Nak Buang Virus Nih Tolong

39cent · December 14, 2009

salam..
nak tanya cara nak solve virus nih
1.pc aku jadi automatik shutdown lepas on shutdown balik
2.Ada folder new folder setiap folder nak delete tak boleh
dan dlm folder ada gak folder yg sama
cth folder A kalo buka folder folder A tadi ada juga folder A
kalau nak delete folder folder A yg virus ni tak boleh
sekarang drive D dah penuh dengan folder yg tak boleh nak delete
pc aku partition drive C & D
ada sapa2 boleh tolong

neology · December 14, 2009

run hijackthis dan post log hijackthis kat sini..nanti otai2 di sini cube tolong..

test0123 · December 14, 2009

dah buat scan dgn malwarebytes

39cent · December 14, 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:39 PM, on 12/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebcamMax\wcmmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\lqexu.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\pgau.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winyacd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winbdlq.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\pisi3\LOCALS~1\Temp\icmbe.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintdmefc.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintmjsgb.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winqtrte.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: FreshDownload - {7CEE2180-23DE-4C25-BA6E-A1BBD15DCCBE} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Windows Recycled Services - Unknown owner - C:\Program.exe (file missing)

--
End of file - 5066 bytes

B@zSh™ · December 14, 2009

Bro guna AV apa yer?
Nape xder dalam log HJT tu
Dah cuba scan ngan Malwarebytes?

sofia_1 · December 14, 2009

C:\DOCUME~1\pisi3\LOCALS~1\Temp\lqexu.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\pgau.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winyacd.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winbdlq.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\icmbe.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintdmefc.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\wintmjsgb.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winqtrte.exe

delete semua benda ni (mungkin)
update antivirus dan scan

test0123 · December 14, 2009

O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

removed ni juga

39cent · December 14, 2009

av dah delete
ari tu pakai AVG
blm scan
nnt try scan dulu pakai Malwarebytes

39cent · December 14, 2009

ni logfile lepas scan ngan Malwarebytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:33 PM, on 12/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebcamMax\wcmmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
D:\Software\New Folder.exe
D:\Software\New Folder\New Folder.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winwrmbbi.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\windkdad.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winvycpy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
D:\Software\New Folder\New Folder.exe
D:\Software\New Folder.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pisi3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: FreshDownload - {7CEE2180-23DE-4C25-BA6E-A1BBD15DCCBE} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4543 bytes

39cent · December 15, 2009

virus ni dah masuk setiap folder
duplicate jadi folder asal size 23.8mb
drive D dah full

test0123 · December 15, 2009

R0 - HKCU\Software\Microsoft\InternetExplorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger]C:\WINDOWS\System32\RVHOST.exe
O7 -HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
C:\Documents and Settings\pisi3\LocalSettings\ApplicationData\Google\Update\1.2.183.13\GoogleCrashHandler.exe
D:\Software\New Folder.exe
D:\Software\New Folder\New Folder.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winwrmbbi.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\windkdad.exe
C:\DOCUME~1\pisi3\LOCALS~1\Temp\winvycpy.exe
O2 - BHO: SingleInstance Class -{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -C:\ProgramFiles\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\ProgramFiles\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documentsand Settings\pisi3\Local Settings\ApplicationData\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: FreshDownload -{7CEE2180-23DE-4C25-BA6E-A1BBD15DCCBE} -C:\Program Files\FreshDevices\FreshDownload\fd.exe
removed semua ni

39cent · December 15, 2009

dah removed semue
scan pakai Malwarebytes pun sudah
folder clon tu masih ada lagi
setiap folder dlm drive D
terdapat 1 folder clon

test0123 · December 15, 2009

New Folder.exe Virus Removal Tool
buang folder exe tu

Datuk_Seri · December 17, 2009

Dipindahkah kebahagian Utiliti dan Sekuriti...

sayw · December 17, 2009

test advice jap
kalau jadila

pergi folder option
untick hide microsoft program
click yes
pergi c
cari ntdetect(fail corrupt) dan delete
fail sebenar ialah ntdetech(minta nasihat mod-tgh saiko masa menaip xD)

B@zSh™ · December 17, 2009

Cuba scan guna CaSIR

39cent · December 18, 2009

ok dah settle
thanx semua

Sign In

Nak Buang Virus Nih Tolong

Recommended Posts

39cent 0

Share this post

Link to post

Share on other sites

neology 0

Share this post

Link to post

Share on other sites

test0123 1

Share this post

Link to post

Share on other sites

39cent 0

Share this post

Link to post

Share on other sites

B@zSh™ 1

Share this post

Link to post

Share on other sites

sofia_1 0

Share this post

Link to post

Share on other sites

test0123 1

Share this post

Link to post

Share on other sites

39cent 0

Share this post

Link to post

Share on other sites

39cent 0

Share this post

Link to post

Share on other sites

39cent 0

Share this post

Link to post

Share on other sites

test0123 1

Share this post

Link to post

Share on other sites

39cent 0

Share this post

Link to post

Share on other sites

test0123 1

Share this post

Link to post

Share on other sites

Datuk_Seri 13

Share this post

Link to post

Share on other sites

sayw 18

Share this post

Link to post

Share on other sites

B@zSh™ 1

Share this post

Link to post

Share on other sites

39cent 0

Share this post

Link to post

Share on other sites

Join the conversation

Announcements

Browse

Activity