Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    BehavesLike;Win32.Backdoor

    IP: 80.48.211.* 27.11.05, 13:32
    co to jest i jak z tym walczyć?
    Obserwuj wątek
      • Gość: k Re: BehavesLike;Win32.Backdoor IP: *.warszawa.sdi.tpnet.pl 27.11.05, 13:40
        wklej log z hijackthis.
        • Gość: esepti Re: BehavesLike;Win32.Backdoor IP: 80.48.211.* 27.11.05, 17:53
          Logfile of HijackThis v1.99.1
          Scan saved at 17:52:41, on 2005-11-27
          Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
          C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\WINDOWS\System32\RunDll32.exe
          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
          C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
          C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
          C:\program files\softwin\bitdefender8\bdnagent.exe
          C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\Anti-Spyware Blocker\Anti-Virus.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
          C:\Program Files\WLAN\WConfig\WConfig.exe
          C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
          C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
          C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\WINDOWS\System32\HPZipm12.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Softwin\BitDefender8\vsserv.exe
          c:\program files\softwin\bitdefender8\bdmcon.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\Documents and Settings\Edyta\Pulpit\hijack\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.wp.pl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
          C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
          O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
          Update\HPWuSchd2.exe"
          O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
          Files\HP\hpcoretech\hpcmpmgr.exe"
          O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
          O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
          O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8
          \bdnagent.exe"
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
          AntiSpyware\gcasServ.exe"
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
          Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration
          Software\Anti-Virus\sstsmon.dll",VerifyStatus
          O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-
          Virus\stopsignav.exe" -k
          O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program
          Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
          Files\HP\Digital Imaging\bin\hpqtra08.exe
          O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
          Files\HP\Digital Imaging\bin\hpqthb08.exe
          O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend
          Micro\Tmas\Tmas.exe
          O4 - Global Startup: WConfig.lnk = ?
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
          Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
          67.15.101.3/g_bin/pl/cards_2_0_0_65.cab
          O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
          67.15.101.3/g_bin/pl/words_2_0_0_38.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
          67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
          67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
          O20 - AppInit_DLLs: sockspy.dll
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
          \Ati2evxx.exe
          O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates
          International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
          O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program
          Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
          O23 - Service: PestPatrol Remote - Computer Associates International, Inc. -
          C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,
          Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

          • Gość: k Re: BehavesLike;Win32.Backdoor IP: *.warszawa.sdi.tpnet.pl 27.11.05, 18:00
            Odinstaluj ten syf:
            Acceleration Software Anti-Virus (StopSign)

            Usun:
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
            O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration
            Software\Anti-Virus\sstsmon.dll",VerifyStatus
            O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-
            Virus\stopsignav.exe" -k
            O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program
            Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro

            W jakim pliku masz tego trojana?
            • Gość: esepti Re: BehavesLike;Win32.Backdoor IP: 80.48.211.* 27.11.05, 19:06
            • Gość: esepti Re: BehavesLike;Win32.Backdoor IP: 80.48.211.* 27.11.05, 19:07
              dzieki za loga nie mam pojecia bitdefender mi sygnalizuje że on jest i go
              zablokował ale przy skanowaniu go nie znajduje
              • Gość: k Re: BehavesLike;Win32.Backdoor IP: *.warszawa.sdi.tpnet.pl 27.11.05, 19:25
                I nie ma tam informacji w jakim pliku/polaczeniu itp? Poszukaj dobrze.
      • Gość: esepti Re: BehavesLike;Win32.Backdoor IP: 80.48.211.* 27.11.05, 22:45
      • Gość: esepti Re: BehavesLike;Win32.Backdoor IP: 80.48.211.* 27.11.05, 22:50
        c;\dokuments and settings\edyta\ustawienia lokalne\temp\file.exe to zarażony
        plik

        a to nowy log
        Logfile of HijackThis v1.99.1
        Scan saved at 22:21:03, on 2005-11-27
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
        C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
        C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
        C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
        C:\program files\softwin\bitdefender8\bdnagent.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Anti-Spyware Blocker\Anti-Virus.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\WLAN\WConfig\WConfig.exe
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
        C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
        C:\Program Files\Softwin\BitDefender8\vsserv.exe
        c:\program files\softwin\bitdefender8\bdmcon.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\WINDOWS\System32\mpcsvc.exe
        C:\WINDOWS\explorer.exe
        C:\Documents and Settings\Edyta\Pulpit\hijack\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.wp.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
        Update\HPWuSchd2.exe"
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
        Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
        O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
        O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8
        \bdnagent.exe"
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
        AntiSpyware\gcasServ.exe"
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
        Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
        Files\HP\Digital Imaging\bin\hpqthb08.exe
        O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend
        Micro\Tmas\Tmas.exe
        O4 - Global Startup: WConfig.lnk = ?
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
        Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
        67.15.101.3/g_bin/pl/cards_2_0_0_65.cab
        O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
        67.15.101.3/g_bin/pl/words_2_0_0_38.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
        67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
        67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
        O20 - AppInit_DLLs: sockspy.dll
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
        \Ati2evxx.exe
        O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates
        International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
        O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program
        Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
        O23 - Service: PestPatrol Remote - Computer Associates International, Inc. -
        C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,
        Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

        • Gość: k Re: BehavesLike;Win32.Backdoor IP: *.warszawa.sdi.tpnet.pl 27.11.05, 23:27
          to go usun w razie problemow killbox.
          • Gość: esepti Re: BehavesLike;Win32.Backdoor IP: 80.48.211.* 28.11.05, 17:37
            nie mam pojęcia co to jest killbox
            • Gość: k Re: BehavesLike;Win32.Backdoor IP: *.warszawa.sdi.tpnet.pl 28.11.05, 17:56
              Ale masz internet wiec naucz sie go uzywac.Wystarczy wpisac szukane slowo w
              google lub wyszukiwarke na forum!
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin