

Bu Virüsü Ne Yaptıysam Silemedim (YARDIM)
-
Arkadaşlar merhaba, pcye hiç program indirmeme rağmen bir virüs musallat oldu ve nerede ne yaptığını çözemedim sadece 5 yada 10 dakika arayla nod32'den sernew.wwstfp.com Bu siteye yönlendirme engellendi diye bir uyarı alıyorum. Muhtemelen bir onlinefilm sitesinden bulaştı bu virüs. Nod32 ile kapsamlı tarama standart tarama yaptırdım ama silmiyor hiçbir şekilde.
Combofix ilede temizleme işlemi yaptım ama yine olmadı.
Nasıl bir çözüm önerirsiniz?
-
avast kur açılış taraması yaptır virüs trojen ne var ne yok alayını zker atar
-
Hocam bazi virusler kendini restore datasinin icine saklar ve pc her acildiginda yeniden ortaya cikar.
Bilgisayarinizda sistem geri yuklemeyi devre disi birakip pcyi yeniden baslatin.
Sonra mbam antimalware , nod32, combofix ile taratin ve tekrar restart atin.
Tekrar acildiginda virus gitmisse system restor'u acabilrisiniz.
Yok eger gitmemisse degisik yontemlere basvurmak gerekebilir. Root-kit fln olabilir ki bildigim kadariyla kolay temizlenmezler.
Kolay gelsin
-
Hijackthis çalıştır bakalım logu da buraya at
-
YeniHarman bunu yazdı
Hijackthis çalıştır bakalım logu da buraya at
Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14:02:19, on 20.01.2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\JoePC\AppData\Roaming\Telegram Desktop\Telegram.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe F:\indirilenler\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x41F R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [eagleget_setup] C:\Users\JoePC\AppData\Local\Temp\is-0GUCN.tmp\eagleget_setup.tmp -V O4 - HKCU\..\RunOnce: [Uninstall C:\Users\JoePC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JoePC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64" O4 - Startup: Telegram.lnk = C:\Users\JoePC\AppData\Roaming\Telegram Desktop\Telegram.exe O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{8886568a-b9e3-4a97-986b-5c87b1297057}: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Servisi (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7471 bytesedit: kodu küçültmeyi denedim olmuyor :D
joe_black tarafından 20/Oca/17 13:05 tarihinde düzenlenmiştir -
cocaine bunu yazdı
Arkadaşlar merhaba, pcye hiç program indirmeme rağmen bir virüs musallat oldu ve nerede ne yaptığını çözemedim sadece 5 yada 10 dakika arayla nod32'den sernew.wwstfp.com Bu siteye yönlendirme engellendi diye bir uyarı alıyorum. Muhtemelen bir onlinefilm sitesinden bulaştı bu virüs. Nod32 ile kapsamlı tarama standart tarama yaptırdım ama silmiyor hiçbir şekilde.
Combofix ilede temizleme işlemi yaptım ama yine olmadı.
Nasıl bir çözüm önerirsiniz?
bide bunun la denermisin http://www.gezginler.net/indir/adwcleaner.html
-
adwcleaner
hitmanpro
malwarebytes anti-malware
bu üçüyle tara
-
Manuel silme imkanı varsa bir usb belleğe bootable linux kurup sistemi usb'den açarak silebilirsiniz. Çok defa bu şekilde sorun halletmişliğim olmuştur öneririm.