[ wargamehide @ 07.02.2004. 20:37 ] @
| Slucajno sam posetio sajt i sada kada ukucam neku adresu (bilo koju) IE ode na sajt www.magicsearch.ws Kako ovo da resim |
|
[ wargamehide @ 07.02.2004. 20:37 ] @
[ Zed-Zen @ 16.02.2004. 18:01 ] @
Momci, momci, momci!!! Pa nećemo tako. Pa jesmo li mi tu da rešimo problem ili ne?
Meni se pre neki dan isto desilo. Pa kažem: "www.magicsearch.ws, majku vam fašističku!" Ali imam rešenje problema. Radi se o jednoj otimačini browsera i jednom crvu. Pobrišite datoteke na disku koje imaju ovakve nazive, ali samo ako su veličine oko 21 kb i u sebi imaju tekst "HidePE": C:\Program Files\directx\directx.exe C:\Program Files\Common Files\System\systeem.exe (ima viška 'e') C:\Windows\explore.exe (fali slovo 'r' na kraju) C:\Windows\System\internet.exe C:\Windows\Media\wmplayer.exe C:\Windows\Help\helpcvs.exe C:\Program Files\Accessories\accesss.exe (ima viška 's') C:\Games\systemcritical.exe C:\Documents Settings\sistem.exe C:\Program Files\Common Files\Windows Media Player\wmplayer.exe C:\Windows\Start Menu\Programs\Accessories\Game.exe C:\Windows\sistem.exe C:\Windows\System\RunDll16.exe C:\Windows\iexplorer.exe (extra 'i' ili extra 'r') C:\y.exe C:\x.exe c:\funny.exe c:\funniest.exe c:\Windows\notepad32.exe C:\Windows\system\kazaa.exe C:\Windows\system32\kazaa.exe C:\Program Files\Common Files\Services\iexplorer.exe C:\Program Files\Common Files\Services\explore.exe C:\Program Files\Common Files\Services\exploreer.exe C:\Program Files\Common Files\Services\sistem.exe C:\Program Files\Common Files\Services\critical.exe C:\Program Files\Common Files\Services\directx.exe C:\Program Files\Common Files\Services\internet.exe C:\Program Files\Common Files\Services\window.exe C:\Program Files\Common Files\Services\winmgnt.exe C:\Program Files\Common Files\Services\clrssn.exe C:\Program Files\Common Files\Services\explorer32.exe C:\Program Files\Common Files\Services\win32e.exe C:\Program Files\Common Files\Services\directx32.exe C:\Program Files\Common Files\Services\uninstall.exe C:\Program Files\Common Files\Services\volume.exe C:\Program Files\Common Files\Services\autorun.exe C:\Program Files\Common Files\Services\users32.exe C:\Program Files\Common Files\Services\notepad.exe C:\Program Files\Common Files\Services\win64.exe C:\Program Files\Common Files\Services\inetinf.exe C:\Program Files\Common Files\Services\time.exe C:\Program Files\Common Files\Services\systeem.exe c:\Windows\system32\iexplorer.exe c:\Windows\system32\explore.exe c:\Windows\system32\exploreer.exe c:\Windows\system32\sistem.exe c:\Windows\system32\critical.exe c:\Windows\system32\directx.exe c:\Windows\system32\internet.exe c:\Windows\system32\window.exe c:\Windows\system32\winmgnt.exe c:\Windows\system32\clrssn.exe c:\Windows\system32\explorer32.exe c:\Windows\system32\win32e.exe c:\Windows\system32\directx32.exe c:\Windows\system32\uninstall.exe c:\Windows\system32\volume.exe c:\Windows\system32\autorun.exe c:\Windows\system32\users32.exe c:\Windows\system32\win64.exe c:\Windows\system32\inetinf.exe c:\Windows\system32\time.exe c:\Windows\system32\systeem.exe - ili sve slično, ALI veličine oko 21.06KB i sa tekstom "HidePE" unutra - u slučaju da ne možete da ih pobrišete, ubijte istoimene procese iz memorije - ovaj crv će vam onesposobiti vaš firewall, pa se požurite da to rešite ALI TO NIJE SVE!!! Time nije rešen problem browsera. Za TO ćete morati u REGEDIT da promenite zapise koji zlostavljaju vaš registry: HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.ws/?q= promenite u HKCU\Software\Microsoft\Internet Explorer,SearchURL = HKCU\Software\Microsoft\Internet Explorer\SearchURL,@ = http://magicsearch.ws/?q= promenite u HKCU\Software\Microsoft\Internet Explorer\SearchURL,@ = HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.ws/?q= promenite u HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.ws/?q= promenite u HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://magicsearch.ws promenite u HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.ws promenite u HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.ws/?q= promenite u HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKCU\Software\Microsoft\Internet Explorer,Search = http://magicsearch.ws/?q= promenite u HKCU\Software\Microsoft\Internet Explorer,Search = HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer,SearchURL = HKLM\Software\Microsoft\Internet Explorer\SearchURL,@ = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer\SearchURL,@ = HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://magicsearch.ws promenite u HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://magicsearch.ws promenite u HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.ws/?q= HKLM\Software\Microsoft\Internet Explorer,Search = http://magicsearch.ws/?q= promenite u HKLM\Software\Microsoft\Internet Explorer,Search = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix,@ = http://magicsearch.ws/?q= promenite u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix,@ = http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes,www = http://magicsearch.ws/?q= promenite u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes,www = http:// - na svim ostalim mestima gde nađete "*magicsearch.ws*", promenite u "" TO BI BILO TO! Ja sam uspio u svom naumu.Bar mislim. Probajte i ako vam uspije, javite mi. Hvala, zlatna ste publika! Vaš, Zed-Zen Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|