[ Azra @ 28.12.2005. 17:24 ] @
Kasperski AVP je detektovao virus Win32.Nsag.b ali ga ne moze dezifikovati virus je u C:Windows\system32\wininet.dll

KAKO DA SE RESIM OVE NAPASTI ???

[Ovu poruku je menjao Azra dana 28.12.2005. u 18:33 GMT+1]
[ Shadowed @ 28.12.2005. 17:49 ] @
Jesi li probao sa uputstvima iz TOP teme?
[ Azra @ 28.12.2005. 18:21 ] @
ama sve sam probao ad-aware, spy boot, avg, u safe modu ,...

da li sme pomocu programa KILLBOX da izbrisem .....winnnt.dll


na sajtu kaspersky taj virus zovu jos i Bloodhound.W32.EP ali nema objasnjenje kako ga ukloniti ???

sistem ima SP1, ne otvara IE vec ispisuje cannot find file ///c:/secure 32.html`.

sta da radim, da li da instaliram SP2 ??
[ Goran Mijailovic @ 28.12.2005. 19:00 ] @
http://www.virusbuster.hu/en/viruslab/descriptions/nsag
http://www.viruslist.com/ru/viruses/encyclopedia?virusid=88859
http://www.viruslist.com/en/viruses/encyclopedia?virusid=88859
http://www.sophos.com/search/s...Win32.Nsag.b&x=62&y=25
http://www.sophos.com/virusinfo/analyses/trojalespyc.html
Citat:
Virus information
Troj/AleSpy-C

Name Troj/AleSpy-C
Type

* Trojan

Affected operating systems

* Windows

Aliases

* Virus.Win32.Nsag.b


Citat:
Troj/AleSpy-D
Name Troj/AleSpy-D
Type

* Trojan

Affected operating systems

* Windows

Side effects

* Reduces system security

Aliases

* Virus.Win32.Nsag.b
* W32/Alemod.f.dll
* W32.Desktophijack

Probaj ovo:
Citat:
# Download an emergency copy of SAV32CLI. On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Copy the SAV32CLI folder produced onto a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
# Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
# At the infected computer, place the CD in the CD drive (D: in this example). At the command prompt type

D:
to access the CD drive. Type:

CD SAV32CLI
Then type:

SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
to remove the Trojan.
# Before leaving Safe Mode, edit any registry entries mentioned in the Trojan analysis recovery instructions.


http://www.sophos.com/support/disinfection/trojan.html


[Ovu poruku je menjao Goran Mijailovic dana 28.12.2005. u 20:03 GMT+1]
[ IcyImpact @ 28.12.2005. 19:26 ] @
Citat:
sta da radim, da li da instaliram SP2 ??

Problematični malware možeš ukloniti i bez SP2, ali se svakako preporučuje da ga instaliraš.
[ Goran Mijailovic @ 28.12.2005. 19:30 ] @
Ali se ne preporucuje da instaliras sp2 preko sp1, vec samo clean install a onda ces se resiti svega ;)
[ Azra @ 28.12.2005. 20:18 ] @
Upravo skidam sav32sfx.exe ( nija malo 7696 kb) .

Da ponovim: skinem fajl, raspakujem na drugom PC-u i narezem na CDRW i onda na zarazenom PC-u idem u safe mod i kucam u command promt >
E:
CD SAV32CLI


SAV32CLI -REMOVE -P=C:\LOGFILE.TXT

DA LI SYSTEM RESTORE DA BUDE UKLJ ILI ISKLJ.

i to bi bilo to !!!
[ Goran Mijailovic @ 28.12.2005. 21:25 ] @
mrzi me sad da te saljem na link ali generalna preporuka prilikom ciscenja virii je iskljucite system restore!
[ Azra @ 28.12.2005. 23:06 ] @
SAV32CLI.... odradio posao, PC cist ko suza ,sve radi OK

Gorane hvala !!!
[ Goran Mijailovic @ 28.12.2005. 23:45 ] @
Mislim sta reci
Srecna Nova