neuspesno unistavanje "Windows Security Suite"

[ stale85 @ 31.07.2009. 00:50 ] @

Moj brat je zarazio "Windows Security Suite" malware. Jedna od boljki je bila ta sto mu je uvek preusmeravao GMAIL linkove ka nekom bezveze linku .

Kasnije je instalirao "Malwarebytes Anti Malware" da ga ukloni, i to je trebalo da prodje ok, ali nije. Posto sada jos uvek ne moze da udje na gmail. Probao je iz _svih_ mogucih brovsera: IE, Chromium, Opera, Firefox. Sto navodi na to da je problem sistemske prirode.

Posle sam uzeo da pratim uputstvo kako da otklonim fajlove koji su zaostali. Nasao sam neke dll-ove koje sam odregistrovao sa komandom "regsvr32 /u ime_fajla".

Dll-ovi:

Code:

("\/Documents and Settings/All Users/Application Data/fe2c65c/mozcrt19.dll"
    ,"\/Documents and Settings/All Users/Application Data/fe2c65c/sqlite3.dll"
    ,"\/Documents and Settings/miha/Recent/energy.dll"
    ,"\/Documents and Settings/miha/Recent/kernel32.dll"
    ,"\/Documents and Settings/miha/Recent/PE.dll");

Fajlovi koje sam izbrisao:

Code:

     ("\/Documents and Settings/miha/Recent/CLSV.exe"
     ,"\/Documents and Settings/miha/Recent/energy.dll"
     ,"\/Documents and Settings/miha/Recent/kernel32.dll"
     ,"\/Documents and Settings/miha/Recent/PE.dll"
     ,"\/Documents and Settings/miha/Recent/PE.tmp"
     ,"\/Documents and Settings/All Users/Application Data/fe2c65c/mozcrt19.dll"
     ,"\/Documents and Settings/All Users/Application Data/fe2c65c/sqlite3.dll"
     ,"\/Documents and Settings/All Users/Application Data/fe2c65c/WINSS.ico"
     ,"\/Documents and Settings/All Users/Application Data/fe2c65c/WINSSSys/vd952342.bd ")

Takodje sam proverio windows-ov "etc/hosts.conf" da nisu tamo stavili da preusmerava zahteve.

Posto mi je problem bio mnogo cudan i posto ne mogu da nadjem razlog rekao sam burazeru da snimi http sesiju sa Firefox Addon-om "Live HTTP Headers", i evo sta smo dobili:

Code:

http://mail.google.com/mail/

GET /mail/ HTTP/1.1

Host: mail.google.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefo79780703 88780603 (.NET CLR 3.5.30729)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Referer: http://mail.google.com/

Cookie: PREF=ID=8d0c86f82979ce72:TM=1248896788:LM=1248896788:S=vmX2fG7_nzuJ71Cz

HTTP/1.x 302 Moved Temporarily

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Thu, 30 Jul 2009 23:11:09 GMT

Location: https://www.google.com/account...ltmpl=default&ltmplcache=2

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Transfer-Encoding: chunked

Content-Encoding: gzip

Server: GFE/1.3

----------------------------------------------------------

Ping-ovao je mail.google.com i www.google.com. Odradio sam i reverse lookup za IP adresu koju daje ping za mail.google.com i pripada google-u.

Code:
$ whois 74.125.77.83

Da li neko ima ideju sta jos mogu da proverim? Ako neko ima neki bolji anti-malware softver na umu neka javi, isprobacu ga.

_{[Ovu poruku je menjao Dashkes dana 10.08.2009. u 12:49 GMT+1]}