|
Emiliano
Guest
|
 |
« on: September 17, 2006, 11:24:07 AM » |
|
Does anyone know what can be done on a Windows virus? - I have many friends who have the virus these days, and automatically sends messenger mass at all sites lista. "Making Money Online never be easier: http ://www.geocities.co.jp/*********>  < Now you can avoid some critical online viruses by updating Windows. Click here to know how to Update your Windows: http://www.geocities.co.jp/******** wtf is this? want to give me a shit? http://www.geocities.co . jp/*************** X-(<< " nu have access to the Registry: doh: ce can do? windows resettlement outside (ask for others as I have no problem with something like  ) |
|
|
|
|
|
FREAKTUNING
Guest
|
|
« Reply #1 on: September 17, 2006, 01:10:42 PM » |
|
The virus is installed to open the page "geocities.co.jp/***********" (lest you entering it) Trece perfectly over the firewall and antivirus (I have Avast Pro v4.7 with updates to date) Trimite massuri the various pages including online sus. Schimba mentioned similare Daca status to pages you deloghezi by Yahoo Messenger, and you checked "Remember my ID and Password" to login one, and performing the mentioned sus Isi copies itself clipboard like the top page and if you give Easter somewhere, and performs the mentioned sus. Dezactiveaza Task Manager and Registry website Editor. Anuleaza can change from IE, which remains set to "geocities.co.jp/* ************" Pune by name orcarei open pages "Webhosting http://geocities.co.jp/****************" Se installs from 3 files and infect them, "Syshost.exe, svchost32.exe, Srshost.exe (find them in the directory Windows \ System | n.. other two nush ...) Downloadati Security Task Manager http://software-files.download.com/sd/gF4RWNzc6UinoZMr7ECXOez6YpfC0Tc-pMtzT_A9vPhyUTxZWJj63nZ9You2xHG3kAgY0QDemRMuNfMQTkI3h4Ay8Spdy_RG/software/10408960/10246545/3/taskmanager16.exe?lop=link&ptype=3000&ontid=2094&siteId=4&edId = 3 & pid = 10408960 & psid = 10246545 , install it and put in quarantine process svchost32.exe ... fail to start the next restartare. Pentru reactivate the Task Manager, download and run this "Taskman.bat" http://www.extremeracingclub.ro/archive.zipPentru reactivation Registry Editor, download "Reg.inf" ( the archive), right click on it, and Install! Pentru reactivation possibility of changing the homepage u.. after you have managed to enable the Registry Editor, go to Registry Editor (regedit) and go la [HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] and there to find a homepage, D-Word value set to 1 . Double click it and set it to 0. Close your registry editor, and now go to contol Panel> Internet Options, and set yourself any altapagina than the existing. And do you like problema. Totusi after, try to take with an antispyware or a program like this, to remove all the "remnant" ... Cam that I found of what happened ... So I do and I hope it will be useful .... PS. Until then ... if you can not, not format the HDD .... use GAIM or e-buddy!Am resolve the problem with the page title ... All in RegEdit ... go to registry key: HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main and there is a che.. "Webhosting http://ww w.geocities.co.uk/***************" ... Double-click it and change it ... type "Internet Explorer" ... and you resolve the problem that ... While I do if I have an application to do all this ... Inca one thing .... In C: \ Windows to find a file Svchost32 ... he is "offender" file with because ... search it and delete it .... PS: Tutorial inspired by another user from another forum. Thanks .. |
|
|
|
|
|
Chip
Guest
|
|
« Reply #2 on: September 17, 2006, 01:37:45 PM » |
|
Past Perfect over firewall and antivirus (I have Avast Pro v4.7 with updates to date) Gresit. Past perfect of antivirus stupid. I have Kaspersky and screamed right after I did click. ;-) I have Kaspersky 6.0 in combination with the latest Zone Alarm. When I clicked the link and opened for firefoxu 'antivirusu started screaming and did not gave me access to the site. |
|
|
|
|
|
contagious_scrub
Guest
|
|
« Reply #3 on: September 17, 2006, 01:50:00 PM » |
|
I yelled to me to kaspersky but give him delete already settled ... I missed it anyway DPO
|
|
|
|
|
|
Emiliano
Guest
|
|
« Reply #4 on: September 17, 2006, 02:00:48 PM » |
|
enter to see if something is good for my antivirus (BitDefender Antivirus Plus v10) and lock it, and he saw that appeared to download something (I installed IDManager)
acu gave a full scan to see if we can do something to Tracing
|
|
|
|
|
|
TehWooTzu
Guest
|
|
« Reply #5 on: September 17, 2006, 04:02:53 PM » |
|
Wrong. Past perfect of antivirus stupid. I have Kaspersky and screamed right after I did click. ;-) I have Kaspersky 6.0 in combination with the latest Zone Alarm. When I clicked the link and opened for firefoxu 'antivirusu started screaming and did not gave me access to the site. Nu will take for him that Avast's antivirus bad. It's better than Bitdefender and F-Secure and Avast anyway .. and can do face if you put all settings at maximum. I got that mass Eu from viruses and I clicked .. you have no reason to answer in English massuri from your Romanian friends, plus you can see that every message is the same page target virus. |
|
|
|
|
|
FREAKTUNING
Guest
|
|
« Reply #6 on: September 17, 2006, 04:05:06 PM » |
|
I gave example of how to get rid of him are not to argue with him that the best antivirus I honestly do not care what you use antivirus software, I put that thread for users that have Genu Ala problems so will not plugged into the account elsewhere.
|
|
|
|
|
|
Mih4i
Guest
|
|
« Reply #7 on: September 17, 2006, 04:29:25 PM » |
|
can not delete svchost32.exe Windows
zice that is used by another program
am `s done everything said above: doh:
HEEEEEEEEEEEEEEELP PLSSSSSSSSSSSSS
|
|
|
|
|
|
Emiliano
Guest
|
|
« Reply #8 on: September 17, 2006, 04:37:00 PM » |
|
can not delete svchost32.exe Windows
zice that is used by another program
am `s done everything said above: doh:
HEEEEEEEEEEEEEEELP PLSSSSSSSSSSSSS ia trying to get in safe mode and to delete, or check on startup if it is somehow set to load with Windows |
|
|
|
|
|
Mih4i
Guest
|
|
« Reply #9 on: September 17, 2006, 05:12:35 PM » |
|
I can not delete it in safe mode is not put in start up
|
|
|
|
|
|
stefan_u
Guest
|
|
« Reply #10 on: September 17, 2006, 09:29:37 PM » |
|
Do not try to delete svchost32.exe for a service that is Windows in any case you can not delete. But if you put Linux |
|
|
|
|
|
sparky_20
Guest
|
|
« Reply #11 on: September 17, 2006, 09:38:14 PM » |
|
Exactly when is svchost is infected sucks about that is the element of Windows and can not be removed nor disinfected so easy (really do not know if you can)
|
|
|
|
|
|
Akaias
Guest
|
|
« Reply #12 on: September 17, 2006, 09:50:48 PM » |
|
not many other species of viruses trojeni or pass the McAfee (in my opinion the most capable antivirus currently) or Norton.
|
|
|
|
|
|
myckky3000
Guest
|
|
« Reply #13 on: September 17, 2006, 10:37:18 PM » |
|
Kaspersky Internet Security 6 rulzz nimik not stand in the way;) blocked all Exactly when is svchost is infected sucks it's about basic element of Windows and can not be removed and disinfected or so easy (really do not know if you can) ba may be deleted;) chiar dak is svchost .... in fact there are more ... trebuie off and then go deleted .... probably made at a separate svchost windows |
|
|
|
|
|
myhaiu
Guest
|
|
« Reply #14 on: September 17, 2006, 10:49:53 PM » |
|
svchost32.exe can be deleted:) so that it only tries to imitate the name of the Windows file svchost.exe that's him behind. However it is interesting subject ... is the first time I hear it.
|
|
|
|
|
|
ovisebdan
Guest
|
|
« Reply #15 on: September 17, 2006, 10:50:53 PM » |
|
When I think of how many went there ...
|
|
|
|
|
|
gabr1el
Guest
|
|
« Reply #16 on: September 17, 2006, 11:22:01 PM » |
|
when I think how many have entered there ... cand I think half of my list I TRM media sites like this (only girls picara peak in the net): doh:: doh :: mad:: mad: eu gave not click on those links, but all I open some strange Web pages, with nothing on them but multeeee: blink: |
|
|
|
|
|
zorba_grecul2
Guest
|
|
« Reply #17 on: September 18, 2006, 04:04:17 PM » |
|
The virus is installed to open the page "geocities.co.jp/thanatos183188" (lest you entering it) Trece perfectly over the firewall and antivirus (I have Avast Pro v4.7 with updates to date) Online Trimite massuri the various pages including the one mentioned above. Schimba status similar to pages you deloghezi after Daca Yahoo Messenger, and you checked "Remember my ID and Password" to login one, and performing the above mentioned Isi copy to the clipboard like the top page and if you give Easter somewhere perform and those mentioned above. Dezactiveaza Task Manager and Registry Editor. Anuleaza website can change from IE, which remains set to "geocities.co.jp/thanatos183188" Pune by name orcarei open pages "Webhosting http://geocities.co.jp/thanatos183188" Se install the 3 files that you and infect "Syshost.exe, svchost32.exe, Srshost.exe (s ga.. other two nush ...) Downloadati Security Task Manager http://software-files.download.com/sd/gF4RWNzc6UinoZMr7ECXOez6YpfC0Tc-pMtzT_A9vPhyUTxZWJj63nZ9You2xHG3kAgY0QDemRMuNfMQTkI3h4Ay8Spdy_RG/software/10408960/10246545/3/taskmanager16.exe?lop=link&ptype=3000&ontid=2094&siteId = edId = 4 & 3 & pid = 10408960 & psid = 10246545 , install it and put in quarantine process svchost32.exe ... fail to start on next reboot. Pentru reactivation Task Manager, download and run this "Taskman.bat" http://www.extremeracingclub.ro/archive.zipPentru reactivation Registry Editor, download "Reg.inf" (the archive), right click him, and Install! Pentru reactivation possibility of change hom.. after you have managed to enable the Registry Editor, go to Registry Editor (regedit) and go to [HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] and there to find a homepage, with the value set D-Word on 1. Double click it and set it to 0. Close your registry editor, and now go to contol Panel> Internet Options, and set yourself any altapagina than the existing. And you do about the problem. Totusi after, try to take with an antispyware or a program like this, to remove all the "remnant" ... I found this Cam of what happened ... So I do and I hope it will be useful .... PS. Until then ... if you can not, not format the HDD .... use GAIM or e-buddy! Am resolve the problem with the page title ... All in RegEdit ... go to registry key: HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main and there.. "Webhosting http://ww w.geocities.co.uk/thanatos18388 ... Double-click it and change it ... type "Internet Explorer" ... and you resolve the problem that ... While I do if I have an application to do all this ... Inca one thing .... In C: \ Windows to find a file Svchost32 ... he is "offender" file with because ... search it and delete it .... PS: Tutorial inspired by another user from another forum. Thank you. I blocked the activation m regedit please spune where reg.inf taken step by step as I have not found. |
|
|
|
|
|
FREAKTUNING
Guest
|
|
« Reply #18 on: September 18, 2006, 07:49:50 PM » |
|
, I blocked the activation regedit please
spune where reg.inf taken step by step as I have not found http://www.extremeracingclub.ro/archive. zipPentru reactivation Registry Editor, download "Reg.inf" (from the archive that is in archive.zip), right click on it, and Install! |
|
|
|
|
|
contagious_scrub
Guest
|
|
« Reply #19 on: September 18, 2006, 07:56:44 PM » |
|
or try
start -=> run -=> REG add HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System/v DisableRegistryTools/t REG_DWORD/d 0/f
|
|
|
|
|
|
ava7ar
Guest
|
|
« Reply #20 on: September 18, 2006, 08:03:50 PM » |
|
ugly phase of about 10 -15 entered my (and receive the massuri: (eventually give them ignore
|
|
|
|
|
|
FREAKTUNING
Guest
|
|
« Reply #21 on: September 18, 2006, 08:07:26 PM » |
|
Please post only those who have problems with this to virusu we can help restu refrain yourself from spam.
Va you.
|
|
|
|
|
|
zorba_grecul2
Guest
|
|
« Reply #22 on: September 18, 2006, 10:02:04 PM » |
|
ms than I ever reusit rezolvai but after settling with regedit and ce are outside oncepu format? si if I format the c: get rid of him?
|
|
|
|
|
|
Cornholio
Guest
|
|
« Reply #23 on: September 19, 2006, 02:16:30 AM » |
|
I say we can buy another HDD and RAM and some bus and while you're at it to be sure that there remained no pipeline joke Acum leaving aside .... since the virusu that have got a little crazy PCs ... Someone I do not really have an eye and took ... normally started folly ... lucky me i pusesem windowsu with all the usual and make a Ghost image after I put everything fresh and immediately returned to the image. However .. PC is in a crazy restarteza of 2 in 2 minutes even after returning to the image ... A get all of the virus? It is being led and the other partition because I only have a normal image to C: Altii you been here before you have problems with restarturi idiot? I know I'm not going to hell with the guarantee that nothing PCul than that at first glance seems a hardware problem. Thanks |
|
|
|
|
|
gabr1el
Guest
|
|
« Reply #24 on: September 19, 2006, 09:14:19 AM » |
|
I have a problem: since the virus crap, always open windows to different links, the stage is that I have not accessed the sites aceleink media sites, so what's the problem? how they stuck?: (
|
|
|
|
|
|
zorba_grecul2
Guest
|
|
« Reply #25 on: September 19, 2006, 01:21:08 PM » |
|
no I have not watched anything (but accessible nevastamea) so .........
fai phase above but stop in regedit that is
bafta
|
|
|
|
|
|
xan
Guest
|
|
« Reply #26 on: September 19, 2006, 02:05:54 PM » |
|
I try to delete svchost32.exe for a service that is Windows in any case you can not delete. But if you put Linux no shit? svchost.exe's service Windows Firewall svchost32.exe e |
|
|
|
|
|
zorba_grecul2
Guest
|
|
« Reply #27 on: September 19, 2006, 04:35:38 PM » |
|
no shit?
svchost.exe's service Windows Firewall svchost32.exe e and do not delete without problems? |
|
|
|
|
|
B-A-C-H
Guest
|
|
« Reply #28 on: September 19, 2006, 05:11:56 PM » |
|
The virus is installed to open the page "geocities.co.jp/***********" (lest you entering it) Trece perfectly over the firewall and antivirus (Avast v4 I 7 Pro with updates to date) Trimite massuri the various pages including online mentioned above. Schimba status similar to pages you deloghezi after Daca Yahoo Messenger, and you checked "Remember my ID and Password" to login one, and performing the above mentioned Isi copy to the clipboard like the top page and if you give Easter somewhere perform and those mentioned above. Dezactiveaza Task Manager and Registry Editor. Anuleaza website can change from IE, which remains set to "geocities.co.jp/*************" Pune by name orcarei open pages" Webhosting http://geocities.co . jp/****************" Se installed by 3 files and infect them, "Syshost.exe, svchost32.exe, Srshost.exe (they find.. other two nush ...) Downloadati Security Task Manager http://software-files.download.com/sd/gF4RWNzc6UinoZMr7ECXOez6YpfC0Tc-pMtzT_A9vPhyUTxZWJj63nZ9You2xHG3kAgY0QDemRMuNfMQTkI3h4Ay8Spdy_RG/software/10408960/10246545/3/taskmanager16.exe?lop=link&ptype=3000&ontid=2094&siteId = edId = 4 & 3 & pid = 10408960 & psid = 10246545 , install it and put in quarantine process svchost32.exe ... fail to start on next reboot. Pentru reactivation Task Manager, download and run this "Taskman.bat" http://www.extremeracingclub.ro/archive.zipPentru reactivation Registry Editor, download "Reg.inf" (the archive), right click him, and Install! Pentru reactivation possibility of change hom.. after you have managed to enable the Registry Editor, go to Registry Editor (regedit) and go to [HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] and there to find a homepage, with the value set D-Word on 1. Double click it and set it to 0. Close your registry editor, and now go to contol Panel> Internet Options, and set yourself any altapagina than the existing. And you do about the problem. Totusi after, try to take with an antispyware or a program like this, to remove all the "remnant" ... I found this Cam of what happened ... So I do and I hope it will be useful .... PS. Until then ... if you can not, not format the HDD .... use GAIM or e-buddy! Am resolve the problem with the page title ... All in RegEdit ... go to registry key: HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main and there.. "Webhosting http://ww w.geocities.co.uk/***************" ... Double-click it and change it ... type "Internet Explorer" ... and you resolve the problem that ... While I do if I have an application to do all this ... Inca one thing .... In C: \ Windows to find a file Svchost32 ... he is "offender" file with because ... search it and delete it .... PS: Tutorial inspired by another user from another forum. Thank you. Am managed to escape virusache, following all the above. Precizari: -svchost32.exe file is found in C: \ windows \ prefetch. Kill tha muthafucka bastard! -after what I thought I finished with everything, I noticed that Internet Explorer, active bar, next to the name open the page, wrote "Viva TermeX!" instead of "Microsoft Internet Explorer". The solution is: Click Start/Run, type exactly this: rundll32 iedkcs32.dll, Clear then Enter or click OK. That E. (courtesy Contagious_scrub) xzS. Do not forget to restart the necessary:). |
|
|
|
|
|
FREAKTUNING
Guest
|
|
« Reply #29 on: September 19, 2006, 05:25:56 PM » |
|
virusache I managed to escape, following all the above.
Precizari:
-svchost32.exe file is found in C: \ windows \ prefetch. Kill tha muthafucka bastard!
-after what I thought I finished with everything, I noticed that Internet Explorer, active bar, next to the name open the page, wrote "Viva TermeX!" instead of "Microsoft Internet Explorer". The solution is: Click Start/Run, type exactly this: rundll32 iedkcs32.dll, Clear then Enter or click OK. That E. (courtesy Contagious_scrub)
P.S. Do not forget to restart the necessary:) smart boy:) |
|
|
|
|
|
