rieyna168 0 Report post Posted April 25, 2011 Salam puteranian. Nak tanya problem.tak tahu per problem sebenarnya. Time start laptop, kuar icon ni..Boleh sesiapa bgtau kenapa icon ni kuar. Adakah tu tanda ada virus ke tak. [img]http://i281.photobucket.com/albums/kk231/rieyna168/window.jpg[/img] Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 25, 2011 (edited) kat run, taip msconfig, pada tab startup cari nama brkaitan zone box dan untick restart, Edited April 25, 2011 by Roy Azloy Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 25, 2011 klu ko gne software Zone Box ni,reinstall psl file die da corrupt dat y die asyik kuar camni klu ko xgne,uninstall je sng Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 25, 2011 Dah cari dlm control panel, tp xda file ni...xpasti nape tetiba ada & xingat pernah install ke xsebelum ni. Camne nk buang kalo file tu xnampak eh.Loy, camne nk wat run tu.. dh lupa arr. maklumlh, time ada problem je nk ingt benda kt laptop ni. pastu,lupa dh nak tekan mane kalo. Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 25, 2011 (edited) [quote name='Roy Azloy' timestamp='1303716628' post='1067416'] kat run, taip msconfig, pada tab startup cari nama brkaitan zone box dan untick restart, [/quote] yg ni dh try wat? kebiasaannya windows akan running ape yg ade pada startup ni, kalu pki windows 7 klik start nanti ade ruang kosong (search program and files), taip run... kalu pki win xp klik start, cari run kat atas turn off tu, Edited April 25, 2011 by Roy Azloy Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 25, 2011 dh wat ikut step tu, bila restart..xda lg dh icon tu. Tadi nampak detail file kat startup, cam something je file ni. Adakah ianya virus. Mungkin dpt kt mirc sbb terklik link2 kt situ. ni detail mengenai icon Zone Box ni: Zon Box Command -> C.WINDOWS\system32\driver\etc\fuckDALNET\svchost.exe. Boleh bgtau camne nk buang terus file ni tak? dlm control panel, xda pun file nama ni. nak buang2 dlm drive C, takut terbuang file penting lak.. Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 25, 2011 [quote name='rieyna168' timestamp='1303720456' post='1067423'] dh wat ikut step tu, bila restart..xda lg dh icon tu. Tadi nampak detail file kat startup, cam something je file ni. Adakah ianya virus. Mungkin dpt kt mirc sbb terklik link2 kt situ. ni detail mengenai icon Zone Box ni: Zon Box Command -> C.WINDOWS\system32\driver\etc\fuckDALNET\svchost.exe. Boleh bgtau camne nk buang terus file ni tak? dlm control panel, xda pun file nama ni. nak buang2 dlm drive C, takut terbuang file penting lak.. [/quote] Download Malwarebyte Anti-Malware [url="http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware?1"]klik sini[/url], Update, Perform Quick Scan n Restart, Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 25, 2011 Mmg sah virus.. rina dh restart, tgk dlm drive C, masih ada file tu.. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6439 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 25/4/2011 5:22:32 PM mbam-log-2011-04-25 (17-22-32).txt Scan type: Quick scan Objects scanned: 142580 Time elapsed: 6 minute(s), 17 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 10 Files Infected: 43 Memory Processes Infected: c:\Windows\System32\drivers\etc\fuckdalnet\mirc.exe (Backdoor.IRCBot) -> 2812 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Backdoor.IRCBot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\Windows\System32\drivers\etc\fuckdalnet (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults\scripts (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\download (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\logs (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\sounds (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\download (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\logs (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\sounds (Backdoor.IRCBot) -> Quarantined and deleted successfully. Files Infected: c:\Windows\System32\drivers\etc\fuckdalnet\svchost.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\svchost.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\animated.jpg (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\AXL.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\firestone.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\icon1.ico (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\ircintro.chm (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\kingman.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\kuching.png (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\mirc.chm (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\mirc.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\mirc.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\Petani.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\PetaniX.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\readme.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\test.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\uninstall.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\versions.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\view.gif (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\win.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\_tamp.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\_tamp2.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\_unknown.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults\mirc.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults\servers.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults\urls.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults\scripts\aliases.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckdalnet\defaults\scripts\popups.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\animated.jpg (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\firestone.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\HEHE.txt (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\HotSex.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\icon1.ico (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\kingman.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\kuching.png (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\mirc.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\PetaniX.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\test.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\view.gif (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\win.bmp (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\_tamp.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\_tamp2.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\etc\fuckefnet\_unknown.dll (Backdoor.IRCBot) -> Quarantined and deleted successfully. Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 25, 2011 rina pegi je kat c:\Windows\System32\drivers\etc\fuckdalnet pastu delete je folder tu klu ad prob nk delete,gne software yg da include kat Malwarebytes pastu update la antivirus yek susah sgt,msok je safe mode Quote Share this post Link to post Share on other sites
M3ntaryâ„¢ 62 Report post Posted April 26, 2011 Dah settle ke belum masalah ni? Kalau ada masalah nak remove software yang dah corrupt tu try guna Revo Uninstaller. Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 26, 2011 (edited) dvdbane & M3ntary -> Dah delete file tu dlm kat drive c tu, scan guna Malwarebytes..xda dah detected. Cuma problem sekarang ni, walaupun dh delete tp software tu masih ada dlm laptop sy. Kat startup programs, masih ada file ni. Mcmmana saya nak remove terus dari dlm laptop ni? Actually, saya tak pernah download pun software ni. Mungkin saya dpt file ni dr mirc, ada yang invite utk join cenel. Ada gak sy klik nk tgk byk mana cetes kt cenel tu. Mungkin sbb tu dpt benda ni. Hari tu kalau start je laptop kuar icon ZONE BOX tu, skrg ni lepas remove file kat c & untick kat run -> msconfig ->tab startup....timbul problem lain lak. icon blocked startup programs lak kuar setiap kali on laptop. Saya nak delete terus folder [maaf ye]&svchost tu.boleh bgtai camne caranya? Ni contoh yg kuar: [img]http://i281.photobucket.com/albums/kk231/rieyna168/window2.jpg[/img] Edited April 26, 2011 by rieyna168 Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 26, 2011 (edited) [quote name='rieyna168' timestamp='1303816618' post='1067472'] dvdbane & M3ntary -> Dah delete file tu dlm kat drive c tu, scan guna Malwarebytes..xda dah detected. Cuma problem sekarang ni, walaupun dh delete tp software tu masih ada dlm laptop sy. Kat startup programs, masih ada file ni. Mcmmana saya nak remove terus dari dlm laptop ni? Actually, saya tak pernah download pun software ni. Mungkin saya dpt file ni dr mirc, ada yang invite utk join cenel. Ada gak sy klik nk tgk byk mana cetes kt cenel tu. Mungkin sbb tu dpt benda ni. Hari tu kalau start je laptop kuar icon ZONE BOX tu, skrg ni lepas remove file kat c & untick kat run -> msconfig ->tab startup....timbul problem lain lak. icon blocked startup programs lak kuar setiap kali on laptop. Saya nak delete terus folder [maaf ye]&svchost tu.boleh bgtai camne caranya? [/quote] kalau nak delete startup gunakan ccleaner icon blocked startup programs lak kuar setiap kali on laptop. Saya nak delete terus folder [maaf ye]&svchost tu.boleh bgtai camne caranya? [color="#0000FF"](ley tunjuk gambarnye n folder ape yg nak didelete) [/color] Edited April 26, 2011 by Roy Azloy Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 26, 2011 dh run ccleaner, still ada gak startup yg diblock tu.. nak delete 2 file terakhir dlm pic system configuration pic yg saya post kt atas ni. yg file untick tu. dh cari dlm drive c,file tu mmg dh xda dah..tp kt startup masih ada lagi. Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 26, 2011 (edited) kat bawah tu ade ikon delete, delete saje [URL=http://img26.imageshack.us/i/48041473.jpg/][IMG]http://img26.imageshack.us/img26/571/48041473.jpg[/IMG][/URL] Edited April 26, 2011 by Roy Azloy Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 26, 2011 Dah delete & restart, nape file yg 2 tu masih ada lagi? Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 26, 2011 (edited) Kuar sebarang warning x mase desktop mula dibuka? ley post gambar cni.....kalu tiade mmg xda sbrng masalah wlupun paparan2 still kuar kt startup , harap membantu, Edited April 26, 2011 by Roy Azloy Quote Share this post Link to post Share on other sites
Pylon 0 Report post Posted April 26, 2011 (edited) [img]http://img59.imageshack.us/img59/9761/window2y.jpg[/img] cube mcm nie. 1) mula2 lebarkan System Configuration 2 supaye awak boleh tgk kat mane location die. 2) Delete file yang kat kotak merah yang sy tanda 2 dalam gambar.Kalau dah delete abaikan. 3) awk run dan taip [b]regedit[/b] pegi ke HKEY_LOCAL_MACHINE\SOFTWARE\....location die kat kotak hitam dalam gambar..delete folder yang terakhir kat location file tersebut. 4) Restart PC. Edited April 26, 2011 by Pylon Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 26, 2011 (edited) sry coz reply lmbt..huhu follow je instruction yg kat atas tu bleh pilih nk follow @Roy or @Pylon klu xle gak,try ni download [url="http://technet.microsoft.com/en-us/sysinternals/bb963902"]Microsoft Sysinternals Autoruns[/url] ble da run file tu,bukak tab [b]Logon[/b] kat situ bleh jmpe registry entries tersebut [b]right click > delete[/b] [b]Optional sbb sye mmg tgh bosan [/b] klu nk sye check whether still ad registry yg berkaitan infection tu,upload log Autoruns klik [b]Option[/b] and make sure xde satu option pon dpilih/ada tanda klik [b]Refresh/F5[/b] pastu g [b]File>Save[/b] pastu leh le upload file [b]*.arn[/b] tu kat mne2 sharing website *eg. mediafire p/s : @Roy Chew7 Kaspersky Panda Cloud MBAM ak tggu Kaspersky 2012 Edited April 26, 2011 by dvdbane Quote Share this post Link to post Share on other sites
rieyna168 0 Report post Posted April 27, 2011 dah delete guna ccleaner, cek balik kat run & restart, file tu xda lagi dah tp masih ada kuar warning kat taskbar window block some startup.just kuar warning block tu jer, icon cam post pertama kt atas ni xda dah. rasanya oklh tu kot. maybe window saja nk bg warning.. Tq buat semua yg sudi membantu. Quote Share this post Link to post Share on other sites
dvdbane 86 Report post Posted April 27, 2011 "windows block some startup" tu Windows Defender punye features tu xsilap bgos la prob da setel AV cri la yg power skit... Quote Share this post Link to post Share on other sites
Roy Azloy 34 Report post Posted April 27, 2011 (edited) [quote name='dvdbane' timestamp='1303843285' post='1067490] p/s : @Roy Chew7 Kaspersky Panda Cloud MBAM ak tggu Kaspersky 2012 [/quote] Oit Dvdbane, xyah komen aknye startup 2, pentium M pakai Windows 7 terpampang besor2 ha nmpak plak spec sistem ak ades Edited April 27, 2011 by Roy Azloy Quote Share this post Link to post Share on other sites