View: 3314|Reply: 18
|
My Laptop kena spyware & TROJAN, tolong masuk...
[Copy link]
|
|
Walaupun ada ESET NOD 32, Spyware Doctor dan Spyware Guard enabled.
My laptop now kena spyware.
Spyware dia macma gini...kadang2 out of nowhere popup internet explorer keluar tell me that my computer infected with spyware bla bla bla..
kadang keluar notfication kat taskbar ..bila click..ada popup IE cakap suruh download latest spyware detector bla bla
thanks...
[ Last edited by bzzts at 19-7-2006 02:17 PM ] |
|
|
|
|
|
|
|
logfile yg NOD aku detect
Time Module Object Name Threat Action User Information
7/18/2006 10:46:01 AM AMON file C:\WINDOWS\system32\components\flx1.dll a variant of Win32/TrojanDownloader.Zlob.VB trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 10:36:09 AM AMON file C:\WINDOWS\system32\components\flx1.dll probably a variant of Win32/TrojanDownloader.Zlob.VB trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 10:02:13 AM AMON file C:\WINDOWS\system32\components\flx1.dll a variant of Win32/TrojanDownloader.Zlob.VB trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 10:02:12 AM AMON file C:\WINDOWS\system32\components\flx1.dll probably a variant of Win32/TrojanDownloader.Zlob.VB trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 9:37:31 AM AMON file C:\WINDOWS\system32\components\flx1.dll a variant of Win32/TrojanDownloader.Zlob.VB trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 9:37:28 AM AMON file C:\WINDOWS\system32\components\flx1.dll probably a variant of Win32/TrojanDownloader.Zlob.VB trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\ishost.exe. The file was moved to quarantine. You may close this window.
7/18/2006 9:35:16 AM AMON file C:\WINDOWS\system32\issearch.exe probably a variant of Win32/TrojanDownloader.Zlob.VA trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
7/18/2006 0:42:50 AM Kernel file C:\WINDOWS\system32\issearch.exe probably a variant of Win32/TrojanDownloader.Zlob.VA trojan
7/17/2006 22:55:21 PM AMON file C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\jd30sehy.exe a variant of Win32/Dialer.DialHub application quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
7/17/2006 22:55:19 PM AMON file C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\F498AD79d01 a variant of Win32/Dialer.DialHub application quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe. The file was moved to quarantine. You may close this window.
7/17/2006 22:51:45 PM AMON file C:\WINDOWS\system32\pmnqguh.dll Win32/Hoax.Renos application quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\WINDOWS\system32\components\flx5.dll. The file was moved to quarantine. You may close this window.
7/17/2006 22:49:26 PM AMON file C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\mshtml2.exe Win32/TrojanDownloader.PurityScan.BV trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\OA.exe. The file was moved to quarantine. You may close this window.
6/24/2006 22:37:34 PM AMON file C:\DOCUME~1\LOLAOK~1\LOCALS~1\Temp\1cfjb76u.exe a variant of Win32/TrojanDownloader.IstBar trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE. The file was moved to quarantine. You may close this window.
6/24/2006 22:37:32 PM AMON file C:\Documents and Settings\Lola Okhrana\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbqgv2q3.default\Cache\390E18F6d01 a variant of Win32/TrojanDownloader.IstBar trojan quarantined - deleted SLAPSHOCK\Lola Okhrana Event occurred on a new file created by the application: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE. The file was moved to quarantine. You may close this window.
6/24/2006 22:37:27 PM IMON file http://www.binarity.com/ysbinstall_1002755_3.exe a variant of Win32/TrojanDownloader.IstBar trojan SLAPSHOCK\Lola Okhrana |
|
|
|
|
|
|
|
download spybot search & destroy. dari www.download.com
pastu install, open in advanced mode.
pastu masuk tools, select BHO. pastu review BHO dan spybot akan identify BHO yg ko nak guna atau tanak guna. kalo taknak, just select fix atau delete saja.
spybot ni lepas ko update, ko select tea-timer utk round-the-clock protection.
ia akan berfungsi macam antivirus utk real-time monitor kpd spyware/adware/malware. |
|
|
|
|
|
|
|
DAH buat..tetap keluar..
nod aku detect ni
TROJANDOWNLOADER.ZLOB.VB TROJAN |
|
|
|
|
|
|
|
Reply #5 sLapshock's post
tadi adware, ini trojan pulak dah.
trojan tu kena la cuci guna trojan cleaner atau antivirus.
kalo adware tu leh la cuci guna spybot tuh. |
|
|
|
|
|
|
|
try dulu antivirus ngan spybot... try both... usually kalau trojan tu, dedua pun mesti detect something..
[ Last edited by rienn at 18-7-2006 03:01 PM ] |
|
|
|
|
|
|
|
its a trojan lah.. i dont know trojan ker apa ker.. but my nod detect it as trojan
its like..out of nowhere ada popup keluar.....ie popup ... say that my com infeted bla bla |
|
|
|
|
|
|
|
Reply #8 sLapshock's post
kalau ada trojan, antivirus saja yg akan pop-up bgtau u punya system are infected with bla-bla-bla.
kalau ada internet explorer pop-up bgtau benda tu maka ia adalah adware.
bukannya antivirus.
i mean, IE pop-up and inform; ur pc is infected...iinsted antivirus is doing nothing...??? :hmm:
note: ad-ware is not a virus. it is an advertising software that create pop-ups like u're experiencing rite now. that is why ur antivirus is not doing anithing about that pop-up. |
|
|
|
|
|
|
|
thanks. now masih akt sekolah..i will do it at home. |
|
|
|
|
|
|
|
cam pnah kene jer kes nie
solution fly gune mcafee antispyware dulu
pastu remove n then scan gune spybots search + destroy .....
pas tu da .... selesai ..... |
|
|
|
|
|
|
|
dah macam2 aku guna, sama dengan step yg ditunjukkan kat web tu..tetap trojan ni ada...
trojan Win32/TrojanDownloader.Zlob.VB found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\ishost.exe.
File C:\WINDOWS\system32\ishost.exe is infected with trojan Win32/TrojanDownloader.Zlob.VB. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.
File C:\WINDOWS\system32\ismon.exe is infected with trojan Win32/TrojanDownloader.Zlob.VB. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.
[ Last edited by sLapshock at 19-7-2006 12:02 PM ] |
|
|
|
|
|
|
|
Try guna kapersky anti virus |
|
|
|
|
|
|
|
reference: http://virusinfo.prevx.com/pxparall.asp?PXC=a8ec30771233
ISHOST.EXE
AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: ISHOST.EXE
* Safety Rating: Known Spyware, do not run
* Spyware Family: Part of Spyware group - SpywareQuake
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: EXPLOIT
* Additional Info: Bogus antispyware application
* Protection: Prevx1 will protect, disinfect, cleanup and remove ISHOST.EXE
* Non Prevx Users: New users may cleanup and remove ISHOST.EXE for free using the regular Prevx1 download
* First seen: Jul 10 2006 (GMT)
* Last seen: Today (GMT)
* File Size: 30,224 bytes
MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY
1. COVERT ANALYSIS OF: ISHOST.EXE
* File Names Used: 8
* Paths Used: 3
* Common File Name: ISHOST.EXE
* Common Path: %WINDIR%\SYSTEM32\
* Vendor Information: No Vendor details specified
* ISHOST.EXE may use 8 or more path and file names, these are the most common:
* File Name Structure: Normal
* File and Path Structure: Normal
2. RELATIONSHIP ANALYSIS OF: ISHOST.EXE
* Malicious Objects Created: 5 objects
* Malicious Creators: None
* Malware Run Keys: None
* Self Persists:
* Antivirus Detection: No third party antivirus detection observed
* Anti-Spyware Detection: No third party anti-spyware detection observed
3. ACTIVITY ANALYSIS OF: ISHOST.EXE
* The following behaviors have been observed for this object:
* Installs programs.
* Deletes programs.
* Invokes dll components.
* Runs other programs.
* Communicates with web sites using httpout protocols.
* Creates known malware.
4. PROPAGATION ANALYSIS OF: ISHOST.EXE
* Malware Group Propagation Rate: Epidemic levels
* Malware Group: SpywareQuake
* Copyright Prevx Limited 2005, 2006
pendek kata ishost.exe ni ialah adaware/spyware yg asalnya daripada spywareQuake nih. ianya infected dgn trojan.
ko boleh delete aje file ni secara manual.
cara manual ni byk kaedah dia. antaranya ko masuk safe mode dan bukak direktori C:\Windows\System32\ dan cari ishost.exe ni dan delete secara manual. byk lagi cara lain kalau cara ni tak berkesan.
cara aku:
- check & stop suspicious active task from task manager.
- check and fix startup item at msconfig> startup page.
- check and fix BHO using "Spybot - search & destroy".
kalau semuanya tak OK dan infection masih ada, aku masuk ke safe mode dan try delete scara manual dan scan & clean guna antivirus, spybot dan Lavasoft adaware.
kalo takleh gak, aku refer encik google. |
|
|
|
|
|
|
|
i think prob settled. thanks... (tgk camna 2 3 hari ni) |
|
|
|
|
|
|
|
Members minta tolong!!!!!!
PC saya kena "downloader Trojan". Saya dah install AVG, Lavasoft dan Spybot. Bende 3 niecuma boleh detect je, tapi takleh delete. Minta tolong beri suggestion sikit apa yang perlu saya lakukan untuk menghapusnyah kan "trojan" nie. |
|
|
|
|
|
|
|
try use Trojan Remover. download jek kat download.com
kalam dah kena benda nih semalam.. now nampaknye ok. Trojan tuh dah tak kuo lagi... |
|
|
|
|
|
|
|
guna jer Trojan Hunter...aku pun kena sama gak macam ni...cuba try dalam safe mode dulu..okayyy.. |
|
|
|
|
|
|
| |
|