Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samsung zainfekowany win32/bunpil.CS robak

kaja1996 04 Gru 2015 22:17 567 3
  • #2 05 Gru 2015 00:34
    cyberdelia
    Poziom 22  

    Wyrżnij to ręcznie z pod trybu awaryjnego, sprawdź katalogi główne innych partycji, usuń zawartość folderu temp użytkownika, po wszystkim zeskanuj programem malwarebytes:

    HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\mstgo.exe <===== UWAGA
    HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\MountPoints2: {0760ea36-f8a7-11e4-be89-806e6f6e6963} - "F:\SETUP.EXE"
    HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\MountPoints2: {8d8e753c-e518-11e4-be6c-806e6f6e6963} - "E:\Autorun.exe"

    0
  • Pomocny post
    #3 05 Gru 2015 04:27
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [282384 2015-03-22] (Filefacts.net)
    HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [656144 2015-03-18] (Filefacts.net)
    HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\mstgo.exe <===== UWAGA
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku
    S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
    S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
    S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
    S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
    S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
    S3 BTATH_HID; \SystemRoot\system32\DRIVERS\btath_hid.sys [X]
    S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
    S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
    2015-12-04 21:44 - 2015-12-04 21:44 - 00602112 _____ (OldTimer Tools) C:\Users\Karolina\Desktop\OTL.exe
    2015-12-04 21:27 - 2015-12-04 21:29 - 00000000 ____D C:\AdwCleaner
    2015-08-24 15:09 - 2015-06-15 16:22 - 91347072 ___SH () C:\ProgramData\mstgo.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #4 06 Gru 2015 19:25
    kaja1996
    Poziom 5  

    Kolobos napisał:
    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [282384 2015-03-22] (Filefacts.net)
    HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [656144 2015-03-18] (Filefacts.net)
    HKU\S-1-5-21-1229153242-3201741155-1693493588-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\mstgo.exe <===== UWAGA
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku
    S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
    S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
    S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
    S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
    S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
    S3 BTATH_HID; \SystemRoot\system32\DRIVERS\btath_hid.sys [X]
    S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
    S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
    2015-12-04 21:44 - 2015-12-04 21:44 - 00602112 _____ (OldTimer Tools) C:\Users\Karolina\Desktop\OTL.exe
    2015-12-04 21:27 - 2015-12-04 21:29 - 00000000 ____D C:\AdwCleaner
    2015-08-24 15:09 - 2015-06-15 16:22 - 91347072 ___SH () C:\ProgramData\mstgo.exe
    EmptyTemp:

    W FRST wybierz Napraw.


    Wielkie dzięki. Pomogło :)

    0