Daca poza de mai jos iti este cunoscuta inseamna ca esti unul dintre norocosii care s-au virusat cu cea mai noua varianta de Win32\Sality.
Eroarea (C:\resycled\boot.com is not a valid Win32 application) apare la incercarea de a accesa o partitie din sistem.
Rezolvarea e relativ simpla: se descarca ComboFix de aici: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Apoi te asiguri ca ai inchis toate programele care ruleaza (yahoo messenger, firefox, etc) si rulezi apoi ComboFix. Te va intreba daca sa inceapa curatirea. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii si teoretic PC-ul tau este curat.
Virusul este foarte raspandit si m-am gandit sa postez aici o solutie pentru cei care s-au confruntat cu el.
Related posts:
Loading ...
Am avut problema asta si nu stiam cum sa scap de ea. A mers cu ComboFix de minune. Multumim de ajutor!
my drive cannot open please solution
multumesc de ajutor!sa va tina cel de sus in putere ,avem nevoie de voi!
am shi ei o probl…am reinstalat windows, shi mi-am descarcat de pe net niste kitturi fara sa am antiv instalat….acum deschid calc shi nu pot intra decat pe net …..nu pot sa accesez nik de pe desktop, my computer nici atat, taskbar deloc, start menu delos….nik….ma ajuta cineva pls….fara sa reinstalez windows?
MERCI
probl, te rog foloseste forum-ul si posteaza acolo problema ta.
sall la toata lumea am revenit iar cu o mare preblama
am schimbat dvd r si cand am dat drumu la calc am primit mesaju Disk Boot Failure.Insert System Disk And Press Enter. Ce inseamna asta ?????? Va rog ajutatima.Multumesc
Dar eu folosesc win xp 64b pe care programul spune ca nu poate rula. Alta varianta pentru acest os?
mi la detectat mie bitdifender dar a srus ca nu este virus
catalin: ce ti-a detectat Bitdefender ?
excelent programel mi-a reparat partitia 100%, adica sa intru normal in d:, fara clik dr si explore
Bravo si multam mult!
Iti multumesc mult de tot pt acest program. M-ai ajutat enorm.
Cel mai bine folositi direct acest program, nu formatati partitia pt ca o formatati degeaba.
acum merge sa accesez partitia.excelent.mersi
Acesta este log.txt dupa scanare:
ComboFix 09-02-04.04 – Cody 2009-02-05 18:47:36.1 – NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1748 [GMT 2:00]
Running from: c:\documents and settings\Cody\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\docume~1\Cody\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Cody\LOCALS~1\Temp\tmp2.tmp
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-0-7-54-100010239-100031690-100008103-7906.com
c:\windows\system32\drivers\gaopdxmrdbbmjk.sys
c:\windows\system32\drivers\gaopdxorwwvtnk.sys
c:\windows\system32\drivers\gaopdxshhbddeh.sys
c:\windows\system32\gaopdxlwxwhyyq.dll
D:\Autorun.inf
d:\recycler\S-0-7-54-100010239-100031690-100008103-7906.com
d:\recycler\S-3-3-48-100010236-100003026-100017277-8185.com
d:\recycler\S-3-4-69-100007964-100022877-100015787-7997.com
d:\recycler\S-4-8-52-100027025-100032109-100008810-4215.com
E:\Autorun.inf
e:\recycler\S-0-7-54-100010239-100031690-100008103-7906.com
e:\recycler\S-3-3-48-100010236-100003026-100017277-8185.com
e:\recycler\S-3-4-69-100007964-100022877-100015787-7997.com
e:\recycler\S-4-8-52-100027025-100032109-100008810-4215.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.
2009-02-05 13:30 . 2009-02-05 13:35 d——– c:\documents and settings\Cody\Application Data\FileZilla
2009-02-05 13:29 . 2009-02-05 13:29 d——– c:\program files\FileZilla FTP Client
2009-02-05 03:28 . 2009-02-05 03:28 7,680 –ahs—- c:\windows\Thumbs.db
2009-02-04 23:47 . 2009-02-04 23:47 d——– c:\windows\Sun
2009-02-04 23:46 . 2009-02-04 23:46 d——– c:\program files\Java
2009-02-04 23:46 . 2009-02-04 23:46 73,728 –a—— c:\windows\system32\javacpl.cpl
2009-02-04 23:41 . 2009-02-04 23:41 d——– c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-04 23:41 . 2009-02-04 23:46 410,984 –a—— c:\windows\system32\deploytk.dll
2009-02-04 23:39 . 2009-02-04 23:39 d——– c:\program files\Adobe Media Player
2009-02-04 23:37 . 2009-02-04 23:37 d——– c:\program files\Common Files\Adobe AIR
2009-02-04 23:36 . 2009-02-04 23:36 d——– c:\program files\Common Files\Macrovision Shared
2009-02-04 23:35 . 2009-02-04 23:39 d——– c:\program files\Common Files\Adobe
2009-02-04 21:39 . 2009-02-04 21:39 d——– C:\app
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 23:05 ——— d—–w c:\documents and settings\Cody\Application Data\uTorrent
2009-02-04 18:37 ——— d–h–w c:\program files\InstallShield Installation Information
2009-02-04 18:31 ——— d—–w c:\documents and settings\Cody\Application Data\Yahoo!
2009-02-04 17:47 ——— d—–w c:\program files\IrfanView
2009-02-04 17:44 ——— d—–w c:\documents and settings\Cody\Application Data\Winamp
2009-02-04 17:43 ——— d—–w c:\program files\Winamp
2009-02-04 17:39 ——— d—–w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-02-04 17:34 ——— d—–w c:\program files\Yahoo!
2009-02-04 17:34 ——— d—–w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-04 17:32 ——— d—–w c:\program files\Reference Assemblies
2009-02-04 17:32 ——— d—–w c:\program files\MSBuild
2009-02-04 16:44 ——— d—–w c:\program files\uTorrent
2009-02-04 16:23 ——— d—–w c:\program files\Eset
2009-02-04 16:23 ——— d—–w c:\documents and settings\All Users\Application Data\ESET
2009-02-04 15:58 ——— d—–w c:\program files\Realtek
2009-02-04 15:57 ——— d—–w c:\program files\DIFX
2009-02-04 15:56 ——— d—–w c:\program files\Common Files\InstallShield
2009-02-04 15:50 ——— d—–w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2007-05-11 8429568]
“NvMediaCenter”=”c:\windows\system32\NvMcTray.dll” [2007-05-11 81920]
“egui”=”c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-07-01 1447168]
“AdobeCS4ServiceManager”=”c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe” [2008-08-14 611712]
“SunJavaUpdateSched”=”c:\program files\Java\jre6\bin\jusched.exe” [2009-02-04 136600]
“RTHDCPL”=”RTHDCPL.EXE” [2006-10-30 c:\windows\RTHDCPL.exe]
“SkyTel”=”SkyTel.EXE” [2006-05-16 c:\windows\SkyTel.exe]
“nwiz”=”nwiz.exe” [2007-05-11 c:\windows\system32\nwiz.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\uTorrent\\uTorrent.exe”=
“c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe”=
“d:\\Jocuri\\Counter-Strike\\hl.exe”=
“c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe”=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“5353:TCP”= 5353:TCP:Adobe CSI CS4
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.entretieneteds.vze.com
FF – ProfilePath – c:\documents and settings\Cody\Application Data\Mozilla\Firefox\Profiles\x8f2ttbv.default\
FF – prefs.js: browser.startup.homepage – hxxp://www.google.ro
FF – component: c:\program files\Mozilla Firefox\extensions\{4037A226-F33F-427c-803C-DB710DB665EA}\components\bhelper.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 18:48:43
Windows 5.1.2600 Service Pack 3, v.3180 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-02-05 18:49:38
ComboFix-quarantined-files.txt 2009-02-05 16:49:24
Pre-Run: 44,944,912,384 bytes free
Post-Run: 45,321,342,976 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=”Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect /usepmtimer /NoExecute=OptIn
125
[...] La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul ACOLO. http://www.faravirusi.com/2008/11/22/cresy…cum-scap-de-el/ Asa am [...]
Mersi frumoas petru soft chiar aveam nevoie de acest SOFT….MERSI FRUMOS:-bd
Salut. N-am probleme cu resycled.boot.com din cate stiu, dar am probleme similare. La un moment dat, trebuie sa-mi fi intrat un virus ceva, caci computerul s-a restartat brusc, apoi la repornire, reteaua wireless mi-a picat, iar programe antivirus precum SuperAntiSpyware, Registry Firewall sau Norton Security (cel preinstalat odata cu Vista) nu mai merg dandu-mi eroare gen “is not a valid Win32 application”.
System Restore nu da rezultate, scanul Malware mi-a gasit doar doi backdoor bot-i, fara sa remedieze situatia, Registry Medic mi-a gasit vreo 1000 de probleme, dar la fel, iar ComboFix nu merge, nu poate porni.
Ce-i de facut?
philip, fa o scanare cu Dr. Web CureIT. Daca nu functioneaza, descarca Avira RescueCD de aici: http://dlpro.antivir.com/down/vdf/rescuecd/rescuecd.iso
Pune imaginea pe un CD\DVD.
Dezactiveaza System Restore (click-dreapta pe My Computer-> Properties, selectezi System Restore si bifezi “Turn off system restore on all drives”. Confirmi cu OK)
Restarteaza PC-ul si booteaza de pe disc-ul creat anterior.
Alege limba engleza apasand pe steagul corespunzator: al Marii Britanii.
Apoi la Configuration, seteaza sa stearga\redenumeasca fisierele infectate. Apoi apasa Start scan.
Sa traiesti nene…:D Ms mult..
mersi …
Combofix este BETON…. aveam un virus nasol, imi mergea greu calculatorul si netul, l-am rulat si dupa aceea zbarnaia ^^
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
De ce apare “Open with” si imi da lista de programe cand vreau sa deschid partitia D sau C ???? Imi spune-ti si mie va rog ce sa fac???Multumesc!
@Monica: Incearca solutia descrisa aici: http://www.faravirusi.com/2009/05/06/nu-se-deschide-partitia-la-dublu-click-drive-is-not-accessible-access-is-denied/
Daca nu, revino cu un log HijackThis.
am facut exact cum ai spus tu mai sus si cred ca am scapat de problema. cand porneam calculatorul imi aparea o eroare(ff.exe a intampinat o problema…..). cum ma uitam la un film sau ascultam muzica isi dadea restart calc. acum sper sa nu mai am probleme. mersi mult
NU REUSESC SA SCAP DE NIMIC .. AM LUAT COMBOFIX DAR CAND INTRU IN EL SPUNE : ComboFix.exe is a not valid win32 application ce pot sa fac ?