View: 9880|Reply: 20
|
(Help Me!) ADVERTISING POP-UP --> UPDATED
[Copy link]
|
|
sebelum tu, aku nak ucap terima kasih pada semua kerana sudi baca masalah aku ni....
pagi tadi, dalam pukul 6 lebih aku surf internet, tetiba keluar mesej ni
`Critical System Error! System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software.`
sekarang ni yg telah berlaku kat PC aku:
1. kalau aku surf, keluar banner yg ntah apa2
2. Yahoo dan Google toolbar telah hilang
3. mesej pasal serangan virus ni masih keluar walau pun aku dah scan sehari suntuk dan delete segala file yg antivirus bagitau.
4. Kalau klik internet explorer, yg keluar adalah satu window pasal virus dan cadangan untuk aku download dan beli antivirus secara online....aduh (kebiasaannya, klik kat internet explorer akan keluar window Yahoo)
5. Aku telah setting balik dalam Tool>Internet Options>General(homepage), tapi tak jadi....
Untuk pengetahuan semua, aku pakai Ad-Aware SE Personal dan Norton (dah expired) untuk antivirus. Aku scan pakai kedua2 ni. Sebelum aku scan virus, aku update dulu antivirus.
* baru kejap tadi, aku tengah surf, keluar window kecik bahawa `Deleted file in drive C:` aku telah click cancel.
*Internet aku tak pulak lembab dan semua nampak macam biasa kalau aku nak bukan folder atau file.
Kalau semua ni iklan semata2 kenapa mesej pasal virus tu, Yahoo toolbar hilang masih ada setelah aku restart PC.
Sebelum aku bukak thread baru ni, aku telah rujuk kat http://forum.cari.com.my/viewthr ... &extra=page%3D1 (red bold, Digest 1 by Sarah_Radzi) yg kat atas tu, tapi aku kurang faham.
*terima kasih banyak2 aku ucapkan.....selamat berhujung minggu.
-Jeman
[ Last edited by bzzts at 13-5-2006 08:09 PM ] |
Rate
-
1
View Rating Log
-
|
|
|
|
|
|
|
mesej: "critical error...etc" tu cuma berpunca dari advertising software atau nama pendeknya "adware".
aku cadangkan ko download "spybot search & destroy" dan jugak "ad-aware 6" dari www.download.com.
lepas download, install, update, dan scan pc ko.
good luck. |
|
|
|
|
|
|
|
Originally posted by bzzts at 5-5-2006 23:07
mesej: "critical error...etc" tu cuma berpunca dari advertising software atau nama pendeknya "adware".
aku cadangkan ko download "spybot search & destroy" dan j ...
Aku tengah download ni Bzzt, tu pun aku refer dan amati betul2 thread2 yg lepas...terima kasih |
|
|
|
|
|
|
Mr.Forensics This user has been deleted
|
samat malam...
kat board ni saya rasa ada solution pertama u kena buat
ni mungkin langkah yang u nak aplai
http://forum.cari.com.my/viewthr ... &extra=page%3D1
saya rasa first u kena buat ialah restart u nyer system,dan masuk windows via safemode.selepas sahaja interface BIOS u,sebelum keluar boot screen.tekan f8 dan masuk safe mode.
u dah masuk,u clear sumer cache,cookies,temp files yang ader dlm harddrive u.u boleh guna software ntuk ni kalau u malas nak wat secara manual,contohnya mcm Ccleaner.
Then start deep scanning ur system guna segala jenis software yg tu ader tu.Deep scan ni lama sikit,bergantung kpd jumlah2 fail u dlm hdisk tu.lagi byk lagi lama.so dah buat scanning,say diorang detect virus and threat,u clean dan delete,kalau impossible,qurantine jer.
Scan sekali lagi,semasa u masih dlm safe mode.Dan lepas u masuk windows secara normal,u tengok ada tak lagi masalah tu.Scan sekali lagi.Tak berjaya jugak,u masuk safemode,guna stinger macam stinger ni...
kalau ader lagik,u mungkin perlukan bantuan software lain mcm Spybot untuk rid this thing off,atau cuba ngan 2 3 antivir lain.salah satu cara ni mesti jadi.
saranan saya,u download HijackThis!..scan u nyer system,copy report log dan paste kat sini,so forumer tau dan boleh analyse u nyer hd attack possibility:ah::ah: |
|
|
|
|
|
|
|
MESEJ:
`Critical System Error! System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software.` sebenarnya, mesej warning tu la adware nya. sebab dia promote link suruh ko download tu. |
|
|
|
|
|
|
|
hye.....aku dah scan pakai Norton, Ad-Aware Personal dan Spybot....semua detected file or item kosong. adakah ini bermakna PC aku dah bebas spyware or viruses.
tapi, mesej pasal virus tu masih ada. atau aku hanya harus biarkan saja mesej tu.
Tq
-Jeman |
|
|
|
|
|
|
Mr.Forensics This user has been deleted
|
mungkin ko harus pasang remote desktop supaya senang kitorang nak access desktop ko...seterusnya konfigure senirik per masalah ko... |
|
|
|
|
|
|
|
aku dah scan dalam `safe mode` dan `normal mode`. semua detected file kosong....Norton, Ad-Aware Personal dan Spybot tak detect apa2 virus atau spyware....
adakah ini dah berjaya.... |
|
|
|
|
|
|
|
Originally posted by jeman at 6-5-2006 03:08 AM
hye.....aku dah scan pakai Norton, Ad-Aware Personal dan Spybot....semua detected file or item kosong. adakah ini bermakna PC aku dah bebas spyware or viruses.
tapi, mesej pasal virus tu masih a ...
tak mustahil mende tu ada auto installer, macam "mysearchbar" iaitu toolbar yg melekat dgn Internet Explorer mcm &Yahoo n Google Toolbar tu. mende ni auto install dan ada pop-up component. so, korang kena la un-install sendiri.
cari dekat dalam C:\Program Files atau dalam C:\Windows or C:\Windows\System32...
nk lagi efisyen, ko tekan "ctrl+alt+delete" dan bila task manager kuar, ko masuk process tab.
pastu ko tgk apa2 process yg mencurigakan / nama pelik2 yg ko tak kenal, ko refer kat google process tu dari mana.
kalo yakin mende tu la malaun-nya ko search la lokasi dia dan tgk samada ko boleh delete secara manual atau kena guna un-installer, etc... |
|
|
|
|
|
|
|
nanti aku cuba langkah2 yg you all bagi tu...kalau ada kekeliruan aku refer balik ye. :hmm:
selamat bercuti semua.... |
|
|
|
|
|
|
|
saranan saya,u download HijackThis!..scan u nyer system,copy report log dan paste kat sini,so forumer tau dan boleh analyse u nyer hd attack possibility
*result setelah aku download Hijack This dan scan aku nye system....aku paste kan untuk sifu semua tengok (betul ke aku buat ni)
Logfile of HijackThis v1.99.1
Scan saved at 12:43:11 AM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Intel\Local Settings\Temp\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp7D8E.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1
O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micr ... e.cab?1130017524375
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
tq. |
|
|
|
|
|
|
Mr.Forensics This user has been deleted
|
hai...thank u for pasting ur log here....
nway,saya boleh analyze log ni sesikit..
dan keputusannya!jeng jeng jeng
sila lawati analisis hijack log kamu ni...
(saya parsing dari website jugak hikhik
http://www.hijackthis.de/logfile ... 6d4d7f68b48ab4.html
ada beberapa entri yg tak perlu
seperti yang ditunjukkan dlam report tu:nasty entries
mmg ada spyware lagik...macam atmclk.exe....
kalau dier kater necessarily remove,remove
dan klik stars untuk lebih consultation dr users
delete entri2 ni melalui hijackthis.
kalau boleh buat ni ketika safemode...::ah:
dan kalau analisis tu menunjukkan ia datang dari c/system
kamu pergi ker folder c:/system kamu,
manually delete those files
feel free to analyze ur log using the website
http://www.hijackthis.de/index.php?langselect=english
it's free,and no need to wait while having a cup of tea *wink
[ Last edited by Mr.Forensics at 7-5-2006 02:32 PM ] |
|
|
|
|
|
|
|
Originally posted by Mr.Forensics at 7-5-2006 14:24
hai...thank u for pasting ur log here....
nway,saya boleh analyze log ni sesikit..
dan keputusannya!jeng jeng jeng
sila lawati analisis hijack log kamu ni...
(saya parsing dari website jugak ...
avatar sudah tukar ya Mr. Forensics...hehehe
nanti aku buat malam ni....aku tak akan tidur.
Tq bebanyak.:pray: |
|
|
|
|
|
|
|
salam semua.....aku dah anggap board ni kelas percuma yg aku boleh pelajari pasal selok belok virus ni....tq
-aku dah buat, scan dalam `safe mode` pakai semua antivirus dan antispyware yg aku ada....tak dapat!
-aku dah analize aku punya logfile pakai `hijackthis`(seperti yg Mr.Forensics ajar, tq), buang file yg `nasty` secara manual, buat dalam `safe mode`....juga tak dapat!
satu lagi kalau aku scan pakai `Spyware Doctor` result dia keluar sampai 70 lebih infected file, tapi nak delete dan quarantine tak boleh sebab aku mesti beli secara online. Yg aku risau, keluar list dia dgn nama macam2, trojan pun ada...aku dari dulu lagi takut kalau dengar nama `trojan` ni....:jeling:
aku layar internet, tak pulak slow down, semua file aku macam biasa tapi mesej pasal virus tu masih duk berkelip.
aku pakai Mcafee, Spybot, Norton dan Ad Aware Se Personal untuk scan semua ni....atau aku kena install anti yg lain?
aku rasa macam:
-nak format balik Local Disc (C)
-nak pegi je jumpa Mr.Forensics, bzzts dan trunk (tq, b`cause PM me about this thing)
tq. :pray: |
|
|
|
|
|
|
|
salam semua.....
...jam 12:18 AM, 13 Mei 2006, PC aku telah bebas dari Spyware dan Virus. Terima kasih kepada semua see foo kat board ni terutama kepada Mr Trunks, Mr Bzzts dan Mr Forensics kerana panduan2 yg amat berguna itu....:solute:
...masalah itu selesai setelah aku scan PC aku dengan Panda Titanium 2006 Antivirus + Antispyware.
kena keluar ngeteh ke ni....:solute:
Thanx you all....
-jeman |
|
|
|
|
|
|
Mr.Forensics This user has been deleted
|
|
|
|
|
|
|
|
yahooo...gumbira jugak hati aku sebab jeman punya problem dah settled....
contact lah sifu2 tu belanja teh kat Kg Baru ke...tempat aku selalu lepak tuh........ |
|
|
|
|
|
|
|
kecik tapak tangan nyiru hamba tadahkan....banyak budi diorang (sifu) ni...:tq: |
|
|
|
|
|
|
| |
|