le trojan?
•
24 Jul 2010, 12:11
•
Journals
hello,
i had a weird popup after boot recently, titled '#' saying 'BOT NOT CRYPTED' with clickable 'OK', but google didnt give me any results, so i let hijackthis do a system scan which gave me one malicious file, which i checked with both antivir & malwarebytes with no result, therefore i just simply shift+del'ed the file..
now the popup is gone on startup, but in the running processes theres only the filepath gone, not the 04-HKCU/.../Run: [{E32randomlettersnumbers}] "C://..old deleted filepath"
analysis says 'Schädlich[means 'bad'] (2.6 / 5.00)'
so how can i get also this out of my running processes and is it rly harmful?
(it was "Izgec\ihim.exe" in the application folder, but as google didnt give any results, i doubt you know it)
i had a weird popup after boot recently, titled '#' saying 'BOT NOT CRYPTED' with clickable 'OK', but google didnt give me any results, so i let hijackthis do a system scan which gave me one malicious file, which i checked with both antivir & malwarebytes with no result, therefore i just simply shift+del'ed the file..
now the popup is gone on startup, but in the running processes theres only the filepath gone, not the 04-HKCU/.../Run: [{E32randomlettersnumbers}] "C://..old deleted filepath"
analysis says 'Schädlich[means 'bad'] (2.6 / 5.00)'
so how can i get also this out of my running processes and is it rly harmful?
(it was "Izgec\ihim.exe" in the application folder, but as google didnt give any results, i doubt you know it)
i dont even
e: oh its 4chan-post:(
fuck censorship :p
searched that pic :Pp
Lad dir den hier: http://www.esagelab.com/resources.php?n=4
Dann kopier remover.exe zu C:\Windows\System32
Ausführen -> cmd -> remover (da das in deinem system32 ist, musst du nicht nen Ordner suchen).
Sag uns, was der remover so über deine Partition aussagt ;)
blabla remover.exe dump/fix
remover.exe fix \\.\PhysicalDriveX
X mit der Zahl des Drives ersetzen bei dem der bootcode ist, notfalls mit allen. Danach beim ersten Boot sofort Virenscan.
drive?bootcode? :s
Das ganze mit dem Remover sieht doch so aus:
Size Device Name MBR Status
149GB \\.\PhysicalDrive0 OK Unknown Boot Code
149GB \\.\PhysicalDrive1 OK Unknown Boot Code
Und du machst jetzt remover fix \\.\PhysicalDrive0
remover fix \\.\PhysicalDrive1
etc bis du alle durch hast
dann neu starten und virenscannen, und zwar beim ERSTEN pc start
antivir-scan, nicht hjt!?
dann start -> ausführen -> cmd
da tippste das ein:
remover fix \\.\PhysicalDrive0
antivir sowie malwarebytes läuft jetz mal durch