Pune o întrebare
  Jocuri PC / Online
Arhanghel
| Arhanghel a întrebat:

De 4 zile cand deschid calculatorul imi apare la incelut ceva windows/sistem32/WinDir/... apate in c++ si se inchide repede si nu prea apuc sa citesc. ce e si e grav? si pot sa scap de ata? funda(scuze categoria)

1 Raportează Evaluează
RSS răspunsuri Ordonare: După relevanţă
1 răspuns:
chakuza
| chakuza a răspuns:

Detected manually:
SVCHOST.EXE
Default location: C:\WINDOWS\SYSTEM32\WINDIR\SVCHOST.EXE
MD5: ED0EF0A136DEC83DF69F04118870003E
SHA1: F77A7CD7 88775270 23EBFB35 E83B75EF 59D3DF07
File Size: 507 904
Version Info:
OriginalFilename: WINLOGON.EXE
FileDescription: Windows NT Logon Application
InternalName: winlogon
CompanyName: Microsoft Corporation
FileVersion: 5.1. 2600.5512 (xpsp. 080413-2113)
LegalCopyright: c Microsoft Corporation. All rights reserved.
ProductName: Microsoftr Windowsr Operating System
ProductVersion: 5.1. 2600.5512
Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
How to quickly detect malware presence?
Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HKLM
Value: "C:\WINDOWS\system32\WinDir\Svchost.exe"
Folders:
C:\WINDOWS\system32\WinDir\
Files:
C:\Documents and Settings\Administrator\Application Data\logs.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\UuU.uUu
C:\Documents and Settings\Administrator\Local Settings\Temp\XxX.xXx
C:\WINDOWS\system32\WinDir\Svchost.exe
C:\boot.inf
C:\USBSecurity3.8.exe
—————————————————————————————————————————-
Classification:
Antivirus Version Last Update Result
F-Secure 9.0.16160.0 2011.01.19 -
Kaspersky 7.0.0.125 2011.01.19 -
Microsoft 1.6402 2011.01.19 Worm:Win32/Rebhip.A
NOD32 5798 2011.01.18 -
—————————————————————————————————————————-
MD5 597eefa257ed60b3947f9e44b4150a47
SHA1 8f9d7364bf7e62417d814d0bc533afca7aeaabd0
SHA256 9c4c58d05f53281e050e30c0e1076300937a6145315c5769bcd29630a9b31e02
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:
———————————-
Keys added:7
———————————-
HKLM\Software\Microsoft\Active Setup\Installed Components\{S773B64M-02Q1-DEV6-WNL1-HM45YHIR7QK2}
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\Software\Microsoft\DownloadManager
HKCU\Software\Microsoft\Active Setup\Installed Components\{S773B64M-02Q1-DEV6-WNL1-HM45YHIR7QK2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Cyber
———————————-
Values added:7
———————————-
HKLM\Software\Microsoft\Active Setup\Installed Components\{S773B64M-02Q1-DEV6-WNL1-HM45YHIR7QK2}\StubPath: "C:\WINDOWS\system32\WinDir\Svchost.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: "C:\WINDOWS\system32\WinDir\Svchost.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HKLM: "C:\WINDOWS\system32\WinDir\Svchost.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: "C:\WINDOWS\system32\WinDir\Svchost.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU: "C:\WINDOWS\system32\WinDir\Svchost.exe"
HKCU\Software\Cyber\FirstExecution: "19/01/2011 — 18:06″
HKCU\Software\Cyber\NewIdentification: "Cyber"
———————————-
Files added:6
———————————-
C:\Documents and Settings\Administrator\Application Data\logs.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\UuU.uUu
C:\Documents and Settings\Administrator\Local Settings\Temp\XxX.xXx
C:\WINDOWS\system32\WinDir\Svchost.exe
C:\boot.inf
C:\USBSecurity3.8.exe
———————————-
Files [attributes?] modified:1
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
———————————-
Folders added:1
———————————-
C:\WINDOWS\system32\WinDir
———————————-
Total changes:22
———————————-
—————————————————————————————————————————-
Internet activity:
- none -

RăspundeRăspunde Raportează Evaluează
Întrebări similare
Întrebări recente