Virus problem

Probleme? Aici le gasiţi soluţiile!

Moderator: Moderators

Locked
User avatar
mtF.Amin
Happy Camper
Posts: 202
Joined: 19 Jul 2009, 13:37
Location: Com T. Vladimirecu, Galati

Virus problem

Post by mtF.Amin » 24 Aug 2009, 22:58

In seara asta, dupa ce si-a facut update, antivirusul n-a mai tacut...

Code: Select all

24.08.2009 22:47:29	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
24.08.2009 22:42:29	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe.
24.08.2009 22:37:29	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe.
24.08.2009 22:35:00	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe.
24.08.2009 22:34:13	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe.
24.08.2009 22:32:25	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe.
24.08.2009 22:31:20	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe.
24.08.2009 22:31:16	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning		Event occurred during an attempt to access the file by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
24.08.2009 22:31:14	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to run the file by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
24.08.2009 22:31:13	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
24.08.2009 22:26:27	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
24.08.2009 22:26:15	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
24.08.2009 22:23:17	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
24.08.2009 22:22:35	Real-time file system protection	file	C:\WINDOWS\system32\user32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
24.08.2009 22:22:32	Real-time file system protection	file	C:\WINDOWS\system32\user32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
24.08.2009 22:22:05	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to run the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
24.08.2009 22:22:04	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
24.08.2009 22:20:00	Real-time file system protection	file	C:\WINDOWS\SYSTEM32\USER32.DLL	Win32/Pinit virus	error while cleaning	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
24.08.2009 22:15:08	Startup scanner	file	C:\WINDOWS\system32\USER32.dll	Win32/Pinit virus	error while cleaning		
24.08.2009 22:14:53	Startup scanner	file	C:\WINDOWS\system32\user32.dll	Win32/Pinit virus	error while cleaning		
Am cautat si pe forumuri dar singurul raspuns pe care l-am primit a fost: "Ai virusi". Daca stiti vreo rezolvare sau aveti vreun sfat va rog, nu ezitati.
Image
Image
User avatar
vim
Mini tehnicus
Posts: 2019
Joined: 22 Nov 2007, 20:05

Re: Virus problem

Post by vim » 25 Aug 2009, 00:17

Nu stiu daca poate sa ti`l scoata vre`un antivirus automat, totusi poti sa incerci:
  1. Devirusare automata
  2. Devirusarea manuala (ai aici cateva informatii despre troianul respectiv)
  3. Reinstalarea de windows (bleah)
Totusi iti recomand sa incerci devirusarea manuala.
Stergi inregistrarile din registri care au legatura cu viermele (informatiile le gasesti pe pagina al carei link l`am specificat mai inainte), dupa care stergi fisierele care sunt listate in aceeasi pagina.

user32.dll trebuie sa il copiezi la loc dupa devirusare. Il gasesti pe CD-ul de instalare al Windows-ului.

Dupa ce ai terminat totul scoti toate sharurile care le ai active si dai reboot.

Recomand sa faci toate astea in safemode.

P.S Nu mai lasati nimic sharuit in retea. Daca vreti sa faceti schimburi de fisiere cu vecinu, folositi un client p2p sau un website pentru file sharing.

Code: Select all

[root@gw-03 ~]# man woman
Segmentation Fault (core dumped)
I retired from here
User avatar
mtF.Amin
Happy Camper
Posts: 202
Joined: 19 Jul 2009, 13:37
Location: Com T. Vladimirecu, Galati

Re: Virus problem

Post by mtF.Amin » 25 Aug 2009, 10:23

Acum incerc prima varianta, sa vad ce rezultat primesc desi nu stiu cat de bine o sa se impace Nod-ul cu Kaspersky. L-am dezactivat pentru orice eventualitate.

Devirusarea manuala... ramane de vazut. Sper sa mearga si sa scap de vierme.

In cele din urma, aici voiam sa ajung: am internet de la Romtelecom de 2 Mbps si nu vad cu cine as putea face retea din moment ce conexiunea mea e prin modem. Singurele share-uri le am pentru StrongDC si uTorrent, dar ambele folosesc client p2p. In orice caz, cum aflu ce fisiere am la share (suna ciudat dar sincer, nu stiu)

As mai avea o intrebare: pentru o formatare "in depth" ce comanda folosesc? "format c:" folosesc de obicei dar nu cred ca poate sa gaseasca si bad-uri pe hard. Iar daca exista o asa comanda, o pot folosi numai pentru o partitie sau trebuie neaparat sa o folosesc pentru tot hard-ul?

Si as mai avea o intrebare (retorica dar intens discutata): oare trebuie sa trecem de Linux ca sa scapam de aceste "mici surprize"?

MUltumesc mult vim pentru asistenta. Revin (sper) cu problema rezolvata.

Am optat pentru varianta 3 :roll: #-coffe Mi-am facut de lucru...
Image
Image
User avatar
vim
Mini tehnicus
Posts: 2019
Joined: 22 Nov 2007, 20:05

Re: Virus problem

Post by vim » 25 Aug 2009, 10:45

Format la partitia de sistem ii dai de pe cd-ul de instalare a sistemului de operare.
Cam orice tip de formatare nu face altceva decat sa iti marcheze fisierele de pe partitia sau hardul formatat ca "necitibile", insa ele continua sa existe. Dar de cele mai multe ori, o formatare simpla te scapa de bad-uri, daca acestea nu cumuleaza mai multe de 20 - 60 de mega.

Daca bad-urile cumulate iti ocupa mai mult de 60 de mega, recomand un low level format.
Tinand cont ca low level format iti lasa hardul ca atunci cand iti iese din fabrica, ai putea sa spui ca ai hard nou :)
Dealtfel, multe harduri care se gasesc la second hand prin buticuri si ti se ofera garantie, asa sunt formatate.

Totusi e mai usor sa previi decat sa repari. Asa ca nu recomand sa forjezi hardul prin mai multe operatii de scriere si citire. Desii operatia de citire nu creeaza bad-uri, ajuta la incarcarea bufferului, iar daca in acelasi timp si scrii pe hard posibil sa rezulte "error writing to disk" ; ceea ce inseamna ca sectorul de pe hard pe care se scria cand a dat respectiva eroare nu va mai putea fi utilizat pana la formatare => sector bad

TIP: Limitarea vitezei de transfer pentru clientii P2P (torrente de exemplu), atunci cand avem harduri mai lenese, este un must :wink:

Code: Select all

[root@gw-03 ~]# man woman
Segmentation Fault (core dumped)
I retired from here
User avatar
mtF.Amin
Happy Camper
Posts: 202
Joined: 19 Jul 2009, 13:37
Location: Com T. Vladimirecu, Galati

Re: Virus problem

Post by mtF.Amin » 25 Aug 2009, 18:22

Pana la urma am aflat ca de virusul care l-am luat nu se scapa usor, iar reinstalarea sistemului este una din solutii. #-broken
Afectase deja mare parte din programele instalate asa ca am decis sa reinstalez win-ul :roll: .

Am trecut si eu la SP3 poate mai ajuta cu ceva sistemul meu ca si asa e slab (Mother Board K8N4-E SE, AMD Sempron 3000+ in 1.8 GHz, 1024 RAM DDR 400, nVidia GeForce EN 6200 LE in 256 MB)

In orice caz, THANKS A LOT vim.
Image
Image
Locked