Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Backdoor.NetTrojan

    23.08.05, 20:40
    Mialam Backdoor.NetTrojan
    Usunelam w C:/WINNT UNWISE.EXE(NoAdware to wykrylo) ale boje sie ze cos
    jeszcze mam (np w registry..)
    Obserwuj wątek
      • Gość: Kolobos Re: Backdoor.NetTrojan IP: *.warszawa.sdi.tpnet.pl 23.08.05, 21:03
        Wklej log z hijackthis.
        Co do pliku UNWISE.EXE to nie raczej nie jest to trojan tylko:
        www.liutilities.com/products/wintaskspro/processlibrary/unwise/
        Za to ten Twoj NoAdware to program o watpliwej reputacji:
        www.searchengines.pl/phpbb203/index.php?showtopic=16318
        • mala20033 Re: Backdoor.NetTrojan 23.08.05, 21:10
          Dzieki za info Dobra Duszo!!
          O tym NoAdware napisano:" Nowa wersja NoAdware 3.0 została przemodelowana a
          fałszywe wyniki wyeliminowano."..czy wyrzucic toto z compa?
      • mala20033 Re: Backdoor.NetTrojan 23.08.05, 21:20
        Logfile of HijackThis v1.99.1
        Scan saved at 3:17:26 PM, on 8/23/2005
        Platform: Windows 2000 SP4 (WinNT 5.00.2195)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINNT\System32\smss.exe
        C:\WINNT\system32\csrss.exe
        C:\WINNT\system32\winlogon.exe
        C:\WINNT\system32\services.exe
        C:\WINNT\system32\lsass.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\system32\spoolsv.exe
        C:\Program Files\SQLLIB\bin\db2jds.exe
        C:\Program Files\SQLLIB\bin\db2sec.exe
        C:\Program Files\SQLLIB\bin\db2rcmd.exe
        C:\WINNT\system32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
        C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
        C:\WINNT\System32\svchost.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
        C:\WINNT\system32\regsvc.exe
        C:\WINNT\system32\MSTask.exe
        C:\WINNT\System32\WBEM\WinMgmt.exe
        C:\WINNT\system32\mspmspsv.exe
        C:\WINNT\system32\svchost.exe
        C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
        C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
        C:\WINNT\Explorer.EXE
        C:\WINNT\system32\mobsync.exe
        C:\WINNT\System32\PDesk.exe
        C:\WINNT\system32\Promon.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
        C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\CFGSAFE\AUTOCHK.EXE
        C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management
        Software\raidman.exe
        C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
        C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
        C:\Program Files\Spyware Doctor\swdoctor.exe
        C:\Program Files\Visualware Security Suite\tscore.exe
        C:\WINNT\system32\jview.exe
        C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
        C:\DOCUME~1\BARBAR~1.OLY\LOCALS~1\Temp\~e5d141.tmp
        C:\DOCUME~1\BARBAR~1.OLY\LOCALS~1\Temp\~e5d141.tmp
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\PROGRA~1\WinZip\winzip32.exe
        C:\unzipped\hijackthis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
        C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} -
        C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
        O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-
        0050DAD7AF62} - C:\Program Files\ANONYMIZER\CORE\Anonymizer.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
        Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
        C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
        C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
        O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
        C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINNT\system32\msdxm.ocx
        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
        Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
        O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
        O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} -
        C:\Program Files\ANONYMIZER\TOOLBAR\AnonymizerBar.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} -
        C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Promon.exe] Promon.exe
        O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
        O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version
        Cue\ControlPanel\VersionCueTray.exe
        O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0
        \Distillr\Acrotray.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware
        Security Suite\tscore.exe" -autostartup
        O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner
        Trial\RegClean.exe"
        O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
        quiet
        O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google
        Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
        Doctor\swdoctor.exe" /Q
        O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
        O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = C:\Program
        Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management
        Software\raidman.exe
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program
        Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
        Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Start HTML Search Server.lnk = C:\Program
        Files\SQLLIB\bin\db2nq.exe
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Translate English Word - res://c:\program
        files\google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!
        \Common/ycs
        • Gość: Kolobos Re: Backdoor.NetTrojan IP: *.warszawa.sdi.tpnet.pl 23.08.05, 22:14
          Log sie nie zmiescil, doklej brakujaca czesc (nie probuj wklejac znowu calego!).
          I moze odrazu odinstaluj to Yahoo Companion itd o ile tego nie uzywasz.
          • mala20033 Re: Backdoor.NetTrojan 23.08.05, 22:17
            O8 - Extra context menu item: &Google Search - res://c:\program
            files\google\GoogleToolbar1.dll/cmsearch.html
            O8 - Extra context menu item: &Translate English Word - res://c:\program
            files\google\GoogleToolbar1.dll/cmwordtrans.html
            O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!
            \Common/ycsrch.htm
            O8 - Extra context menu item: Backward Links - res://c:\program
            files\google\GoogleToolbar1.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
            files\google\GoogleToolbar1.dll/cmcache.html
            O8 - Extra context menu item: Convert link target to Adobe PDF -
            res://C:\Program Files\Adobe\Acrobat 7.0
            \Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert link target to existing PDF -
            res://C:\Program Files\Adobe\Acrobat 7.0
            \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert selected links to Adobe PDF -
            res://C:\Program Files\Adobe\Acrobat 7.0
            \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
            O8 - Extra context menu item: Convert selected links to existing PDF -
            res://C:\Program Files\Adobe\Acrobat 7.0
            \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
            O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program
            Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert selection to existing PDF -
            res://C:\Program Files\Adobe\Acrobat 7.0
            \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
            Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
            Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
            \MICROS~2\OFFICE11\EXCEL.EXE/3000
            O8 - Extra context menu item: Similar Pages - res://c:\program
            files\google\GoogleToolbar1.dll/cmsimilar.html
            O8 - Extra context menu item: Translate Page into English - res://c:\program
            files\google\GoogleToolbar1.dll/cmtrans.html
            O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
            Files\Yahoo!\Common/ycdict.htm
            O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!
            \Common/ycmap.htm
            O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
            C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
            O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
            C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
            O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-
            00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} -
            C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
            O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} -
            C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
            O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-
            691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE
            O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
            software-dl.real.com/13ece14ea1e919de9316/netzip/RdxIE601.cab
            O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
            a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
            O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = olysoft.local
            O17 - HKLM\System\CCS\Services\Tcpip\..\{F59A655A-262C-47B7-ADC7-2B170072D725}:
            NameServer = 192.168.1.25,192.168.2.5,192.168.2.4
            O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = olysoft.local
            O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = olysoft.local
            O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
            O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common
            Files\Adobe Systems Shared\Service\Adobelmsvc.exe
            O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe
            Version Cue\service\VersionCue.exe
            O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation -
            C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
            O23 - Service: DB2 JDBC Applet Server - Control Center
            (DB2ControlCenterServer) - Unknown owner - C:\Program
            Files\SQLLIB\bin\db2ccs.exe
            O23 - Service: DB2 - DB2DAS00 (DB2DAS00) - International Business Machines
            Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
            O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines
            Corporation - C:\Program Files\SQLLIB\bin\db2govds.exe
            O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program
            Files\SQLLIB\bin\db2jds.exe
            O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business
            Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
            O23 - Service: DB2 Remote Command (DB2REMOTECMD) - International Business
            Machines Corporation - C:\Program Files\SQLLIB\bin\db2rcmd.exe
            O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINNT\system32
            \spool\DRIVERS\W32X86\3\OPHALDCS.EXE
            O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1
            \DefWatch.exe
            O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS
            Software Corp. - C:\WINNT\System32\dmadmin.exe
            O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program
            Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
            O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file
            missing)
            O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec
            Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

            c.d..Pozdr.
            • Gość: Kolobos Re: Backdoor.NetTrojan IP: *.warszawa.sdi.tpnet.pl 23.08.05, 22:30
              Przejrzalem jednym okiem bo drugie juz osleplo od takiej ilosci wpisow, log
              jest chyba ok.

              Przeskanuj sobie tym:
              download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
              • mala20033 Re: Backdoor.NetTrojan 23.08.05, 22:39
                Dzieki Dobra Duszo i Slodkich Snow!
                A to jakies Companion wyrzucilam..skad toto sie wzielo..ciekawostka
                przyrodnicza taka..
      • mala20033 Re: Backdoor.NetTrojan 24.08.05, 19:13
        Puscilam Microsoft Antispyware wieczorem i nic nie wykryl..
        Rano wlaczylam monitor(comp byl wlaczony) i dostalam od niego info ze mam
        Trojan.Startup.NameShifter.Wiea(Trijan)
        location: c:\program files\ospc\mroh.exe..i kazalam mu zdelejtowac.
        Jak to moglo sie stac?
        Pozdr.
        • mala20033 Re: Backdoor.NetTrojan 24.08.05, 20:35
          Puscilam Microsoft Antispyware wieczorem i nic nie wykryl..
          Rano wlaczylam monitor(comp byl wlaczony) i dostalam od niego info ze mam
          Trojan.Startup.NameShifter.Wiea(Trijan)
          location: c:\program files\ospc\mroh.exe..i kazalam mu zdelejtowac.
          Jak to moglo sie stac?Co mi jeszcze zagraza?
          Pozdr.
          • Gość: Kolobos Re: Backdoor.NetTrojan IP: *.warszawa.sdi.tpnet.pl 24.08.05, 21:15
            Tak jak wszystkie inne infekcje, przez przegladarke, przez udostepnione zasoby
            itd.
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.