39cent 0 Report post Posted January 8, 2010 salamnak tanyavirus pe kt ym akutetiba je send link Vao day nghe bai nay di ban http://nhattruongquang.0catch.com kt id member kt list ymsiap jd status lagi Quote Share this post Link to post Share on other sites
B@zSh™ 1 Report post Posted January 8, 2010 Maybe bro boleh try rujuk kat SINI Quote Share this post Link to post Share on other sites
39cent 0 Report post Posted January 8, 2010 sori..bro tak boleh nak display Registry dah type kt run-regedit-okbenda tu display pastu hilang Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted January 8, 2010 Download malwarebyte, install, update, dan scan. Then paste log dia beserta log hijackthis di sini. Quote Share this post Link to post Share on other sites
39cent 0 Report post Posted January 8, 2010 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:20:54 PM, on 1/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\RVHOST.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Autorun Eater\oldmcdonald.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exeC:\WINDOWS\system32\RVHOST.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Autorun Eater\billy.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Program Files\ManyCam 2.4\ManyCam.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeD:\Software\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exeO2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dllO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersionsO4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -HideO4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -hO4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologonO4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: FreshDownload - {48FB6306-D106-4D29-B356-424FAB38689D} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cabO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exeO23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe--End of file - 6903 bytes Quote Share this post Link to post Share on other sites
Admin2 12 Report post Posted January 8, 2010 Dah ok ke? kalau x ok aku ada solution lain. Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted January 8, 2010 Log malwarebyte? log hijackthis ni sblom scan ngan malwarebyte ke selepas malwarebyte? Quote Share this post Link to post Share on other sites
39cent 0 Report post Posted January 8, 2010 selepas scan malwarebytemalwarebyte tgh scan time tu Quote Share this post Link to post Share on other sites
B@zSh™ 1 Report post Posted January 8, 2010 Kalo tengok pada log ada RVHOST.exe wormCuba scan ngan Malwarebytes johnburn suruhMaybe dengan membuang worm tersebut registy editor bro akan kembali normalEntry ni maybe boleh di fixR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exeO9 - Extra button: FreshDownload - {48FB6306-D106-4D29-B356-424FAB38689D} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing) Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted January 8, 2010 Bagi log malwarebyte dan log hijackthis selepas scan dengan malwarebyte. Quote Share this post Link to post Share on other sites
39cent 0 Report post Posted January 9, 2010 Malwarebytes' Anti-Malware 1.43Database version: 3477Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/9/2010 12:14:11 AMmbam-log-2010-01-09 (00-14-11).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 159729Time elapsed: 43 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ni log lepas aku scan balik1st scan dah remove file infected Quote Share this post Link to post Share on other sites
B@zSh™ 1 Report post Posted January 9, 2010 Cuba bg log hijackthis lepas disinfection Quote Share this post Link to post Share on other sites
aura 0 Report post Posted January 9, 2010 takyah nak cuba cuba la...format jer pc tu..Even pakai deep freeze pun leh kena juga virus tu...Tah cam ne pembuat virus tu buat aku pun tak tahu lolKomp adik aku kena virus tu walaupun thaw dengan deep freeze. Dia delete file windows secara random.. tak tahu la.. lepas kena asik itu missing ini missing..alih-alih format satu pc lol walau pun pakai deep freeze.Portable HD dia pun kena juga.. HD tu kena format juga. ::lol:: Aku check nampak cam dari vietnam jer.. Quote Share this post Link to post Share on other sites
aura 0 Report post Posted January 9, 2010 mungkin virus tu ader kat sini:dalam folder ni kat setiap partition hd ko dalam folder System Volume Informationpastu folder asal System Volume Information patutnya tak leh klick mean cannot acess la.. tapi yang asal telah di delete dan diganti dgn folder virus.. lol bijak bijak... patut la deep freeze pun hanxcur juga ....Satu lagi anti deepfreeze juga ada yang berasal dari vietnam jugak hehehe.... same creator or what? ::lol:: Quote Share this post Link to post Share on other sites