Co to za diabelstwo "WARNING! YOU'RE IN DANGER"?

IP: *.neoplus.adsl.tpnet.pl 18.11.04, 16:14
Witam,
coś mi się "przyplątało" do komputera. Po włączeniu pojawia mi się, zamiast
tapety, czarna strona o treści: WARNING! YOU ARE IN DANGER...." itd.....
Po kliknięciu na to łączy na strone o adresie
213.159.117.130/?affid=NAT-8
Użyłem już Ad-ware, mks i stingera i nic...
Prośba o pomoc jak to zlikwidować

z góry dzięki
olo
    • netsec Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE 18.11.04, 16:16
      forum.gazeta.pl/forum/72,2.html?f=430&w=17733359&wv.x=1&a=17735421
      • Gość: olo Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE IP: *.neoplus.adsl.tpnet.pl 18.11.04, 16:32
        Dzięki, pomogło

        pzdr
        olo
        • netsec Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE 18.11.04, 16:49
          Zaktualizuj system o krytyczne poprawki, zainstaluj firefox.
          • Gość: olo Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE IP: *.neoplus.adsl.tpnet.pl 18.11.04, 18:02
            dzięki, usiłuję to zrobić od godziny, ale po 5-10 min wyrzuca mnie z internetu
            i nic nie działa (nawet ctrl+alt+del)

            pzdr
            olo
            • netsec Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE 18.11.04, 19:23
              Wklej log z Hijack, może masz coś jeszcze :)
    • Gość: olo Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE IP: *.neoplus.adsl.tpnet.pl 18.11.04, 21:35
      Logfile of HijackThis v1.97.7
      Scan saved at 21:34:45, on 2004-11-18
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\system32\mfciz32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
      C:\WINDOWS\sdkbo32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\Program Files\Wanadoo\Watch.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      C:\PROGRA~1\Wanadoo\Profil1\WOJTEK\ANTYVIR\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      res://C:\WINDOWS\taisd.dll/sp.html#96676
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      Plus wita Cie w Internecie
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      O2 - BHO: (no name) - {81C43FDF-F30D-9628-92B3-EAC38C8BD9A6} -
      C:\WINDOWS\system32\ielk.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [atlli32.exe] C:\WINDOWS\system32\atlli32.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
      O4 - HKLM\..\Run: [sdkbo32.exe] C:\WINDOWS\sdkbo32.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKLM\..\RunOnce: [mfciz32.exe] C:\WINDOWS\system32\mfciz32.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
      \DSLMON.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: Corel Network monitor worker (HKLM)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKLM)
      O9 - Extra button: Corel Network monitor worker (HKCU)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKCU)
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.crazywinnings.com
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.tl81.com
      O15 - Trusted Zone: *.topconverting.com
      O15 - Trusted Zone: *.windupdates.com
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      public.windupdates.com/get_file.php?bt=ie&p=b262b0ad414acb9189b79ca9611238b08547955a9e1be092ffa689db1636bf5c92ee1f16
      d8872858710aba174607a0e7f2b4b2a1:a3f5099f60d56ff1d1f59f4600741a6e
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100789252092
      O16 - DPF: {AFD8ED36-EA54-11D6-AC3F-00105ADCF632} (Ntw4 Control) -
      epromak.millenniumdm.pl/res/ntw4.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
      download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{29A9BD72-1A7B-43F1-B025-EC668BAF1550}:
      NameServer = 194.204.152.34 217.98.63.164
      O17 - HKLM\System\CS1\Services\Tcpip\..\{29A9BD72-1A7B-43F1-B025-EC668BAF1550}:
      NameServer = 194.204.152.34 217.98.63.164

      • netsec Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE 19.11.04, 12:31
        Masz śmietnik, wykonaj log'a ale nowszą wersją HiJack:
        www.searchengines.pl/phpbb203/pliki/picasso/downloads/hijackthis.zip
    • Gość: Tomek Też się zetknąłem z tym diabelstwem :( IP: *.neoplus.adsl.tpnet.pl 19.11.04, 15:27
      Zajrzyj do moejgo wątku (powinien być blisko):
      forum.gazeta.pl/forum/72,2.html?f=430&w=17476758
      Powodzenia w walce z trojanem
    • Gość: olo Re: Co to za diabelstwo "WARNING! YOU'RE IN DANGE IP: *.neoplus.adsl.tpnet.pl 19.11.04, 20:16
      Dzięki,

      Prośbao sprawdzenie poniższego loga:

      Logfile of HijackThis v1.98.2
      Scan saved at 20:15:06, on 2004-11-19
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\system32\mfciz32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
      C:\WINDOWS\sdkbo32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
      C:\Program Files\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\Program Files\Wanadoo\Watch.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\WOOLS~1.WOO\USTAWI~1\Temp\Rar$EX00.704\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      res://C:\WINDOWS\yslcm.dll/sp.html#96676
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      Plus wita Cie w Internecie
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {BD92CC3A-4BEF-458F-032B-36461F9B36B1} -
      C:\WINDOWS\sysua.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [atlli32.exe] C:\WINDOWS\system32\atlli32.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
      O4 - HKLM\..\Run: [sdkbo32.exe] C:\WINDOWS\sdkbo32.exe
      O4 - HKLM\..\RunOnce: [mfciz32.exe] C:\WINDOWS\system32\mfciz32.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
      \DSLMON.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no
      file)
      O9 - Extra button: Corel Network monitor worker - {E2DA9E40-D032-4942-B3F7-
      E98368A14EF3} - (no file)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E2DA9E40-D032-4942-
      B3F7-E98368A14EF3} - (no file)
      O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no
      file) (HKCU)
      O9 - Extra button: Corel Network monitor worker - {E2DA9E40-D032-4942-B3F7-
      E98368A14EF3} - (no file) (HKCU)
      O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {E2DA9E40-D032-4942-
      B3F7-E98368A14EF3} - (no file) (HKCU)
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.crazywinnings.com
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.tl81.com
      O15 - Trusted Zone: *.topconverting.com
      O15 - Trusted Zone: *.windupdates.com
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      public.windupdates.com/get_file.php?bt=ie&p=b262b0ad414acb9189b79ca9611238b08547955a9e1be092ffa689db1636bf5c92ee1f16
      d8872858710aba174607a0e7f2b4b2a1:a3f5099f60d56ff1d1f59f4600741a6e
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100789252092
      O16 - DPF: {AFD8ED36-EA54-11D6-AC3F-00105ADCF632} (Ntw4 Control) -
      epromak.millenniumdm.pl/res/ntw4.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{29A9BD72-1A7B-43F1-B025-EC668BAF1550}:
      NameServer = 194.204.152.34 217.98.63.164
      O17 - HKLM\System\CS1\Services\Tcpip\..\{29A9BD72-1A7B-43F1-B025-EC668BAF1550}:
      NameServer = 194.204.152.34 217.98.63.164

      pzdr
      wo
Pełna wersja