Re: Wykryty wirus Heur/Exploit.HTML pomocy! - Wersja do druku +- SafeGroup (https://safegroup.pl) +-- Dział: Bezpieczeństwo (https://safegroup.pl/forum-10.html) +--- Dział: Pomoc po zainfekowaniu (https://safegroup.pl/forum-5.html) +--- Wątek: Re: Wykryty wirus Heur/Exploit.HTML pomocy! (/thread-205.html) |
Wykryty wirus Heur/Exploit.HTML pomocy! - sylwek2608 - 18.07.2007 Witam proszę o pomoc.Avira wykryl mi tgo wirusa i dał do kwarantanny przesylam również raport ze skanowania .prosze o pomoc nie wiem czy mam go usunąć czy co z nim zrobić mam to pierwszy raz wogóle wirusa i jestem zielona. nie AntiVir PersonalEdition Classic Report file date: 18 lipca 200719:51 Scanning for 949171 virus strains and unwanted programs. Licensed to:Avira AntiVir PersonalEdition Classic Serial number:0000149996-ADJIE-0001 Platform: Windows XP Windows versionDodatek Service Pack 2)[5.1.2600] Username: sylwia Computer name: Version information: BUILD.DAT: 247 14437 Bytes2007-05-10 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes2007-04-21 16:02:36 AVSCAN.DLL : 7.0.4.4 33832 Bytes2007-04-20 15:28:55 LUKE.DLL : 7.0.4.11 143400 Bytes2007-04-20 15:28:56 LUKERES.DLL: 7.0.4.0 10280 Bytes2007-04-20 15:28:56 ANTIVIR0.VDF : 6.35.0.17371264 Bytes2006-05-31 13:08:58 ANTIVIR1.VDF : 6.39.0.1297251968 Bytes2007-07-10 17:45:32 ANTIVIR2.VDF : 6.39.0.148 395776 Bytes2007-07-16 11:33:05 ANTIVIR3.VDF : 6.39.0.16382432 Bytes2007-07-18 17:45:12 AVEWIN32.DLL : 7.4.0.442499072 Bytes2007-07-18 17:45:12 AVWINLL.DLL: 1.0.0.7 14376 Bytes2007-04-20 15:28:55 AVPREF.DLL : 7.0.2.1 24616 Bytes2007-04-20 15:28:55 AVREP.DLL: 7.0.0.1155688 Bytes2007-04-20 15:28:56 AVPACK32.DLL : 7.3.0.13 360488 Bytes2007-06-29 10:43:27 AVREG.DLL: 7.0.1.2 31784 Bytes2007-04-20 15:28:55 AVEVTLOG.DLL : 7.0.0.1886056 Bytes2007-04-20 15:28:54 AVARKT.DLL : 1.0.0.17 278568 Bytes2007-05-08 16:22:59 NETNT.DLL: 7.0.0.07720 Bytes2007-04-20 15:28:56 RCIMAGE.DLL: 7.0.1.152228264 Bytes2007-04-20 15:28:48 RCTEXT.DLL : 7.0.45.086056 Bytes2007-04-20 15:28:48 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: Crogram FilesAntiVir PersonalEdition Classicalldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR, Start of the scan: 18 lipca 200719:51 The scan of running processes will be started Scan process ''avscan.exe'' - ''1'' Module(s) have been scanned Scan process ''avgnt.exe'' - ''1'' Module(s) have been scanned Scan process ''Watch.exe'' - ''1'' Module(s) have been scanned Scan process ''ComComp.exe'' - ''1'' Module(s) have been scanned Scan process ''NeostradaTP.exe'' - ''1'' Module(s) have been scanned Scan process ''skypePM.exe'' - ''1'' Module(s) have been scanned Scan process ''hpqste08.exe'' - ''1'' Module(s) have been scanned Scan process ''wscntfy.exe'' - ''1'' Module(s) have been scanned Scan process ''alg.exe'' - ''1'' Module(s) have been scanned Scan process ''stickies.exe'' - ''1'' Module(s) have been scanned Scan process ''EasyShare.exe'' - ''1'' Module(s) have been scanned Scan process ''hpqtra08.exe'' - ''1'' Module(s) have been scanned Scan process ''dslmon.exe'' - ''1'' Module(s) have been scanned Scan process ''gg.exe'' - ''1'' Module(s) have been scanned Scan process ''ctfmon.exe'' - ''1'' Module(s) have been scanned Scan process ''googletalk.exe'' - ''1'' Module(s) have been scanned Scan process ''Skype.exe'' - ''1'' Module(s) have been scanned Scan process ''winampa.exe'' - ''1'' Module(s) have been scanned Scan process ''GrooveMonitor.exe'' - ''1'' Module(s) have been scanned Scan process ''TaskBarIcon.exe'' - ''1'' Module(s) have been scanned Scan process ''CnxMon.exe'' - ''1'' Module(s) have been scanned Scan process ''qttask.exe'' - ''1'' Module(s) have been scanned Scan process ''PicasaMediaDetector.exe'' - ''1'' Module(s) have been scanned Scan process ''hpwuSchd2.exe'' - ''1'' Module(s) have been scanned Scan process ''TGuard.exe'' - ''1'' Module(s) have been scanned Scan process ''schedhlp.exe'' - ''1'' Module(s) have been scanned Scan process ''TrueImageMonitor.exe'' - ''1'' Module(s) have been scanned Scan process ''CloneCDTray.exe'' - ''1'' Module(s) have been scanned Scan process ''AnyDVD.exe'' - ''1'' Module(s) have been scanned Scan process ''PDVDServ.exe'' - ''1'' Module(s) have been scanned Scan process ''atiptaxx.exe'' - ''1'' Module(s) have been scanned Scan process ''wdfmgr.exe'' - ''1'' Module(s) have been scanned Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned Scan process ''KodakCCS.exe'' - ''1'' Module(s) have been scanned Scan process ''avguard.exe'' - ''1'' Module(s) have been scanned Scan process ''sched.exe'' - ''1'' Module(s) have been scanned Scan process ''schedul2.exe'' - ''1'' Module(s) have been scanned Scan process ''explorer.exe'' - ''1'' Module(s) have been scanned Scan process ''spoolsv.exe'' - ''1'' Module(s) have been scanned Scan process ''ati2evxx.exe'' - ''1'' Module(s) have been scanned Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned Scan process ''svchost.exe'' - ''1'' Module(s) have been scanned Scan process ''ati2evxx.exe'' - ''1'' Module(s) have been scanned Scan process ''lsass.exe'' - ''1'' Module(s) have been scanned Scan process ''services.exe'' - ''1'' Module(s) have been scanned Scan process ''winlogon.exe'' - ''1'' Module(s) have been scanned Scan process ''csrss.exe'' - ''1'' Module(s) have been scanned Scan process ''smss.exe'' - ''1'' Module(s) have been scanned 51 processes with 51 modules were scanned Start scanning boot sectors: Boot sector ''C:'' [NOTE] No virus was found! Boot sector ''D:'' [NOTE] No virus was found! Boot sector ''A:'' [NOTE] In the drive ''A:'' no data medium is inserted! Boot sector ''G:'' [NOTE] In the drive ''G:'' no data medium is inserted! Boot sector ''H:'' [NOTE] In the drive ''H:'' no data medium is inserted! Boot sector ''I:'' [NOTE] In the drive ''I:'' no data medium is inserted! Boot sector ''J:'' [NOTE] In the drive ''J:'' no data medium is inserted! Starting to scan the registry. The registry was scanned ( ''43'' files ). Starting the file scan: Begin scan in ''C:'' C:pagefile.sys [WARNING]The file could not be opened! Cocuments and SettingsSprotDane aplikacjiOperaOperaprofilecache4opr0APMG.htm [DETECTION]Contains suspicious code HEUR/Exploit.HTML [INFO] The file was moved to ''471054c3.qua''! Begin scan in ''D:'' Begin scan in ''A:'' Search path A: could not be opened! Urządzenie nie jest gotowe. Begin scan in ''G:'' Search path G: could not be opened! Urządzenie nie jest gotowe. Begin scan in ''H:'' Search path H: could not be opened! Urządzenie nie jest gotowe. Begin scan in ''I:'' Search path I: could not be opened! Urządzenie nie jest gotowe. Begin scan in ''J:'' Search path J: could not be opened! Urządzenie nie jest gotowe. Begin scan in ''E:'' Search path E: could not be opened! Urządzenie nie jest gotowe. Begin scan in ''F:'' Search path F: could not be opened! Urządzenie nie jest gotowe. End of the scan: 18 lipca 200720:25 Used time: 34:20 min The scan has been done completely. 4449 Scanning directories 193474 Files were scanned 1 viruses and/or unwanted programs were found 1 classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 193472 Files not concerned 2424 Archives were scanned 1 Warnings 1 Notes 0 Hidden objects were found pomocy :cry: Re: Re: Wykryty wirus Heur/Exploit.HTML pomocy! - Serafin - 18.07.2007 Niestety ale ten log nie mówi nam zbyt wiele Bardziej pomocne mogą się okazać logi z [Aby zobaczyć linki, zarejestruj się tutaj] i[Aby zobaczyć linki, zarejestruj się tutaj] Re: Re: Wykryty wirus Heur/Exploit.HTML pomocy! - sylwek2608 - 19.07.2007 Dziękuję ale ja nie jestem na tym etapie przeczytalam tą instrukcję wstawiania loga ale jak dla mnie to za skomplikowane,kompletnie nie rozumiem .Trudno Re: Re: Wykryty wirus Heur/Exploit.HTML pomocy! - Serafin - 19.07.2007 sylwek2608zaczekaj towcale nie jest takie skomplikowane już Ci to wytłumaczę Na początku dasz mi log z hijacka, a robimy to tak pobieramy hijacka i uruchamiamy go pokaże nam się główne okno programu. Wybieramy opcję Do a system scan only and save a logfile. wybranie tej opcji stworzy loga który otworzy nam się w notatniku. potem kopiujesz to co pokazało się w notatniku i wklejasz to do posta Dodatkowo taka informacja twój wirus którego przeniosłaś do kwarantanny jest unieszkodliwiony,ale na wszelki wypadek wklej logi o które proszę Re: Re: Wykryty wirus Heur/Exploit.HTML pomocy! - sylwek2608 - 13.11.2011 Dziękuję za info, ale pomógł mi kolega (znajomy informatyk), tak że wszystko w porządku. Wirusek unieszkodliwiony.ale tak czy siak Antivir jest super.wcześniej miałam nortona i co miesiąc stawiano mi system od nowa. |