Jump to content
rieyna168

Keluar Icon Ni Time Start Laptop, Kenapa Yer?

Recommended Posts

Salam puteranian.
Nak tanya problem.tak tahu per problem sebenarnya. Time start laptop, kuar icon ni..Boleh sesiapa bgtau kenapa icon ni kuar. Adakah tu tanda ada virus ke tak.

[img]http://i281.photobucket.com/albums/kk231/rieyna168/window.jpg[/img]

Share this post


Link to post
Share on other sites
kat run, taip msconfig, pada tab startup cari nama brkaitan zone box dan untick restart, Edited by Roy Azloy

Share this post


Link to post
Share on other sites
Dah cari dlm control panel, tp xda file ni...xpasti nape tetiba ada & xingat pernah install ke xsebelum ni. Camne nk buang kalo file tu xnampak eh.

Loy, camne nk wat run tu.. dh lupa arr. maklumlh, time ada problem je nk ingt benda kt laptop ni. pastu,lupa dh nak tekan mane kalo. :lol:

Share this post


Link to post
Share on other sites
[quote name='Roy Azloy' timestamp='1303716628' post='1067416']
kat run, taip msconfig, pada tab startup cari nama brkaitan zone box dan untick restart,
[/quote]

yg ni dh try wat? kebiasaannya windows akan running ape yg ade pada startup ni,

kalu pki windows 7 klik start nanti ade ruang kosong (search program and files), taip run...

kalu pki win xp klik start, cari run kat atas turn off tu, :137: Edited by Roy Azloy

Share this post


Link to post
Share on other sites
dh wat ikut step tu, bila restart..xda lg dh icon tu. Tadi nampak detail file kat startup, cam something je file ni. Adakah ianya virus. Mungkin dpt kt mirc sbb terklik link2 kt situ.

ni detail mengenai icon Zone Box ni:
Zon Box Command -> C.WINDOWS\system32\driver\etc\fuckDALNET\svchost.exe.

Boleh bgtau camne nk buang terus file ni tak? dlm control panel, xda pun file nama ni. nak buang2 dlm drive C, takut terbuang file penting lak..

Share this post


Link to post
Share on other sites
[quote name='rieyna168' timestamp='1303720456' post='1067423']
dh wat ikut step tu, bila restart..xda lg dh icon tu. Tadi nampak detail file kat startup, cam something je file ni. Adakah ianya virus. Mungkin dpt kt mirc sbb terklik link2 kt situ.

ni detail mengenai icon Zone Box ni:
Zon Box Command -> C.WINDOWS\system32\driver\etc\fuckDALNET\svchost.exe.

Boleh bgtau camne nk buang terus file ni tak? dlm control panel, xda pun file nama ni. nak buang2 dlm drive C, takut terbuang file penting lak..
[/quote]

Download Malwarebyte Anti-Malware [url="http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware?1"]klik sini[/url], Update, Perform Quick Scan n Restart,

Share this post


Link to post
Share on other sites
Mmg sah virus.. rina dh restart, tgk dlm drive C, masih ada file tu..

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6439

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25/4/2011 5:22:32 PM
mbam-log-2011-04-25 (17-22-32).txt

Scan type: Quick scan
Objects scanned: 142580
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 43

Memory Processes Infected:
c:\Windows\System32\drivers\etc\fuckdalnet\mirc.exe (Backdoor.IRCBot) -> 2812 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Windows\System32\drivers\etc\fuckdalnet (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults\scripts (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\download (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\logs (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\sounds (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\download (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\logs (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\sounds (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\drivers\etc\fuckdalnet\svchost.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\svchost.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\animated.jpg (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\AXL.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\firestone.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\icon1.ico (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\ircintro.chm (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\kingman.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\kuching.png (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\mirc.chm (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\mirc.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\mirc.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\Petani.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\PetaniX.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\readme.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\test.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\uninstall.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\versions.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\view.gif (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\win.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\_tamp.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\_tamp2.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\_unknown.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults\mirc.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults\servers.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults\urls.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults\scripts\aliases.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckdalnet\defaults\scripts\popups.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\animated.jpg (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\firestone.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\HEHE.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\HotSex.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\icon1.ico (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\kingman.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\kuching.png (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\mirc.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\PetaniX.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\test.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\view.gif (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\win.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\_tamp.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\_tamp2.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\etc\fuckefnet\_unknown.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites
rina pegi je kat c:\Windows\System32\drivers\etc\fuckdalnet
pastu delete je folder tu

klu ad prob nk delete,gne software yg da include kat Malwarebytes

pastu update la antivirus yek

susah sgt,msok je safe mode

Share this post


Link to post
Share on other sites
dvdbane & M3ntary -> Dah delete file tu dlm kat drive c tu, scan guna Malwarebytes..xda dah detected. Cuma problem sekarang ni, walaupun dh delete tp software tu masih ada dlm laptop sy. Kat startup programs, masih ada file ni. Mcmmana saya nak remove terus dari dlm laptop ni? Actually, saya tak pernah download pun software ni. Mungkin saya dpt file ni dr mirc, ada yang invite utk join cenel. Ada gak sy klik nk tgk byk mana cetes kt cenel tu. Mungkin sbb tu dpt benda ni.

Hari tu kalau start je laptop kuar icon ZONE BOX tu, skrg ni lepas remove file kat c & untick kat run -> msconfig ->tab startup....timbul problem lain lak. icon blocked startup programs lak kuar setiap kali on laptop. Saya nak delete terus folder [maaf ye]&svchost tu.boleh bgtai camne caranya?

Ni contoh yg kuar:
[img]http://i281.photobucket.com/albums/kk231/rieyna168/window2.jpg[/img] Edited by rieyna168

Share this post


Link to post
Share on other sites
[quote name='rieyna168' timestamp='1303816618' post='1067472']
dvdbane & M3ntary -> Dah delete file tu dlm kat drive c tu, scan guna Malwarebytes..xda dah detected. Cuma problem sekarang ni, walaupun dh delete tp software tu masih ada dlm laptop sy. Kat startup programs, masih ada file ni. Mcmmana saya nak remove terus dari dlm laptop ni? Actually, saya tak pernah download pun software ni. Mungkin saya dpt file ni dr mirc, ada yang invite utk join cenel. Ada gak sy klik nk tgk byk mana cetes kt cenel tu. Mungkin sbb tu dpt benda ni.

Hari tu kalau start je laptop kuar icon ZONE BOX tu, skrg ni lepas remove file kat c & untick kat run -> msconfig ->tab startup....timbul problem lain lak. icon blocked startup programs lak kuar setiap kali on laptop. Saya nak delete terus folder [maaf ye]&svchost tu.boleh bgtai camne caranya?

[/quote]

kalau nak delete startup gunakan ccleaner

icon blocked startup programs lak kuar setiap kali on laptop. Saya nak delete terus folder [maaf ye]&svchost tu.boleh bgtai camne caranya? [color="#0000FF"](ley tunjuk gambarnye n folder ape yg nak didelete) [/color] Edited by Roy Azloy

Share this post


Link to post
Share on other sites
dh run ccleaner, still ada gak startup yg diblock tu..

nak delete 2 file terakhir dlm pic system configuration pic yg saya post kt atas ni. yg file untick tu. dh cari dlm drive c,file tu mmg dh xda dah..tp kt startup masih ada lagi.

Share this post


Link to post
Share on other sites
kat bawah tu ade ikon delete, delete saje

[URL=http://img26.imageshack.us/i/48041473.jpg/][IMG]http://img26.imageshack.us/img26/571/48041473.jpg[/IMG][/URL] Edited by Roy Azloy

Share this post


Link to post
Share on other sites
Kuar sebarang warning x mase desktop mula dibuka? ley post gambar cni.....kalu tiade mmg xda sbrng masalah wlupun paparan2 still kuar kt startup :), harap membantu, Edited by Roy Azloy

Share this post


Link to post
Share on other sites
[img]http://img59.imageshack.us/img59/9761/window2y.jpg[/img]

cube mcm nie.
1) mula2 lebarkan System Configuration 2 supaye awak boleh tgk kat mane location die.
2) Delete file yang kat kotak merah yang sy tanda 2 dalam gambar.Kalau dah delete abaikan.
3) awk run dan taip [b]regedit[/b] pegi ke HKEY_LOCAL_MACHINE\SOFTWARE\....location die kat kotak hitam dalam gambar..delete folder yang terakhir kat location file tersebut.
4) Restart PC. Edited by Pylon

Share this post


Link to post
Share on other sites
sry coz reply lmbt..huhu

follow je instruction yg kat atas tu
bleh pilih nk follow @Roy or @Pylon

klu xle gak,try ni
download [url="http://technet.microsoft.com/en-us/sysinternals/bb963902"]Microsoft Sysinternals Autoruns[/url]
ble da run file tu,bukak tab [b]Logon[/b]
kat situ bleh jmpe registry entries tersebut
[b]right click > delete[/b]

[b]Optional sbb sye mmg tgh bosan :lol: [/b]
klu nk sye check whether still ad registry yg berkaitan infection tu,upload log Autoruns
klik [b]Option[/b] and make sure xde satu option pon dpilih/ada tanda
klik [b]Refresh/F5[/b]
pastu g [b]File>Save[/b]
pastu leh le upload file [b]*.arn[/b] tu kat mne2 sharing website *eg. mediafire


p/s : @Roy
Chew7 :140: Kaspersky :wub: Panda Cloud :121: MBAM :55:
ak tggu Kaspersky 2012 Edited by dvdbane

Share this post


Link to post
Share on other sites
dah delete guna ccleaner, cek balik kat run & restart, file tu xda lagi dah tp masih ada kuar warning kat taskbar window block some startup.just kuar warning block tu jer, icon cam post pertama kt atas ni xda dah. rasanya oklh tu kot. maybe window saja nk bg warning..

Tq buat semua yg sudi membantu.

Share this post


Link to post
Share on other sites
[quote name='dvdbane' timestamp='1303843285' post='1067490]
p/s : @Roy
Chew7 :140: Kaspersky :wub: Panda Cloud :121: MBAM :55:
ak tggu Kaspersky 2012
[/quote]

Oit Dvdbane, xyah komen aknye startup 2, pentium M pakai Windows 7 terpampang besor2 ha nmpak plak spec sistem ak ades :lol: Edited by Roy Azloy

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...