Von: hilfebedürftig347832 
24.08.07 - 22:14
24.08.07 - 22:14 
hilfe!
immer wenn ich in icq mit jmd. bekommt dieser jmd, automatisch einen link (jokonlineworld.com) von mir gesendet, wie werd ich das los?
immer wenn ich in icq mit jmd. bekommt dieser jmd, automatisch einen link (jokonlineworld.com) von mir gesendet, wie werd ich das los?
Von: hilfebedürftig347832
24.08.07 - 22:44
24.08.07 - 22:44
ich hatte dieses problem schonmal und kann mich nur noch daran erinner, dass ich einfach eine bestimmt datei in WINNT/system32 löschen musste und alles war wieder ok, aber welche? virenscanner hab ich schon laufen lassen ,is nix
Von: LinkinPark92 
25.08.07 - 10:54
25.08.07 - 10:54
Found Sandbox: W32/Malware; [ General information ]
* Decompressing UPX.
* Creating several executable files on hard-drive.
* File length: 64512 bytes.
[ Changes to filesystem ]
* Creates file C:\windows\system32\mspradme.exe.
* Creates file C:\WINDOWS\SYSTEM32\vb5dmspo.dll.
* Creates file C:\WINDOWS\SYSTEM32\rdpwmsjt.exe.
* Creates file C:\WINDOWS\SYSTEM32\mcd3mscm.dll.
* Creates file C:\WINDOWS\SYSTEM32\e1.dll.
[ Changes to registry ]
* Creates value "mspradme"="c:\windows\system32\mspradme.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n".
[ Changes to system settings ]
* Creates WindowsHook monitoring cbt activity.
[ Process/window information ]
* Creates an event called ZAAllowEvent.
* Creates an event called SGAllowEvent.
* Creates an event called NISAllowEvent.
* Creates an event called OPAllowEvent.
* Creates an event called MAAllowEvent2.
* Attempts to access service "vsmon".
* Creates an event called ActiveZA.
* Attempts to access service "SmcService".
* Creates an event called ActiveSG.
* Attempts to access service "wscsvc".
* Attempts to access service "SharedAccess".
* Attempts to access service "Symantec Core LC".
* Creates an event called ActiveNIS.
* Attempts to access service "OutpostFirewall".
* Creates an event called ActiveOP.
* Attempts to access service "MpfService".
* Creates an event called ActiveMA.
* Attempts to access service "WinRoute".
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
* Decompressing UPX.
* Creating several executable files on hard-drive.
* File length: 64512 bytes.
[ Changes to filesystem ]
* Creates file C:\windows\system32\mspradme.exe.
* Creates file C:\WINDOWS\SYSTEM32\vb5dmspo.dll.
* Creates file C:\WINDOWS\SYSTEM32\rdpwmsjt.exe.
* Creates file C:\WINDOWS\SYSTEM32\mcd3mscm.dll.
* Creates file C:\WINDOWS\SYSTEM32\e1.dll.
[ Changes to registry ]
* Creates value "mspradme"="c:\windows\system32\mspradme.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n".
[ Changes to system settings ]
* Creates WindowsHook monitoring cbt activity.
[ Process/window information ]
* Creates an event called ZAAllowEvent.
* Creates an event called SGAllowEvent.
* Creates an event called NISAllowEvent.
* Creates an event called OPAllowEvent.
* Creates an event called MAAllowEvent2.
* Attempts to access service "vsmon".
* Creates an event called ActiveZA.
* Attempts to access service "SmcService".
* Creates an event called ActiveSG.
* Attempts to access service "wscsvc".
* Attempts to access service "SharedAccess".
* Attempts to access service "Symantec Core LC".
* Creates an event called ActiveNIS.
* Attempts to access service "OutpostFirewall".
* Creates an event called ActiveOP.
* Attempts to access service "MpfService".
* Creates an event called ActiveMA.
* Attempts to access service "WinRoute".
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
Von: LinkinPark92
25.08.07 - 10:55
25.08.07 - 10:55
Welchen Virenscanner hast du? Check nochmal den Ordner C:/WINDOWS/system32
Von: hilfebedürftig347832
25.08.07 - 16:17
25.08.07 - 16:17
antivir
Von: Steinwalker
26.08.07 - 17:38
26.08.07 - 17:38
ja das is mist das proggi hol dir einfach kaspersky is in vol vielen computer bild drin oder bullguard is aber glaub ich nur für vista dann klappt das
Logge dich ein um einen Beitrag zu schreiben.