dekzorro 0 Report post Posted March 12, 2005 (edited) aku dpti terlalu byk item (application) kat processes XP yg aku guna. aku nak post kat sini, tp x tau cara nak copy list tu... ader cara nak copy tak..lps tu baru bole kemuka solan seterusnya. satu lagi..baru² ni pc aku teruk kena trojan, spyware dan ntah aper bendo lagi. terutam IE aku.. asyik about:blank jeee...korang ader tip tak camner aku settle masalah ni..secara manual. Edited March 12, 2005 by dekzorro Quote Share this post Link to post Share on other sites
mus3na 5 Report post Posted March 12, 2005 snap image or bukak system Information, file export as txt. than search part yg state pasal Running Task under Software Enviroment. copy and paste.kalau bigginer, pakai Hijact This (iam not supporting this tools, Please ask C-Fu for help regarding Hijact This). Quote Share this post Link to post Share on other sites
dekzorro 0 Report post Posted March 12, 2005 ok...nie dia processes kat pc aku...System Information report written at: 03/12/05 21:28:55system idle process system smss.exe csrss.exe winlogon.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe inetinfo.exe inorpc.exe inort.exe inotask.exe snmp.exe alg.exe explorer.exe rundll32.exe ituneshelper.exe qttask.exe msmsgs.exe ipodservice.exe dllhost.exe dllhost.exe msdtc.exe rainlendar.exe objectdock.exe itunes.exe svchost.exe firefox.exe helpctr.exe helpsvc.exe wmiprvse.exe bole tak korang tlg inform aku peranan file yg ader tu... ader tak yg bahaya.. jika bahaya camne nak buang..tima kacih krn sanggup membantu kpd anda² yg sudi membantu. Quote Share this post Link to post Share on other sites
civ3 9 Report post Posted March 12, 2005 kene spyware? try ikut care bawah nie...sila check ngan spyware software like TMIS 2005microsoft antispywarespyblasterhijackthislavasoftspybot1. Gunakan Spybot .. ( download definition yang terkini )2. Adware SE-Personal (hanya dari Lavasoft) (download definition yang terkini)3. Delete cookies dan file lama. 4. Check object dalam internet option dan pastikan ya adalah dari company2 yang dikenali .5. Gunakan perisian seperti firewall dan pop up blocker untuk langkah tambahan6. Boleh juga delete secara manual pada registry.... Quote Share this post Link to post Share on other sites
scorps 1 Report post Posted March 12, 2005 aku dpti terlalu byk item (application) kat processes XP yg aku guna. aku nak post kat sini, tp x tau cara nak copy list tu... ader cara nak copy tak..lps tu baru bole kemuka solan seterusnya. satu lagi..baru² ni pc aku teruk kena trojan, spyware dan ntah aper bendo lagi. terutam IE aku.. asyik about:blank jeee...korang ader tip tak camner aku settle masalah ni..secara manual.←kau guna win xp sp1 lagi kee??aku syor kau guna win xp sp2 laa plaksbb security dia lebih baik sikit dari yg lain...klu nak mudah jgn guna IE guna je browser laincam Opera ke,firefox ke...okk?? Quote Share this post Link to post Share on other sites
TonikCapGajah2013 175 Report post Posted March 12, 2005 (edited) Check this:http://www.processlibrary.com/ Edited March 12, 2005 by OngBok Quote Share this post Link to post Share on other sites
TonikCapGajah2013 175 Report post Posted March 12, 2005 ok...nie dia processes kat pc aku...System Information report written at: 03/12/05 21:28:55system idle process system smss.exe csrss.exe winlogon.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe inetinfo.exe inorpc.exe inort.exe inotask.exe snmp.exe alg.exe explorer.exe rundll32.exe ituneshelper.exe qttask.exe msmsgs.exe ipodservice.exe dllhost.exe dllhost.exe msdtc.exe rainlendar.exe objectdock.exe itunes.exe svchost.exe firefox.exe helpctr.exe helpsvc.exe wmiprvse.exe bole tak korang tlg inform aku peranan file yg ader tu... ader tak yg bahaya.. jika bahaya camne nak buang..tima kacih krn sanggup membantu kpd anda² yg sudi membantu. ←Keterangan Isass.Process File: isass.exe Process Name: Optix.Pro virusVirus: No ( Remove ) Trojan: Yes ( Remove ) Spyware: No ( Remove ) Security Risk (0-5): 4 Agak bahaya jugak Isaaa nie. baik remove cepat Quote Share this post Link to post Share on other sites
izwan 1 Report post Posted March 12, 2005 Keterangan Isass.Process File: isass.exe Process Name: Optix.Pro virusVirus: No ( Remove ) Trojan: Yes ( Remove ) Spyware: No ( Remove ) Security Risk (0-5): 4 Agak bahaya jugak Isaaa nie. baik remove cepat←remove la kalo terer http://www.processlibrary.com/directory/fi...lsass/index.phpstart/administrative tool/services. disabled + stop je mane process yg tak guna dari running masa start pc. Quote Share this post Link to post Share on other sites
mus3na 5 Report post Posted March 12, 2005 ONGBOK, tengok betul2, tu bukan ke LSASS. Servis windows XP. cara aku, aku carik executable tu nad tengok properties dia, sapo buat, bila execute tu masuk dalam system. kalau lain macam je aku delete. Quote Share this post Link to post Share on other sites
TonikCapGajah2013 175 Report post Posted March 12, 2005 izwan!.susah sangat ke nak buang. pada aku kacang jer benda tu.tak kan kena terer dulu, baru leh buang.fikirkan. Quote Share this post Link to post Share on other sites
Rapla 0 Report post Posted March 12, 2005 C-FU.....where are you? C-Fu lah expert bab2 spyware nie....aku rasa aku leh comment....tapi aku rasa lebih baik C-fu yang handle....ko try PM C-FU....All the Best! Quote Share this post Link to post Share on other sites
izwan 1 Report post Posted March 12, 2005 asik-asik C-Fu.. benci..Keterangan Isass.Process File: isass.exeProcess Name: Optix.Pro virusI bukan L. social engineering. Quote Share this post Link to post Share on other sites
mus3na 5 Report post Posted March 12, 2005 (edited) system idle process system smss.exe csrss.exe winlogon.exe lsass.exe svchost.exe svchost.exe kau tengok post asal dia, tu I ke L, aku nampak cam L je.----------------------%--------------------------------------compare bentuk L or kau claim I tu ngan image aku snap ni, mana yg more than 75% equal. Edited March 12, 2005 by mus3na Quote Share this post Link to post Share on other sites
nagakeciks 0 Report post Posted March 12, 2005 HuHu..sah sah "L" Quote Share this post Link to post Share on other sites
civ3 9 Report post Posted March 12, 2005 aku dpti terlalu byk item (application) kat processes XP yg aku guna. aku nak post kat sini, tp x tau cara nak copy list tu... ader cara nak copy tak..lps tu baru bole kemuka solan seterusnya. satu lagi..baru² ni pc aku teruk kena trojan, spyware dan ntah aper bendo lagi. terutam IE aku.. asyik about:blank jeee...korang ader tip tak camner aku settle masalah ni..secara manual.←hm...IE dah kene hijack! try ikut care aku sat(post #4)......kalau kau gune hijackthis tu...lepas scan tu kau boleh pastekan kau punye log file kat sini....aku nak tgk sat..... Quote Share this post Link to post Share on other sites
dekzorro 0 Report post Posted March 13, 2005 (edited) kau guna win xp sp1 lagi kee??aku syor kau guna win xp sp2 laa plaksbb security dia lebih baik sikit dari yg lain...klu nak mudah jgn guna IE guna je browser laincam Opera ke,firefox ke...okk?? ←yg aku skang ni SP2.. same je, aku kene teruk oooo..manjang keluar popup..sebenarnye aku sedang mencari kaedah utk buang masalah ni cara manual... baru kite tau apr yg di ubahnye.aku dah jumpa satu: trojan.digit; yg utk kacau IE, ko punye default page bole jadi about:blank (ngan aku² blank). tapi tak semua tips yg aku jumpa utk trojan nie berjaya. kat tempat aku keje ni ramai kene (aku la tu). aku tak nak format pc, nampak sgt tak terrorrx (hehehe). aku dok search utk pdm link file, registry dan mcm² laie. Edited March 13, 2005 by dekzorro Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted March 13, 2005 nak download manual? leh je.first kene tau samada program tu tengah running. second, kene tau camner program tu leh tetibe run bile ko start, dengan check semua tempat2 startup. tu pasal ramai orang suruh gune hijackthis.download hijackthis (google kalo taktau kat mane), pastu boh file hijackthis.exe kat dalam satu folder baru (kene buat), scan and save log, pastu copy log dan paste kat sini. meh ako bagitau camner ko nak delete satu2. Quote Share this post Link to post Share on other sites
dekzorro 0 Report post Posted March 13, 2005 ye bebeh... ini dia filelog suda mari..Logfile of HijackThis v1.99.1Scan saved at 5:07:57 PM, on 3/13/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Rainlendar\Rainlendar.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\CA\eTrust\Antivirus\InoRpc.exeC:\Program Files\CA\eTrust\Antivirus\InoRT.exeC:\Program Files\CA\eTrust\Antivirus\InoTask.exeC:\WINDOWS\System32\snmp.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\XoftSpy\XoftSpy.exeC:\WINDOWS\system32\notepad.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 1R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = 1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {7FE89029-04FE-4517-96BE-65ABDFD2A7DF} - C:\WINDOWS\system32\bmli.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstallO4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exeO4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://202.187.24.88/main/Install/en/US/CentraDownloader.cabO18 - Filter: text/html - {CE61487E-007E-4CB8-A8A8-0B5F48DE086C} - C:\WINDOWS\system32\bmli.dllO18 - Filter: text/plain - {CE61487E-007E-4CB8-A8A8-0B5F48DE086C} - C:\WINDOWS\system32\bmli.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exeO23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exeO23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exesorry.. nie je the best edit yg aku bole buat..harap² tak poning la ye. tq semua Quote Share this post Link to post Share on other sites
civ3 9 Report post Posted March 13, 2005 benda yg kene fix:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 1R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = 1O2 - BHO: (no name) - {7FE89029-04FE-4517-96BE-65ABDFD2A7DF} - C:\WINDOWS\system32\bmli.dllO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://202.187.24.88/main/Install/en/US/CentraDownloader.cabO18 - Filter: text/html - {CE61487E-007E-4CB8-A8A8-0B5F48DE086C} - C:\WINDOWS\system32\bmli.dllO18 - Filter: text/plain - {CE61487E-007E-4CB8-A8A8-0B5F48DE086C} - C:\WINDOWS\system32\bmli.dll Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted March 13, 2005 (edited) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 1R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = 1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankO2 - BHO: (no name) - {7FE89029-04FE-4517-96BE-65ABDFD2A7DF} - C:\WINDOWS\system32\bmli.dllO4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstallO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://202.187.24.88/main/Install/en/US/CentraDownloader.cabO18 - Filter: text/html - {CE61487E-007E-4CB8-A8A8-0B5F48DE086C} - C:\WINDOWS\system32\bmli.dllO18 - Filter: text/plain - {CE61487E-007E-4CB8-A8A8-0B5F48DE086C} - C:\WINDOWS\system32\bmli.dllpastikan sebelum fix, ko cube untuk unregister file2 .dll tu dengan pegi start>run>cmdpastu taip regsvr32 /u namafail.dll cam bmli.dll, se.dll tu.DAN, tutup SEMUA window pasal kalo tak hijackthis takkan menjadi untuk fix.pastu restart, dan cube carik file2 .dll kat atas tu dan delete kalo still ade.pasni bagi logfile hijackthis terbaru. bile sume dah ok, ako rekomen ko buat step kat bawah.download spybot. http://www.safer-networking.org/en/index.htmldownload, UPDATE, pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. kalau problem tu asyik kluar balik, pegi terus ke step hijackthis kat bawah.lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.pastu gi Tools>IE Tweaks. lock hosts file. kalo nak lock IE start page pon elok gak.pastu gi Tools>Hosts file. add spybot hosts file.pastu gi Tools>Resident. Checkkan option SDHelper. Edited March 13, 2005 by C-Fu Quote Share this post Link to post Share on other sites
izwan 1 Report post Posted March 13, 2005 rajin eh C-Fu track satu2 log tu.. KOHKOHKOHKOHKOHKOH.. Quote Share this post Link to post Share on other sites
lanun 0 Report post Posted March 13, 2005 rajin eh C-Fu track satu2 log tu.. KOHKOHKOHKOHKOHKOH.. ←hehehe baguslah kalau dia rajin nak tolong...daripada dia post tak tentu hala atau ada yang melalut tak tentu pasal... Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted March 13, 2005 bio le die. die tengah bangge tu FINALLY bilangan pos die lebeh dari ako Quote Share this post Link to post Share on other sites
dekzorro 0 Report post Posted March 13, 2005 tq bebanyak... Quote Share this post Link to post Share on other sites
C-Fu 0 Report post Posted March 13, 2005 pos balik log hijackthis terbaru just nak make sure pc ko dah ok.also, dari hijackthis log die tu yang ako tengok running process die tulis L, bukan I la. Quote Share this post Link to post Share on other sites