Just nu i M3-nätverket
Jump to content

Stealth spy


Niklas73

Recommended Posts

hostfilen är ok, har du obehöriga adresser där så det göra att man inte kommer in överallt.

 

kolla om du har den här mappen, det är bara ta bort isf

C:\Program Files\AWS\WeatherBug

 

edit:

funkar alla andra sidor med ie?

 

[inlägget ändrat 2006-12-28 18:41:52 av 927]

Link to comment
Share on other sites

Har en i C Program Delade Filer/Real som heter weatherbug

 

ska jag ta bor den? Kör Spy Doctor igen och den är uppe i 74 infekterade filer nu.

 

Kör Mozilla men IE funkar och har funkat.

[inlägget ändrat 2006-12-28 18:44:31 av Niklas73]

 

Problemet är ju bara de ständiga attackerna nu då IE funkar men du säger att sånt kan hända? Undrar bara hur de uppstår...

[inlägget ändrat 2006-12-28 18:47:21 av Niklas73]

 

Och att trojan.dumaru finns kvar...

[inlägget ändrat 2006-12-28 18:54:00 av Niklas73]

Link to comment
Share on other sites

ta bort allt weatherbug, tyvärr försvinner inte resterna i registret då.

ta bort SD och lägg in counterspy, det står att det funkar fullt ut i 15 dagar

http://www.sunbelt-software.com/CounterSpy-Download.cfm

http://research.sunbelt-software.com/threatdisplay.aspx?name=Weatherbug&threatid=8503

 

jag får attacker nästan varje dag men du kan ju bifoga din logg i ett abusemail till tdc

 

[25/Dec/2006 00:28:29] "Ids" action = 'detected', raddr = '64.235.98.2', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

[25/Dec/2006 00:28:49] "Ids" action = 'detected', raddr = '64.235.98.2', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

[25/Dec/2006 00:29:28] "Ids" action = 'detected', raddr = '64.235.98.2', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

[25/Dec/2006 00:30:04] "Ids" action = 'detected', raddr = '64.235.98.2', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

[25/Dec/2006 00:30:41] "Ids" action = 'detected', raddr = '64.235.98.2', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

[27/Dec/2006 22:22:29] "Ids" action = 'detected', raddr = '194.158.120.142', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

 

 

 

Link to comment
Share on other sites

SD? Är det search and destory?

 

Tror du problemet är löst nu?

Och de där trojan.dumaru? vad ska jag göra åt dem?

SpyDoctor säger ju att det finns kring 100 infekterade filer men den tar inte bort dem.

Vad var det för kod du klistrade in?

 

 

Link to comment
Share on other sites

Ny SpyDoctor log utan trojaner! Hur ser den här ut?

 

Infection Name Location Risk

Known Bad Sites C:\Documents and Settings\Niklas\Cookies\niklas@066[1].txt High

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@badongo[1].txt Low

Advertising C:\Documents and Settings\Niklas\Cookies\niklas@com[2].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@cybermonitor[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@disney.go[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@engage.everyone[2].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@experts-exchange[1].txt Low

Known Bad Sites C:\Documents and Settings\Niklas\Cookies\niklas@gamedaily[2].txt High

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@gamespy[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@go[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@hit.gemius[2].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@ic-live[1].txt Low

Advertising C:\Documents and Settings\Niklas\Cookies\niklas@infospace[1].txt Low

Advertising C:\Documents and Settings\Niklas\Cookies\niklas@landing.domainsponsor[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@lego[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@mp3downloadhq[1].txt Low

Known Bad Sites C:\Documents and Settings\Niklas\Cookies\niklas@musicmass[1].txt High

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@playsite[1].txt Low

Advertising C:\Documents and Settings\Niklas\Cookies\niklas@promo.match[2].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@shop.lego[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@ugo[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@www.business.lbn[1].txt Low

Known Bad Sites C:\Documents and Settings\Niklas\Cookies\niklas@www.gamedaily[2].txt High

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@www.lego[1].txt Low

Known Bad Sites C:\Documents and Settings\Niklas\Cookies\niklas@www.musicmass[1].txt High

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@www.myaffiliateprogram[1].txt Low

Tracking Cookie(s) C:\Documents and Settings\Niklas\Cookies\niklas@www.starpulse[2].txt Low

Advertising cookies.txt - Line #117 Low

Advertising cookies.txt - Line #118 Low

Advertising cookies.txt - Line #119 Low

Advertising cookies.txt - Line #143 Low

Advertising cookies.txt - Line #144 Low

Advertising cookies.txt - Line #145 Low

Advertising cookies.txt - Line #146 Low

Advertising cookies.txt - Line #147 Low

Advertising cookies.txt - Line #148 Low

Advertising cookies.txt - Line #149 Low

Advertising cookies.txt - Line #15 Low

Advertising cookies.txt - Line #153 Low

Advertising cookies.txt - Line #16 Low

Tracking Cookie(s) cookies.txt - Line #17 Low

Tracking Cookie(s) cookies.txt - Line #18 Low

Common Components for Claria cookies.txt - Line #194 Elevated

Advertising cookies.txt - Line #203 Low

Advertising cookies.txt - Line #217 Low

Advertising cookies.txt - Line #218 Low

Tracking Cookie(s) cookies.txt - Line #219 Low

Tracking Cookie(s) cookies.txt - Line #223 Low

Tracking Cookie(s) cookies.txt - Line #247 Low

Tracking Cookie(s) cookies.txt - Line #248 Low

Advertising cookies.txt - Line #263 Low

Advertising cookies.txt - Line #264 Low

Tracking Cookie(s) cookies.txt - Line #272 Low

Tracking Cookie(s) cookies.txt - Line #281 Low

Advertising cookies.txt - Line #29 Low

Tracking Cookie(s) cookies.txt - Line #297 Low

Tracking Cookie(s) cookies.txt - Line #305 Low

Tracking Cookie(s) cookies.txt - Line #314 Low

Advertising cookies.txt - Line #320 Low

Tracking Cookie(s) cookies.txt - Line #460 Low

Tracking Cookie(s) cookies.txt - Line #47 Low

Advertising cookies.txt - Line #49 Low

Advertising cookies.txt - Line #51 Low

Advertising cookies.txt - Line #52 Low

Advertising cookies.txt - Line #53 Low

Tracking Cookie(s) cookies.txt - Line #55 Low

Tracking Cookie(s) cookies.txt - Line #562 Low

Advertising cookies.txt - Line #62 Low

Tracking Cookie(s) cookies.txt - Line #681 Low

Known Bad Sites cookies.txt - Line #704 High

Tracking Cookie(s) cookies.txt - Line #711 Low

Tracking Cookie(s) cookies.txt - Line #72 Low

Tracking Cookie(s) cookies.txt - Line #75 Low

Tracking Cookie(s) cookies.txt - Line #76 Low

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}## High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore## High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore##Blocked High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore##Count High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore##Time High

YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore##Type High

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}## Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore## Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore##Blocked Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore##Count Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore##Time Elevated

MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore##Type

 

 

Link to comment
Share on other sites

SD är spyware doctor

 

det va min brandväggslogg

 

det är ju fortfarande registernycklar som ska bort men det är nog inget du märker av men du kan ju gå in och kolla vad som finns under den här sökvägen

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

i min datorn har jag inget som heter Stats, det slutar med Ext

 

 

 

Link to comment
Share on other sites

Jag är helt rookie på sånt här. Hu kommer jag tå den sökvägen. Vågar inte köra "Kör..."kommandot. och "sök" hittar den inte.

 

Gott nytt år och tack för all din hjälp.

 

Link to comment
Share on other sites

Nej jag tror det har lsöt sig nu. jag blockerade Norton från att visa att jag attakceras varje havltimme av samma IP. DEnna blockar ju så det händer ju inget. Eller hur tycker du den här tråden ser ut i sin helhet?

 

Link to comment
Share on other sites

Det här var uppe tidigare i tråden, jag vet inte om du åtgärdade det:

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

Det kan bli konstiga konflikter och problem i datorn om man har två antivirusprogram igång. Eftersom Norton har gått ut så avinstallera det och installera en brandvägg som komplettering till AVG, finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...