CariDotMy

 Forgot password?
 Register

ADVERTISEMENT

View: 3314|Reply: 18

My Laptop kena spyware & TROJAN, tolong masuk...

[Copy link]
Post time 18-7-2006 09:42 AM | Show all posts |Read mode
Walaupun ada ESET NOD 32, Spyware Doctor dan Spyware Guard enabled.
My laptop now kena spyware.
Spyware dia macma gini...kadang2 out of nowhere popup internet explorer keluar tell me that my computer infected with spyware bla bla bla..

kadang keluar notfication kat taskbar ..bila click..ada popup IE cakap suruh download latest spyware detector bla bla

thanks...

[ Last edited by  bzzts at 19-7-2006 02:17 PM ]
Reply

Use magic Report


ADVERTISEMENT


 Author| Post time 18-7-2006 10:46 AM | Show all posts
gambar dia sama dengan gambar ada dalam web ni...

http://virus-protect.org/artikel/spyware/spywarequake.html
Reply

Use magic Report

 Author| Post time 18-7-2006 10:51 AM | Show all posts
logfile yg NOD aku detect


Time        Module        Object        Name        Threat        Action        User        Information
7/18/2006 10:46:01 AM        AMON        file        C:\WINDOWS\system32\components\flx1.dll        a variant of Win32/TrojanDownloader.Zlob.VB trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 10:36:09 AM        AMON        file        C:\WINDOWS\system32\components\flx1.dll        probably a variant of Win32/TrojanDownloader.Zlob.VB trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 10:02:13 AM        AMON        file        C:\WINDOWS\system32\components\flx1.dll        a variant of Win32/TrojanDownloader.Zlob.VB trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 10:02:12 AM        AMON        file        C:\WINDOWS\system32\components\flx1.dll        probably a variant of Win32/TrojanDownloader.Zlob.VB trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 9:37:31 AM        AMON        file        C:\WINDOWS\system32\components\flx1.dll        a variant of Win32/TrojanDownloader.Zlob.VB trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 9:37:28 AM        AMON        file        C:\WINDOWS\system32\components\flx1.dll        probably a variant of Win32/TrojanDownloader.Zlob.VB trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 9:35:16 AM        AMON        file        C:\WINDOWS\system32\issearch.exe        probably a variant of Win32/TrojanDownloader.Zlob.VA trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
7/18/2006 0:42:50 AM        Kernel        file        C:\WINDOWS\system32\issearch.exe        probably a variant of Win32/TrojanDownloader.Zlob.VA trojan                       
7/17/2006 22:55:21 PM        AMON        file        C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\jd30sehy.exe        a variant of Win32/Dialer.DialHub application        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
7/17/2006 22:55:19 PM        AMON        file        C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\F498AD79d01        a variant of Win32/Dialer.DialHub application        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
7/17/2006 22:51:45 PM        AMON        file        C:\WINDOWS\system32\pmnqguh.dll        Win32/Hoax.Renos application        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\WINDOWS\system32\components\flx5.dll. The file was moved to quarantine. You may close this window.
7/17/2006 22:49:26 PM        AMON        file        C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\mshtml2.exe        Win32/TrojanDownloader.PurityScan.BV trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\OA.exe. The file was moved to quarantine. You may close this window.
6/24/2006 22:37:34 PM        AMON        file        C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\1cfjb76u.exe        a variant of Win32/TrojanDownloader.IstBar trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE. The file was moved to quarantine. You may close this window.
6/24/2006 22:37:32 PM        AMON        file        C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\390E18F6d01        a variant of Win32/TrojanDownloader.IstBar trojan        quarantined - deleted        SLAPSHOCK\Lola Okhrana        Event occurred on a new file created by the application: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE. The file was moved to quarantine. You may close this window.
6/24/2006 22:37:27 PM        IMON        file        http://www.binarity.com/ysbinstall_1002755_3.exe        a variant of Win32/TrojanDownloader.IstBar trojan                SLAPSHOCK\Lola Okhrana
Reply

Use magic Report

Post time 18-7-2006 02:03 PM | Show all posts
download spybot search & destroy. dari www.download.com
pastu install, open in advanced mode.
pastu masuk tools, select BHO. pastu review BHO dan spybot akan identify BHO yg ko nak guna atau tanak guna. kalo taknak, just select fix atau delete saja.

spybot ni lepas ko update, ko select tea-timer utk round-the-clock protection.
ia akan berfungsi macam antivirus utk real-time monitor kpd spyware/adware/malware.
Reply

Use magic Report

 Author| Post time 18-7-2006 02:17 PM | Show all posts
DAH buat..tetap keluar..

nod aku detect ni

TROJANDOWNLOADER.ZLOB.VB TROJAN
Reply

Use magic Report

Post time 18-7-2006 02:29 PM | Show all posts

Reply #5 sLapshock's post

tadi adware, ini trojan pulak dah.
trojan tu kena la cuci guna trojan cleaner atau antivirus.
kalo adware tu leh la cuci guna spybot tuh.
Reply

Use magic Report

Follow Us
Post time 18-7-2006 03:00 PM | Show all posts
try dulu antivirus ngan spybot... try both... usually kalau trojan tu, dedua pun mesti detect something..

[ Last edited by  rienn at 18-7-2006 03:01 PM ]
Reply

Use magic Report

 Author| Post time 18-7-2006 04:51 PM | Show all posts
its a trojan lah.. i dont know trojan ker apa ker.. but my nod detect it as trojan

its like..out of nowhere ada popup keluar.....ie popup ... say that my com infeted bla bla
Reply

Use magic Report


ADVERTISEMENT


Post time 18-7-2006 06:09 PM | Show all posts

Reply #8 sLapshock's post

kalau ada trojan, antivirus saja yg akan pop-up bgtau u punya system are infected with bla-bla-bla.
kalau ada internet explorer pop-up bgtau benda tu maka ia adalah adware.
bukannya antivirus.

i mean, IE pop-up and inform; ur pc is infected...iinsted antivirus is doing nothing...??? :hmm:

note: ad-ware is not a virus. it is an advertising software that create pop-ups like u're experiencing rite now. that is why ur antivirus is not doing anithing about that pop-up.
Reply

Use magic Report

Post time 18-7-2006 06:12 PM | Show all posts
Kat laman web ni ada cara² mcm mana nak delete spyware tu http://www.bleepingcomputer.com/forums/lofiversion/index.php/t47826.html
Reply

Use magic Report

 Author| Post time 18-7-2006 06:40 PM | Show all posts
thanks. now masih akt sekolah..i will do it at home.
Reply

Use magic Report

Post time 18-7-2006 09:41 PM | Show all posts
cam pnah kene jer kes nie
solution fly gune mcafee antispyware dulu
pastu remove n then scan gune spybots search + destroy .....
pas tu da .... selesai .....
Reply

Use magic Report

 Author| Post time 19-7-2006 11:59 AM | Show all posts
dah macam2 aku guna, sama dengan step yg ditunjukkan kat web tu..tetap trojan ni ada...

trojan Win32/TrojanDownloader.Zlob.VB found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\ishost.exe.

File C:\WINDOWS\system32\ishost.exe is infected with trojan Win32/TrojanDownloader.Zlob.VB. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.


File C:\WINDOWS\system32\ismon.exe is infected with trojan Win32/TrojanDownloader.Zlob.VB. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.

[ Last edited by  sLapshock at 19-7-2006 12:02 PM ]
Reply

Use magic Report

Post time 19-7-2006 01:35 PM | Show all posts
Try guna kapersky anti virus
Reply

Use magic Report

Post time 19-7-2006 02:09 PM | Show all posts
reference: http://virusinfo.prevx.com/pxparall.asp?PXC=a8ec30771233

ISHOST.EXE

AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: ISHOST.EXE

    * Safety Rating: Known Spyware, do not run
    * Spyware Family: Part of Spyware group - SpywareQuake
    * Determination: Automatically determined using Prevx1 centralized heuristics
    * Malware Form: EXPLOIT
    * Additional Info: Bogus antispyware application
    * Protection: Prevx1 will protect, disinfect, cleanup and remove ISHOST.EXE
    * Non Prevx Users: New users may cleanup and remove ISHOST.EXE for free using the regular Prevx1 download
    * First seen: Jul 10 2006 (GMT)
    * Last seen: Today (GMT)
    * File Size: 30,224 bytes

MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY
1. COVERT ANALYSIS OF: ISHOST.EXE

    * File Names Used: 8
    * Paths Used: 3
    * Common File Name: ISHOST.EXE
    * Common Path: %WINDIR%\SYSTEM32\
    * Vendor Information: No Vendor details specified
    * ISHOST.EXE may use 8 or more path and file names, these are the most common:
    * File Name Structure: Normal
    * File and Path Structure: Normal

2. RELATIONSHIP ANALYSIS OF: ISHOST.EXE

    * Malicious Objects Created: 5 objects
    * Malicious Creators: None
    * Malware Run Keys: None
    * Self Persists:
    * Antivirus Detection: No third party antivirus detection observed
    * Anti-Spyware Detection: No third party anti-spyware detection observed

3. ACTIVITY ANALYSIS OF: ISHOST.EXE

    * The following behaviors have been observed for this object:
    * Installs programs.
    * Deletes programs.
    * Invokes dll components.
    * Runs other programs.
    * Communicates with web sites using httpout protocols.
    * Creates known malware.

4. PROPAGATION ANALYSIS OF: ISHOST.EXE

    * Malware Group Propagation Rate: Epidemic levels
    * Malware Group: SpywareQuake
    * Copyright Prevx Limited 2005, 2006







pendek kata ishost.exe ni ialah adaware/spyware yg asalnya daripada spywareQuake nih. ianya infected dgn trojan.
ko boleh delete aje file ni secara manual.

cara manual ni byk kaedah dia. antaranya ko masuk safe mode dan bukak direktori C:\Windows\System32\ dan cari ishost.exe ni dan delete secara manual. byk lagi cara lain kalau cara ni tak berkesan.

cara aku:

- check & stop suspicious active task from task manager.
- check and fix startup item at msconfig> startup page.
- check and fix BHO using "Spybot - search & destroy".

kalau semuanya tak OK dan infection masih ada, aku masuk ke safe mode dan try delete scara manual dan scan & clean guna antivirus, spybot dan Lavasoft adaware.

kalo takleh gak, aku refer encik google.
Reply

Use magic Report

 Author| Post time 19-7-2006 04:41 PM | Show all posts
i think prob settled. thanks... (tgk camna 2 3 hari ni)
Reply

Use magic Report


ADVERTISEMENT


Post time 22-8-2006 10:38 AM | Show all posts
Members minta tolong!!!!!!

PC saya kena "downloader Trojan". Saya dah install AVG, Lavasoft dan Spybot. Bende 3 niecuma boleh detect je, tapi takleh delete. Minta tolong beri suggestion sikit apa yang perlu saya lakukan untuk menghapusnyah kan "trojan" nie.
Reply

Use magic Report

Post time 29-8-2006 09:21 AM | Show all posts
try use Trojan Remover. download jek kat download.com
kalam dah kena benda nih semalam.. now nampaknye ok. Trojan tuh dah tak kuo lagi...
Reply

Use magic Report

Post time 6-9-2006 09:18 AM | Show all posts
guna jer Trojan Hunter...aku pun kena sama gak macam ni...cuba try dalam safe mode dulu..okayyy..
Reply

Use magic Report

You have to log in before you can reply Login | Register

Points Rules

 

ADVERTISEMENT


Forum Hot Topic

 

ADVERTISEMENT


 


ADVERTISEMENT
Follow Us

ADVERTISEMENT


Mobile|Archiver|Mobile*default|About Us|CariDotMy

29-12-2024 04:04 AM GMT+8 , Processed in 0.058718 second(s), 33 queries , Gzip On, Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

Quick Reply To Top Return to the list