English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận virus, trojan, spyware, worm... ko vào dc yahoo  XML
  [Question]   ko vào dc yahoo 09/09/2008 04:50:46 (+0700) | #1 | 150382
supperkimquy
Member
[Minus]    0    [Plus]
Joined: 16/12/2007 21:28:27
Messages: 50
Offline
[Profile] [PM]
em và thằng bạn dính 1 con virut gì đó ko vào dc yahoo ai biết giúp em cái

Logfile of HijackThis v1.99.1
Code:
Scan saved at 3:48:27 AM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\iTunes\iTunes.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\TDdownload\BHome1873.exe
C:\JetAudio\JetAudio.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pv.cga.com.cn/counter.asp?id=809
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - D:\WINDOWS\system32\gigagetbho_v10.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [BkavFw] D:\Program Files\Bkav2006\Bkav2006.exe TASKBAR
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kamsoft] D:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All by Gigaget - D:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ?????? - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Program Files\Holdfast\Platform\GameClient.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)



conmale nhắc: lần sau nên đưa thông tin vào [ code ] tag để tránh vỡ trang vì có những dòng quá dài.
[Up] [Print Copy]
  [Question]   Re: ko vào dc yahoo 10/09/2008 04:50:47 (+0700) | #2 | 150465
[Avatar]
 kamikazeq
Member
[Minus]    0    [Plus]
Joined: 04/07/2006 03:20:53
Messages: 837
Location: Panic Malware Planet
Offline
[Profile] [PM] [Yahoo!]
Oops, nàm biếng search ta ơi smilie
/hvaonline/posts/list/24692.html#149343
IDM 5.18 http://tinyurl.com/pl2ejj | Quick Remove Malware http://tinyurl.com/lbbm9x - http://tinyurl.com/arna6g
[Up] [Print Copy]
  [Question]   Re: ko vào dc yahoo 18/09/2008 09:12:59 (+0700) | #3 | 151822
lavensong
Member
[Minus]    0    [Plus]
Joined: 05/12/2006 17:44:51
Messages: 5
Offline
[Profile] [PM]
khả năng máy của bạn bị dính con virus kvo hay kxvo rất cao. bạn hãy vào google tim cách diệt nó nhé . rất nhiều đó
[Up] [Print Copy]
  [Question]   Re: ko vào dc yahoo 18/09/2008 10:08:20 (+0700) | #4 | 151830
flobg88
Member
[Minus]    0    [Plus]
Joined: 23/08/2008 18:31:32
Messages: 17
Offline
[Profile] [PM]
Bạn copy đoạn code này vào notepad như sau vào start >>> run gõ notepad và paste vào đó dưới dạng file .bat VD killkavo.bat là ok , chúc bạn thành công

taskkill /f /im explorer.exe

Del /Q /F /A s %windir%\system32\ckvo*
Del /Q /F /A s %windir%\system32\ckvo1*
Del /Q /F /A s %windir%\system32\ckvo2*
Del /Q /F /A s %windir%\system32\kavo*
Del /Q /F /A s %windir%\system32\kava*
Del /Q /F /A s %windir%\system32\amvo*
Del /Q /F /A s %windir%\system32\amvo0*
Del /Q /F /A s %windir%\system32\amvo1*
Del /Q /F /A s %windir%\system32\amvvo*
Del /Q /F /A s %windir%\system32\kavo0*
Del /Q /F /A s %windir%\system32\kavo1*
Del /Q /F /A s %windir%\system32\avpo.*
Del /Q /F /A s %windir%\system32\avpo0.*
Del /Q /F /A s %windir%\system32\mmvo0.*
Del /Q /F /A s %windir%\system32\mmvo.*


Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d C:\WINDOWS\system32\userinit.exe, /F
Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\advanced\folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f
Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\advanced\folder\Hidden\SHOWALL" /v DefaultValue /t REG_DWORD /d 2 /f
Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\advanced\folder\Hidden\SHOWALL" /v Type /t REG_SZ /d radio /f

reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "kamsoft" /f
reg delete "HKU\S-1-5-21-861567501-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\run" "kamsoft" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "kavo" /f
reg delete "HKU\S-1-5-21-861567501-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\run" "kavo" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "kava" /f
reg delete "HKU\S-1-5-21-861567501-1844237615-725345543-1003\Software\Microsoft\Windows\CurrentVersion\run" "kava" /f

Del /Q /F /A s c:\tyktjfww.exe
Del /Q /F /A s d:\tyktjfww.exe
Del /Q /F /A s e:\tyktjfww.exe
Del /Q /F /A s f:\tyktjfww.exe
Del /Q /F /A s c:\n.com
Del /Q /F /A s d:\n.com
Del /Q /F /A s e:\n.com
Del /Q /F /A s f:\n.com
Del /Q /F /A s g:\n.com
Del /Q /F /A s h:\n.com
Del /Q /F /A s c:\ov.cmd
Del /Q /F /A s d:\ov.cmd
Del /Q /F /A s e:\ov.cmd
Del /Q /F /A s f:\ov.cmd
Del /Q /F /A s g:\ov.cmd
Del /Q /F /A s h:\ov.cmd
Del /Q /F /A s c:\r1y1.bat
Del /Q /F /A s d:\r1y1.bat
Del /Q /F /A s e:\r1y1.bat
Del /Q /F /A s f:\r1y1.bat
Del /Q /F /A s g:\r1y1.bat
Del /Q /F /A s h:\r1y1.bat
Del /Q /F /A s c:\b3b9u.com
Del /Q /F /A s d:\b3b9u.com
Del /Q /F /A s e:\b3b9u.com
Del /Q /F /A s f:\b3b9u.com
Del /Q /F /A s c:\t1ypkh.exe
Del /Q /F /A s d:\t1ypkh.exe
Del /Q /F /A s e:\t1ypkh.exe
Del /Q /F /A s f:\t1ypkh.exe
Del /Q /F /A s c:\mnl6on3.com
Del /Q /F /A s d:\mnl6on3.com
Del /Q /F /A s e:\mnl6on3.com
Del /Q /F /A s f:\mnl6on3.com
Del /Q /F /A s c:\n6j6on3.com
Del /Q /F /A s d:\n6j6on3.com
Del /Q /F /A s e:\n6j6on3.com
Del /Q /F /A s f:\n6j6on3.com
Del /Q /F /A s c:\n6j6pc0.com
Del /Q /F /A s d:\n6j6pc0.com
Del /Q /F /A s e:\n6j6pc0.com
Del /Q /F /A s f:\n6j6pc0.com
Del /Q /F /A s c:\ntdelect.com
Del /Q /F /A s d:\ntdelect.com
Del /Q /F /A s e:\ntdelect.com
Del /Q /F /A s f:\ntdelect.com
Del /Q /F /A s c:\ntde1ect.com
Del /Q /F /A s d:\ntde1ect.com
Del /Q /F /A s e:\ntde1ect.com
Del /Q /F /A s f:\ntde1ect.com
Del /Q /F /A s c:\n.com
Del /Q /F /A s d:\n.com
Del /Q /F /A s e:\n.com
Del /Q /F /A s f:\n.com
Del /Q /F /A s c:\ph.com
Del /Q /F /A s d:\ph.com
Del /Q /F /A s e:\ph.com
Del /Q /F /A s f:\ph.com
Del /Q /F /A s c:\u9dyi.exe
Del /Q /F /A s d:\u9dyi.exe
Del /Q /F /A s e:\u9dyi.exe
Del /Q /F /A s f:\u9dyi.exe
Del /Q /F /A s c:\yssjnngm.cmd
Del /Q /F /A s d:\yssjnngm.cmd
Del /Q /F /A s e:\yssjnngm.cmd
Del /Q /F /A s f:\yssjnngm.cmd
Del /Q /F /A s c:\fi.cmd
Del /Q /F /A s d:\fi.cmd
Del /Q /F /A s e:\fi.cmd
Del /Q /F /A s f:\fi.cmd
Del /Q /F /A s c:\kk3.bat
Del /Q /F /A s d:\kk3.bat
Del /Q /F /A s e:\kk3.bat
Del /Q /F /A s f:\kk3.bat
Del /Q /F /A s C:\krg62.cmd
Del /Q /F /A s d:\krg62.cmd
Del /Q /F /A s e:\krg62.cmd
Del /Q /F /A s f:\krg62.cmd
Del /Q /F /A s g:\krg62.cmd
Del /Q /F /A s h:\krg62.cmd
Del /Q /F /A s C:\1t6yxlxx.cmd
Del /Q /F /A s d:\1t6yxlxx.cmd
Del /Q /F /A s e:\1t6yxlxx.cmd
Del /Q /F /A s f:\1t6yxlxx.cmd
Del /Q /F /A s g:\1t6yxlxx.cmd
Del /Q /F /A s h:\1t6yxlxx.cmd
Del /Q /F /A s C:\39lpji.com
Del /Q /F /A s d:\39lpji.com
Del /Q /F /A s e:\39lpji.com
Del /Q /F /A s f:\39lpji.com
Del /Q /F /A s g:\39lpji.com
Del /Q /F /A s h:\39lpji.com
Del /Q /F /A s C:\bwpncb6.com
Del /Q /F /A s d:\bwpncb6.com
Del /Q /F /A s e:\bwpncb6.com
Del /Q /F /A s f:\bwpncb6.com
Del /Q /F /A s g:\bwpncb6.com
Del /Q /F /A s h:\bwpncb6.com
Del /Q /F /A s C:\f.bat
Del /Q /F /A s d:\f.bat
Del /Q /F /A s e:\f.bat
Del /Q /F /A s f:\f.bat
Del /Q /F /A s g:\f.bat
Del /Q /F /A s h:\f.bat
Del /Q /F /A s C:\jdhc2x2.com
Del /Q /F /A s d:\jdhc2x2.com
Del /Q /F /A s e:\jdhc2x2.com
Del /Q /F /A s f:\jdhc2x2.com
Del /Q /F /A s g:\jdhc2x2.com
Del /Q /F /A s h:\jdhc2x2.com
Del /Q /F /A s C:\ktnquo.exe
Del /Q /F /A s d:\ktnquo.exe
Del /Q /F /A s e:\ktnquo.exe
Del /Q /F /A s f:\ktnquo.exe
Del /Q /F /A s g:\ktnquo.exe
Del /Q /F /A s h:\ktnquo.exe
Del /Q /F /A s C:\binli.cmd
Del /Q /F /A s d:\binli.cmd
Del /Q /F /A s e:\binli.cmd
Del /Q /F /A s f:\binli.cmd
Del /Q /F /A s g:\binli.cmd
Del /Q /F /A s h:\binli.cmd
Del /Q /F /A s C:\a1.bat
Del /Q /F /A s d:\a1.bat
Del /Q /F /A s e:\a1.bat
Del /Q /F /A s f:\a1.bat
Del /Q /F /A s g:\a1.bat
Del /Q /F /A s h:\a1.bat
Del /Q /F /A s C:\vxl.exe
Del /Q /F /A s d:\vxl.exe
Del /Q /F /A s e:\vxl.exe
Del /Q /F /A s f:\vxl.exe
Del /Q /F /A s g:\vxl.exe
Del /Q /F /A s h:\vxl.exe
Del /Q /F /A s C:\83fgj.com
Del /Q /F /A s d:\83fgj.com
Del /Q /F /A s e:\83fgj.com
Del /Q /F /A s f:\83fgj.com
Del /Q /F /A s g:\83fgj.com
Del /Q /F /A s h:\83fgj.com
Del /Q /F /A s C:\rs.cmd
Del /Q /F /A s d:\rs.cmd
Del /Q /F /A s e:\rs.cmd
Del /Q /F /A s f:\rs.cmd
Del /Q /F /A s g:\rs.cmd
Del /Q /F /A s h:\rs.cmd
Del /Q /F /A s C:\y8md.bat
Del /Q /F /A s d:\y8md.bat
Del /Q /F /A s e:\y8md.bat
Del /Q /F /A s f:\y8md.bat
Del /Q /F /A s g:\y8md.bat
Del /Q /F /A s h:\y8md.bat
Del /Q /F /A s C:\2.cmd
Del /Q /F /A s d:\2.cmd
Del /Q /F /A s e:\2.cmd
Del /Q /F /A s f:\2.cmd
Del /Q /F /A s g:\2.cmd
Del /Q /F /A s h:\2.cmd
Del /Q /F /A s C:\test.exe
Del /Q /F /A s d:\test.exe
Del /Q /F /A s e:\test.exe
Del /Q /F /A s f:\test.exe
Del /Q /F /A s g:\test.exe
Del /Q /F /A s h:\test.exe





explorer
[Up] [Print Copy]
  [Question]   Re: ko vào dc yahoo 18/09/2008 13:47:49 (+0700) | #5 | 151865
[Avatar]
 mjning
Member
[Minus]    0    [Plus]
Joined: 14/07/2008 22:12:29
Messages: 61
Offline
[Profile] [PM]
O4 - HKCU\..\Run: [kamsoft] D:\WINDOWS\system32\ckvo.exe 


bạn này dính con ckvo.... đã có bài diệt post trên diễn đàn lâu rồi.
lần sau bạn có thể search trước khi post.

http://nghiadoi.com
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|