok again.. don't edit your post.. just post it as new post.. I will ignore you if you repeat that again next time..reboot kat safe mode dan run ComboFix dalam safe mode..<<tensen betul aku post kat putera nih.. bukan jadi new post... tp add balik kat post atas.. >> Edited September 7, 2008 by baok Share this post Link to post Share on other sites
scorps 1 Report post Posted September 7, 2008 pindah ke bahagian yg sepatutnya Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 spyware detect trojan nie : Trojan-PWS.Bancospastu ada lak kuar C:\327882R2FWJFW\pv.cfexe is not a valid Win32 application.macam ada yang x betul jek sy buat nie ke saya kene off spyware doctor nie?sory2 tak wat lg dah, cuma dah terbiasa... Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 ok.. just reboot ke Safe Mode dan run ComboFix.. kalau tak boleh jugak bagi tahu.. nanti saya fikir cara lain Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 ok pas siap nanti sy bgtau keputusannya Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 Ok ini log file setelah wat combofixLog File : http://w14.easy-share.com/1701484828.htmlp/s : camne ek nak manage start up item, dah lupa la... kalau tak silap start >> run >> iniconfig... tak ingat tapi rasanya lebih kurang la kot. Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 Create satu Restore Point sebelum proceed dengan fix di bawah.. Klik sini jika tak tahu caranya Kemudian sila show hidden files and foldersPergi kat VirusTotal (laman web di bawah) dan upload >> scan file ini..http://www.virustotal.com/C:\WINDOWS\System32\drivers\gzberq.sysCopy/paste result dia kat sini.. ----------------------------Download OTMoveIt2 by OldTimer dan save kat Desktop..Double-click OTMoveIt2Biarkan kotak Unregister Dll's and Ocx's bertanda dan Zip Files After Moves kosongcopy/paste di bawah pada "Paste List of Files/Folders to Move" window (pada kotak kaler KUNING bar)[kill explorer] b3de58cd <delete service> restore <delete service> C:\WINDOWS\system32\drivers\b3de58cd.sys C:\WINDOWS\system32\drivers\restore.sys HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage EmptyTemp [start explorer]Click butang Moveit! yang kaler merahPostkan log OTMoveIt2 yang ada dalam kotak kaler HIJAUKalau dia suruh restart >> restart saja..Postkan log di bawah..1. result VirusTotal2. OTMoveIt2 Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 Nie result Virustotal :AhnLab-V3 2008.9.3.0 2008.09.03 -AntiVir 7.8.1.23 2008.09.03 -Authentium 5.1.0.4 2008.09.03 -Avast 4.8.1195.0 2008.09.03 -AVG 8.0.0.161 2008.09.03 -BitDefender 7.2 2008.09.03 -CAT-QuickHeal 9.50 2008.09.02 -ClamAV 0.93.1 2008.09.03 -DrWeb 4.44.0.09170 2008.09.03 -eSafe 7.0.17.0 2008.09.03 -eTrust-Vet 31.6.6066 2008.09.03 -Ewido 4.0 2008.09.03 -F-Prot 4.4.4.56 2008.09.03 -F-Secure 8.0.14332.0 2008.09.03 -Fortinet 3.14.0.0 2008.09.03 -GData 19 2008.09.03 -Ikarus T3.1.1.34.0 2008.09.03 -K7AntiVirus 7.10.439 2008.09.03 Trojan.Win32.Malware.2Kaspersky 7.0.0.125 2008.09.03 -McAfee 5376 2008.09.03 -Microsoft 1.3903 2008.09.03 -NOD32v2 3412 2008.09.03 -Norman 5.80.02 2008.09.03 -Panda 9.0.0.4 2008.09.03 -PCTools 4.4.2.0 2008.09.03 -Prevx1 V2 2008.09.03 -Rising 20.60.21.00 2008.09.03 -Sophos 4.33.0 2008.09.03 -Sunbelt 3.1.1592.1 2008.08.30 -Symantec 10 2008.09.03 -TheHacker 6.3.0.8.070 2008.09.02 -TrendMicro 8.700.0.1004 2008.09.03 -VBA32 3.12.8.4 2008.09.02 -ViRobot 2008.9.2.1361 2008.09.03 -VirusBuster 4.5.11.0 2008.09.03 -Webwasher-Gateway 6.6.2 2008.09.03 -Additional informationFile size: 61440 bytesMD5...: 589312a3b46721c5a751e4d5222a89beSHA1..: 3a497d3968a4f6e3c648d196da38e5f98e75ec30SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69aeSHA512: c8abe050c97efe34541c3ef293a750e34b82117ae41f41d83db1f1489eb5d776a1d59d0b4a1e13536e5bebda630693daf4be66cc386f587a69288c76df98cf7bPEiD..: -TrID..: File type identificationClipper DOS Executable (33.3%)Generic Win/DOS Executable (33.0%)DOS Executable Generic (33.0%)VXD Driver (0.5%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)PEInfo: PE Structure information( base data )entrypointaddress.: 0x1d394timedatestamp.....: 0x476b398b (Fri Dec 21 03:56:59 2007)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x400 0xd756 0xd780 5.52 e0dc8fff10e3a7c6343455cd02a67954.rdata 0xdb80 0x10e 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302.data 0xdd00 0xc0 0x100 0.04 66a415a49d751cb335895306ecfb3389INIT 0xde00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc.reloc 0xe180 0xe2c 0xe80 6.60 4f845320301140370066cbceee4c5e4c( 1 imports )> ntoskrnl.exe: ZwWriteFile, wcslen, RtlUpcaseUnicodeChar, ZwClose, ZwCreateFile, RtlInitUnicodeString, wcscat, wcscpy, _wcsicmp, ZwQueryValueKey, ZwOpenKey, ZwDeleteKey, swprintf, ZwEnumerateKey, ExFreePoolWithTag, DbgPrint, ExAllocatePoolWithTag, RtlPrefixUnicodeString, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, ZwEnumerateValueKey, ZwOpenFile, ZwSetInformationFile, KeTickCount, ZwQueryInformationFile, KeBugCheck, MmGetSystemRoutineAddress, ZwFlushKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, RtlCheckRegistryKey, KeDelayExecutionThread, ZwReadFile, PsCreateSystemThread, PsGetVersion( 0 exports )yang nie lak OTMoveit2 :Explorer killed successfullyb3de58cd service deleted successfully.restore service deleted successfully.File/Folder C:\WINDOWS\system32\drivers\b3de58cd.sys not found.File/Folder C:\WINDOWS\system32\drivers\restore.sys not found.< HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage >Registry value HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage deleted successfully.< HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage >Registry value HKEY_USERS\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage deleted successfully.< EmptyTemp >File delete failed. C:\DOCUME~1\ADMINI~1.MIC\LOCALS~1\Temp\etilqs_ZRi8mqtTsqQSB5DmwzAC scheduled to be deleted on reboot.Temp folders emptied.IE temp folders emptied.Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_205144Files moved on Reboot...File C:\DOCUME~1\ADMINI~1.MIC\LOCALS~1\Temp\etilqs_ZRi8mqtTsqQSB5DmwzAC not found!Alhamdulillah, dah takde kuar lagi dah. Rasanya dah takde lg menatang tue.Lega rasanya, nk dekat seminggu dok perang sendiri, almaklumlah bukan tau sgt pasal computer program nie.Ermm.. lagi satu, camne nak manage startup program?byk sgt load masa on window nie jadi slow lak.. Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 (edited) nak manage startup pergi kat Start >> Run >> msconfig >> enter--edit-- scrap off td.. maybe false positive.. Edited September 7, 2008 by baok Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 (edited) ok dah, nie lognyer :Explorer killed successfullyC:\WINDOWS\System32\drivers\gzberq.sys moved successfully.Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_210631ape yang kita tengah buat sebenarnya, sy tahu buat tp tak tau aper maknanya...Nak faham sket... Edited September 7, 2008 by zack037 Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 (edited) Ah.. ko dah buat.. takpelah.. try observe dulu pc tu selama sehari.. kalau takde apa-apa problem boleh la close topic.. kalau dah takde pape selepas sehari, ko buat nih..Pastikan ada internet connection.. Bukak OTMoveIt2 >> Tekan butang CleanUp! >> biarkan sampai dia habis proses clean up again... don't edit your topic.. apa yang kita buat? buang virus bodo tu laa.. Edited September 7, 2008 by baok Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 Ok, terima kasih banyak2. Sangat2 membantu, ko memang pro. Kalau ada apa2 terjadi lagi dalam 2,3 hari lepas dah wat smua nie.. aku post kat sini k. Kalau xde ape2, aku close topic nie. Share this post Link to post Share on other sites
baok 0 Report post Posted September 7, 2008 Ok.. lepas 2-3 hari, kalau takde pape, buat seperti di atas (butang CleanUp!) penting untuk clean trace malware kat backup OTMoveIt2 Share this post Link to post Share on other sites
zack037 0 Report post Posted September 7, 2008 Ok dah buat, terima kasih banyak2.Kalau la ko nie pompuan, pastu kat tempat aku, aku dah peluk2 cium dah ko.Memang penyelamat, kene amik kursus komputer ngan ko la nie huhu. Share this post Link to post Share on other sites
titanbullet 0 Report post Posted September 7, 2008 Ok dah buat, terima kasih banyak2.Kalau la ko nie pompuan, pastu kat tempat aku, aku dah peluk2 cium dah ko.Memang penyelamat, kene amik kursus komputer ngan ko la nie huhu.x senonoh betul ekau ni jang..ade ke patut!anyway, memang 1 topic yg amat berguna.. Share this post Link to post Share on other sites