Mededeling

Collapse
No announcement yet.

Dikke Spyware + Virus! Help

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Dikke Spyware + Virus! Help

    Beste mensen.

    ik heb op school een aantal virussen of spyware (worms) op mijn usb-stick gekregen en via usb stick op de pc thuis gekregen.
    het betreft Amvo0.dll,imvo.dll,Amvo1.dll en nog een aantal waar ik de naam van kwijt ben. Amvo0.dll,imvo.dll,Amvo1.dll heb ik verwijderd gekregen met nod32, panda antivirus en een .bat fix bestand.
    Ik merkte het virus voor het eerst op toen mijn antivirus meldingen bleef geven van worms etc.
    Tevens kon ik ook een aantal partities niet fatsoen in. Ik kreeg dan de melding ''Openen Met''
    Ik kon ook niet meer op internet in internet explorer want die gaf de melding: De webpagina kan niet worden weergegeven
    (terwijl ik wel op msn kon en zelfs ook op mozilla firefox)
    Nu heb ik combofix ook nog een keer over mijn pc laten lopen en die heeft ook nog een aantal dingen verwijderd (log bestand staat op pc)
    maar nadat deze klaar was met scannen kreeg ik van mijn virusscanner een melding dat svchost mogelijk was aangetast door win32\pacex.gen virus. het virus heeft zich volgens mij ook al verplaatst naar mijn ipod!
    tevens kraken mn boxen als nooit te voren.
    Ik zou niet weten wat ik nu nog moet doen, hopelijk kan iemand mij helpen!
    Last edited by Glenno18; 29-01-08, 21:39.

  • #2
    Welkom op het forum.

    Plaats even een HijackThis log.
    Dit doe je als volgt.

    Lees eerst deze handleiding van HijackThis


    Lees dan het volgende bericht goed door:


    Plaats daarna je HijackThis-log in de daarvoor bestemde forumsectie:


    Vermeld ook daar je probleem erbij.

    Een deskundige helpt je dan.
    A.H.
    Niet alleen is belangrijk de weg, die je gaat,
    maar ook het spoor, dat je achterlaat.

    Comment


    • #3
      Wat is jouw standaard av?
      * Download latest products * Kaspersky Removal Tool * GetSystemInfo* Virus watch 3 * Dutch Support Forum

      Comment


      • #4
        standaard virusscanner? dat is nod32 op het moment

        Comment


        • #5
          Glenno, zet deze thread links boven op opgelost.
          A.H.
          Niet alleen is belangrijk de weg, die je gaat,
          maar ook het spoor, dat je achterlaat.

          Comment


          • #6
            hoe verwijder ik het spoor dan, ik krijg nu steeds meldingen van nod32:
            could not connect to server..
            tevens krijg ik wel vaker onder het server de bekende kan deze pagina niet vinden melding..

            Comment


            • #7
              Draai dit voor de gein eens. http://www.kaspersky.nl/online-virus-scanner.html
              Eens kijken wat er gebeurt
              * Download latest products * Kaspersky Removal Tool * GetSystemInfo* Virus watch 3 * Dutch Support Forum

              Comment


              • #8
                ik heb een scan gedaan, zal de log hier posten:

                Code:
                -------------------------------------------------------------------------------
                 KASPERSKY ONLINE SCANNER REPORT
                 Monday, February 11, 2008 10:09:42 PM
                 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
                 Kaspersky Online Scanner version: 5.0.98.0
                 Kaspersky Anti-Virus database last update: 10/02/2008
                 Kaspersky Anti-Virus database records: 556064
                -------------------------------------------------------------------------------
                
                Scan Settings:
                	Scan using the following antivirus database: extended
                	Scan Archives: true
                	Scan Mail Bases: true
                
                Scan Target - My Computer:
                	C:\
                	D:\
                	E:\
                	F:\
                	G:\
                	H:\
                	I:\
                	J:\
                	K:\
                	L:\
                	M:\
                	N:\
                	O:\
                	Q:\
                
                Scan Statistics:
                	Total number of scanned objects: 327058
                	Number of viruses found: 10
                	Number of infected objects: 51
                	Number of suspicious objects: 0
                	Duration of the scan process: 02:16:25
                
                Infected Object Name / Virus Name / Last Action
                C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
                C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB	Object is locked	skipped
                C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat	Object is locked	skipped
                C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat	Object is locked	skipped
                C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
                C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\FlatOut.NOCD.CRACK-RELOADED_rar.vir.bac_a03580/flatout.exe/bpkhk.dll	Infected: not-a-virus:Monitor.Win32.Perflogger.al	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\FlatOut.NOCD.CRACK-RELOADED_rar.vir.bac_a03580/flatout.exe/bpkwb.dll	Infected: not-a-virus:Monitor.Win32.Perflogger.aa	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\FlatOut.NOCD.CRACK-RELOADED_rar.vir.bac_a03580/flatout.exe/bpk.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.ad	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\FlatOut.NOCD.CRACK-RELOADED_rar.vir.bac_a03580/flatout.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.ad	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\FlatOut.NOCD.CRACK-RELOADED_rar.vir.bac_a03580	RAR: infected - 4	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\FlatOut.NOCD.CRACK-RELOADED_rar.vir.bac_a03580	CryptFF.b: infected - 4	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\Voice Changer 4.0_rar.vir.bac_a03580/Voice Changer 4.0/crack.rar/Free Popup Blocker.exe/stream/data0003	Infected: not-a-virus:AdWare.Win32.MegaKiss.b	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\Voice Changer 4.0_rar.vir.bac_a03580/Voice Changer 4.0/crack.rar/Free Popup Blocker.exe/stream	Infected: not-a-virus:AdWare.Win32.MegaKiss.b	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\Voice Changer 4.0_rar.vir.bac_a03580/Voice Changer 4.0/crack.rar/Free Popup Blocker.exe	Infected: not-a-virus:AdWare.Win32.MegaKiss.b	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\Voice Changer 4.0_rar.vir.bac_a03580/Voice Changer 4.0/crack.rar	Infected: not-a-virus:AdWare.Win32.MegaKiss.b	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\Voice Changer 4.0_rar.vir.bac_a03580	RAR: infected - 4	skipped
                C:\Documents and Settings\Glenn\.housecall6.6\Quarantine\Voice Changer 4.0_rar.vir.bac_a03580	CryptFF.b: infected - 4	skipped
                C:\Documents and Settings\Glenn\Cookies\index.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A08_B9E_80B_8841\dfsr.db	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A08_B9E_80B_8841\fsr.log	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A08_B9E_80B_8841\fsrtmp.log	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_A08_B9E_80B_8841\tmp.edb	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Geschiedenis\History.IE5\index.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Geschiedenis\History.IE5\MSHist012008021120080212\index.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Temp\~DF8F68.tmp	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Temp\~DF8F75.tmp	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Temp\~DFC6AE.tmp	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Temp\~DFC784.tmp	Object is locked	skipped
                C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
                C:\Documents and Settings\Glenn\NTUSER.DAT	Object is locked	skipped
                C:\Documents and Settings\Glenn\ntuser.dat.LOG	Object is locked	skipped
                C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
                C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
                C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
                C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat	Object is locked	skipped
                C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
                C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
                C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
                C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
                C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
                C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
                C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
                C:\RTHDCPL_Dump.txt	Object is locked	skipped
                C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
                C:\System Volume Information\_restore{9C707109-D0BD-4CC7-A319-E4F33310A93A}\RP2\change.log	Object is locked	skipped
                C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
                C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
                C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
                C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
                C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
                C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
                C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
                C:\WINDOWS\system32\config\default	Object is locked	skipped
                C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
                C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
                C:\WINDOWS\system32\config\SAM	Object is locked	skipped
                C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
                C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
                C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
                C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
                C:\WINDOWS\system32\config\software	Object is locked	skipped
                C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
                C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
                C:\WINDOWS\system32\config\system	Object is locked	skipped
                C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
                C:\WINDOWS\system32\drivers\atapi.sys	Object is locked	skipped
                C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
                C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
                C:\WINDOWS\wiadebug.log	Object is locked	skipped
                C:\WINDOWS\wiaservc.log	Object is locked	skipped
                C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
                D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
                D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP10\A0004613.inf	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0002517.com	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0002518.inf	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003506.com	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003507.inf	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003533.com	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003534.inf	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003575.com	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003576.inf	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003839.exe/expIorer.exe	Infected: not-a-virus:AdWare.Win32.WinAD.bq	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003839.exe/wupdtmngr.exe	Infected: Trojan-Downloader.Win32.IstBar.gen	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003839.exe	SetupFactory: infected - 2	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003840.exe/expIorer.exe	Infected: not-a-virus:AdWare.Win32.WinAD.bq	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003840.exe/wupdtmngr.exe	Infected: Trojan-Downloader.Win32.IstBar.gen	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003840.exe	SetupFactory: infected - 2	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP9\A0004247.com	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP9\A0004248.inf	Object is locked	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}(2)\RP119\A0016494.inf	Infected: Worm.Win32.AutoRun.aye	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}(2)\RP120\A0016543.inf	Infected: Worm.Win32.AutoRun.aye	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}(2)\RP120\A0016609.inf	Infected: Worm.Win32.AutoRun.aye	skipped
                D:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}(2)\RP121\A0016659.inf	Infected: Worm.Win32.AutoRun.aye	skipped
                D:\WINDOWS\$NtUninstallKB835732$\callcont.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\h323.tsp	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\helpctr.exe	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\msgina.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\mst120.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll	Object is locked	skipped
                D:\WINDOWS\$NtUninstallKB835732$\schannel.dll	Object is locked	skipped
                E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector	Object is locked	skipped
                E:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
                E:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP10\A0004616.inf	Object is locked	skipped
                E:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0002519.com	Object is locked	skipped
                E:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0002520.inf	Object is locked	skipped
                E:\System Volume Information\_restore{EED82BFC-73E3-4892-8A93-E13A5CE0A930}\RP8\A0003508.com	Object is locked	skipped
                zucht, hopelijk toch niet alweer een virus.. ik kan mijn antivirus nog steeds niet updaten en bij sommige websites krijg ik weer een kan niet worden weergegeven melding..
                Last edited by Crash; 23-02-08, 07:03. Reden: code tag toegevoegd.

                Comment


                • #9
                  opgelost

                  Comment


                  • #10
                    zo lekker, zeer veel virussen
                    Number of viruses found: 10
                    Number of infected objects: 51
                    had je al een hijackthis logje geplaatst?


                    Comment


                    • #11
                      ja klopt, nod32 vind niets... en logje had ik tijdje geleden geplaatst inderdaad

                      Comment


                      • #12
                        je hebt toevallig geen illigale versie?


                        Comment


                        • #13
                          jawel, nu mogen jullie me zeker niet meer verder helpen ?

                          Comment


                          • #14
                            dan komt het daardoor dat nod32 niet meer functioneert, een anti virus product kun je beter niet illigaal gebruiken, omdat je daardoor onnodig veel risico's loopt
                            je kunt beter een legale gratis anti virus gebruiken dan een illigale betaalde
                            mocht je niet van plan zijn om nod32 toch te kopen, de-installeer nod32 dan en installeer de trail van kaspersky http://www.kaspersky.nl/kaspersky-in...-security.html


                            Comment


                            • #15
                              Beste,

                              ik heb nod32 verwijderd en panda antivirus geinstalleerd (legaal en ik had hier nog een licentie van lopen)
                              panda heeft wel 25 virussen aangetroffen, maar 2 heeft hij niet kunnen verwijderen.

                              MVG

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X