Worm.Mytob
|
wnplayer.exeLink: weiter - WORM_CODBOT
Hijackthis
O4 - HKLM\..\Run: [Secure System] integitor.exe O4 - HKLM\..\RunServices: [Secure System] integitor.exe O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"
Download Registry Search by Bobbi Flekman
regsearch laden:
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Secure System in edit und klicke "Ok". Notepad wird sich öffnen [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECURE_SYSTEM\0000] "Service"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECURE_SYSTEM\0000] "DeviceDesc"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secure System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secure System] "DisplayName"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secure System\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secure System\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SECURE_SYSTEM\0000] "Service"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SECURE_SYSTEM\0000] "DeviceDesc"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Secure System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Secure System] "DisplayName"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Secure System\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURE_SYSTEM\0000] "Service"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURE_SYSTEM\0000] "DeviceDesc"="Secure System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secure System] [HKEY_USERS\S-1-5-21-1454471165-1343024091-1060284298-500\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU] "000"="integitor.exe"
Start - Ausführen - regedit
Sollte man Probleme haben, die Einträge zu löschen, Klicke auf Bearbeiten-->Berechtigung und klicke dann auf Vollzugriff -->[Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen. C:\WINNT\system32\msgfix.exe -> "Backdoor.Win32.SdBot.gen" Virus! C:\WINNT\system32\winsN320.exe -> "Backdoor.Win32.Rbot.gen 
Zitat:
einen virus/trojaner/hijacker oder ähnliches auf meienm pc! jedesmal wenn ich ins netz gehen faengt der pc nach ca 10 minuten an kleinere programme wie zb: wmedia.exe / wnplayer.exe / bigoj.exe usw. runterzuladen bzw zu starten.
wnplayer.exe BitDefender Backdoor.SDBot.23058FD8 gefunden ClamAV Worm.Mytob.BP gefunden Dr.Web Win32.HLLW.ForBot.based gefunden F-Prot Antivirus unknown virus gefunden (mögliche Variante) Fortinet W32/SDBot.01AC-net gefunden Kaspersky Anti-Virus Backdoor.Win32.SdBot.gen gefunden NOD32 probably unknown NewHeur_PE gefunden mögliche Variante Norman Virus Control Sandbox: W32/Backdoor; [ General information ] * File length: 45594 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM\wnplayer.exe. [ Changes to registry ] * Creates value "wnplayer"="wnplayer.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". * Creates value "wnplayer"="wnplayer.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices". * Creates value "wnplayer"="wnplayer.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". [ Network services ] * Connects to "hlserv.no-ip.info" on port 6667 (TCP). * Connects to IRC server. * IRC: Uses nickname [Dns]-767253. * IRC: Uses username [Dns]-043800. * IRC: Joins channel #more1. * IRC: Sets the usermode for user [Dns]-767253 to +i. [ Security issues ] * Possible backdoor functionality [Authenticate] port 113. [ Process/window information ] * Creates a mutex sdf. * Will automatically restart after boot (I'll be back...). gefunden 
|
