Atlantis1992
Gebruiker
- Lid geworden
- 23 okt 2007
- Berichten
- 23
Hallo,
2 weken geleden wou ik een Windows update doen maar wanneer de venster opende werd ik direct doorverbonden naar msn.com, toen wist ik niet dat het door die trojan kwam.
Ik merkte dat ik de laatste tijd meer advertenties po-ups heb als normaal. Dus ging ik met Spybot S&D, Norman Malware cleaner en Norton Antivirus 2009 scannen De volgende dingen waren gevonden:
Norman:
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP14\A0005488.exe (Infected with W32/Packed_FSG.D)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP26\A0012066.exe (Infected with W32/Ardamax.ADQ)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP26\A0012069.exe (Infected with W32/Smalltroj.EXTH)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012239.exe (Infected with DNSChanger.CZFO)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012257.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012309.com (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013257.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013303.com (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013310.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0013325.com (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0014335.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP48\A0020138.exe (Infected with IEDefender.E.dropper)
Deleted file
C:\WINDOWS\Temp\tmp16.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\WINDOWS\Temp\tmp57.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\WINDOWS\Temp\tmp6D.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\WINDOWS\Temp\tmpD.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
Scanning: D:\*.*
D:\autorun.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012310.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012311.com (Infected with W32/DNSChanger.DBJL)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013304.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0013326.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0013327.com (Infected with W32/DNSChanger.DBJL)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP36\A0016212.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP36\A0016213.com (Infected with W32/DNSChanger.DBJL)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP48\A0020168.inf (Infected with INI/DNSChanger.A)
Deleted file
Spybot
Zlob.DNSChanger.rtk
Zlob.DNSChanger.Rtk
Norton
IEDefender
Tracing Cookie
Logje van Hijckthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:59 , on 17-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Kunt u mij vertellen wat ik moet doen om de trojan weg te krijgen?
M.v.g
Arnie
2 weken geleden wou ik een Windows update doen maar wanneer de venster opende werd ik direct doorverbonden naar msn.com, toen wist ik niet dat het door die trojan kwam.
Ik merkte dat ik de laatste tijd meer advertenties po-ups heb als normaal. Dus ging ik met Spybot S&D, Norman Malware cleaner en Norton Antivirus 2009 scannen De volgende dingen waren gevonden:
Norman:
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP14\A0005488.exe (Infected with W32/Packed_FSG.D)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP26\A0012066.exe (Infected with W32/Ardamax.ADQ)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP26\A0012069.exe (Infected with W32/Smalltroj.EXTH)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012239.exe (Infected with DNSChanger.CZFO)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012257.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012309.com (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013257.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013303.com (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013310.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0013325.com (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0014335.inf (Infected with INI/AutoRun.CXB)
Deleted file
C:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP48\A0020138.exe (Infected with IEDefender.E.dropper)
Deleted file
C:\WINDOWS\Temp\tmp16.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\WINDOWS\Temp\tmp57.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\WINDOWS\Temp\tmp6D.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
C:\WINDOWS\Temp\tmpD.tmp (Infected with W32/DNSChanger.DBJL)
Deleted file
Scanning: D:\*.*
D:\autorun.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012310.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0012311.com (Infected with W32/DNSChanger.DBJL)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP29\A0013304.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0013326.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP30\A0013327.com (Infected with W32/DNSChanger.DBJL)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP36\A0016212.inf (Infected with INI/DNSChanger.A)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP36\A0016213.com (Infected with W32/DNSChanger.DBJL)
Deleted file
D:\System Volume Information\_restore{D939D465-08B9-4FCD-9C7C-A2B6856F8875}\RP48\A0020168.inf (Infected with INI/DNSChanger.A)
Deleted file
Spybot
Zlob.DNSChanger.rtk
Zlob.DNSChanger.Rtk
Norton
IEDefender
Tracing Cookie
Logje van Hijckthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:59 , on 17-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Kunt u mij vertellen wat ik moet doen om de trojan weg te krijgen?
M.v.g
Arnie
Laatst bewerkt door een moderator:
