privacy_danger VELIKI problem

[ Srdjan Prpa @ 12.01.2008. 16:14 ] @

Imam veliki problem ostavio sam komp upaljen da mi dl dok sam spavao kad sam se probudio imao sam sta da vidim otvoreno mi je bilo jedno 15 IE sa nekim greskama i pozadina mi je bila promenjena ali kad kliknem na pozadinu ide mi ni na neki sajt izbriso sam taj virus ili vec sta je pomocu Spybot - Search & Destroy ali o5 mi je pozadina kao neki sajt kao da sam otvorio sa IE, kad idem desni klik mogu da vidim kod od stranice

ovo je kod

Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#3a6ea5 leftMargin=0 background="" topMargin=0
rightMargin=0>
<DIV
style="LEFT: 0px; WIDTH: 1680px; POSITION: absolute; TOP: 0px; HEIGHT: 1050px"><IMG
style="LEFT: 0px; WIDTH: 100%; POSITION: absolute; TOP: 0px; HEIGHT: 100%" cache
src="file:///C:/Documents%20and%20Settings/highagain/Local%20Settings/Application%20Data/Microsoft/Wallpaper1.bmp">
</DIV><IFRAME id=0
style="Z-INDEX: 1000; BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1680px; POSITION: absolute; TOP: 0px; HEIGHT: 1022px"
name=DeskMovrW marginWidth=0 marginHeight=0
src="file:///C:\WINDOWS\privacy_danger\index.htm" frameBorder=0
subscribed_url="" resizeable="XY"> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: 999; LEFT: 0px; VISIBILITY: hidden; WIDTH: 1px; POSITION: absolute; TOP: 0px; HEIGHT: 1022px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT> 
</BODY></HTML>

Da li neko zna kako ovo da izbrisem !!!!!

[ Srdjan Prpa @ 13.01.2008. 00:25 ] @

Ljudi pomagajte molim vas :( ????

[ laki_srt @ 13.01.2008. 00:27 ] @

Odes na display properties,desktop,izaberes customize desktop(dole levo),pojavi se novi prozor i u njemu izaberes web imaces listu od verovatno dve adrese:My curent home page i privacy(ili tako nesto) klik na njega,delete i resen problem!
Pozdrav!

[ Srdjan Prpa @ 13.01.2008. 00:34 ] @

hvala ti ko bratu poceo sam da ludi zbog ovoga

[ Srdjan Prpa @ 13.01.2008. 13:41 ] @

Jos uvek problemi stalno mi se vraca ovaj virus ili vec sta je znaci izbrisem ga pomocu Spybot - Search & Destroy odradim ono gore sto mi je laki_srt rekoa i posle nekog vremena kad neradim nista na kompu o5 mi se vrati virus ili vec sta je evo i slika kako izgleda kad mi promeni desktop

[ Danilo Cvjeticanin @ 13.01.2008. 14:04 ] @

Idi u safe mod, skeniraj ponovo sa Spybot - Search & Destroy i nekim AV programom, ako nesto pronadju obrisi i resetuj racunar. Ako nebude rezultata okaci nam HijackThis log.

[ Slobodan Trebovac @ 13.01.2008. 15:51 ] @

http://www.elitesecurity.org/t...kako-skinuti-agresivne-reklame

[ laki_srt @ 13.01.2008. 16:04 ] @

Odes u safe mode i obrisi folder privacy koji se nalazi u folderu windows(c:\windows\privacy),ja sam to uradio i i uklonio sa desktopa i sve je bilo u redu. Posle sam kacio hijack this log na forum ali sve je bilo ok,tako da najbolje probaj da uradis ovo

[ Srdjan Prpa @ 13.01.2008. 16:37 ] @

Izbrisem ja folder privacy iz safe moda i komp mi radi sve ok kad ja radim na njemu ali cim ga ostavim da mi dl i posle nekog vremena izbaci mi samo ove reklame i o5 mi napravi privacy folder !

Isao sam u safe mod i izbrisao sve pomocu Spybot - Search & Destroy a pomocu NOD32 skenirao i nista mi nije nasao!

Logfile of HijackThis v1.99.1
Scan saved at 17:30, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O21 - SSODL: asvdnmo - {8F3A6AC4-437F-48D1-943C-727950483786} - C:\WINDOWS\asvdnmo.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[ laki_srt @ 13.01.2008. 17:00 ] @

Citat:

O21 - SSODL: asvdnmo - {8F3A6AC4-437F-48D1-943C-727950483786} - C:\WINDOWS\asvdnmo.dll

Ovo ti pravi probleme!
Na guglu sam nasao da bi ti ovaj program trebao pomoci: http://siri.urz.free.fr/Fix/SmitfraudFix.exe
U safe modu skeniraj (kad udjes u program izaberi opciju 2) i po zavrsetku restartuj i ostavi novi hijack this log i reci dali ti se i dalje pojavljuje ovaj problem

[ Srdjan Prpa @ 13.01.2008. 17:44 ] @

Odradio sam i nije izbrisalo onaj fajl ovo o5 logofile

Logfile of HijackThis v1.99.1
Scan saved at 18:41, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O21 - SSODL: asvdnmo - {8F3A6AC4-437F-48D1-943C-727950483786} - C:\WINDOWS\asvdnmo.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[ laki_srt @ 13.01.2008. 18:27 ] @

probaj obrisati asvdnmo.dll iz safe moda,skeniraj spybotom i onda restartuj pa javi rezultate

[ Srdjan Prpa @ 13.01.2008. 18:47 ] @

obriso sam ga sad veceras cu videti da li ce mi o5 uci ono piiiiip :D

Logfile of HijackThis v1.99.1
Scan saved at 19:46, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O21 - SSODL: asvdnmo - {8F3A6AC4-437F-48D1-943C-727950483786} - C:\WINDOWS\asvdnmo.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[ laki_srt @ 13.01.2008. 18:58 ] @

U safe modu pokreni hijackthis i kad skenira chekiraj:

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) i
O21 - SSODL: asvdnmo - {8F3A6AC4-437F-48D1-943C-727950483786} - C:\WINDOWS\asvdnmo.dll (file missing)
i izaberi fix checked.
Pozdrav