Niinpä. EMCO malware destroyer löytää Banker C troijalaisen koneelta. En löytänyt mitään muuta ilmaisohjelmaa joka C:n poistaa, skannereita kylläkin. HiJack this logissa löytyy tuo ntos.exe. Kuitenkaan HiJackThis ei kohdetta fiksaa. Onko olemassa ohjelma jolla poisto hoituisi. EMCO deletoi/karanteeniin mutta virus pukkaa heti uudestaan! (Käytössä Filseclab palomuuri ja Avast virustutka) Logi: Logfile of HijackThis v1.99.1 Scan saved at 16:43:21, on 14.1.2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Filseclab\xfilter\xfilter.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Filseclab\FilMsg.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\_\Omat tiedostot\Ohjelmia (media,virus..)\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - Global Startup: Filseclab Messenger.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?b7321047835e4454a32dfe671194db2a O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?b7321047835e4454a32dfe671194db2a O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Ei ole ihme että on ongelmia kun koneesta puuttuvat kaikki tietoturvapäivitykset! http://support.microsoft.com/gp/lifean19
Kysymys oli siis banker C viruksen poistamisesta. Siis ei tietoturvapäivityksistä! Miten Banker C troijalainen poistetaan? Tietoturvapäivityksen kyllä hoidan..
