De cateva zile circula pe Yahoo! messenger un nou virus (denumit Palevo) care trimite cateva link-uri ca cele de mai jos, precedate de un text:
fotooo ha http://www.facebook-style.com/image.php?=pic346436.JPG=
hahaha footo http://tinyurl.com/38bj2cp – nume fisier: ano.exe si descarca hxtp://82.114.87.46/a2re.jpg
http://hit-img.com/image.php
hahaha footo http://www.toplmages.com/image.php
foto: http://msearch-lmages.com/image.php
foto: http://save.infos-blog.net/photos/pic08052010-jpg.scr
foto: http://jbillu.net/image/IMG08052010-JPG.scr
foto: http://space4lamges.com/image.php
foto: http://facrebook-img.net/photo.php
foto: http://lmg001.com/getimage.php
foto: http://spacelmagesfor.com/getimage.php
foto: http://www.flaceboolk-img.com/image.php
foto: http://forestphotos.net/getimage.php
foto: http://myspacee-img.com/getimage.php
foto: http://fotolmg.com/getimage.php
foto: http://easyuploadphoto.com/getimage.php
foto: http://emoticlmages.com/getimage.php
foto: http://onlinelmages.com/getimage.php
foto: http://lmages4vip.com/image.php
foto: http://lmages1.com/image.php
foto: http://205.234.171.116/suspended.page/IMAGE-www.facebook.com-0412478-JPG.exe
foto: http://moourl.com/0r0xm
foto: http://flacksbooks.com/image.php
foto: http://qwx.si/a7t
foto: http://cubaslmages.com/image.php
foto: http://i.phatobuckats.com/image.php
foto: http://drm-lmages.com/image.php
foto: http://urlmages.com/image.php
foto: http://ficasebokse.com/image.php
foto: http://photos4vpspace.com/image.php
foto: http://bflmages.com/image.php
foto: http://dlmages.com/image.php
foto: http://space4l.com/image.php
foto: http://imsn-lmages.com/image.php
foto: http://space4foto.com/image.php
foto: http://phlmages.com/image.php
foto: http://viplmages.com/image.php
foto: http://discophotos.net/image.php
foto: http://fotolucky.net/image.php
foto: http://walletimages.com/image.php
foto: http://privfotos.com/image.php
foto: http://photo4urspace.com/image.php
foto: http://lmagesspot.com/image.php
foto: http://keralawebhosting.biz/image.php
foto: http://memorylmages.com/image.php
foto: http://mbi-photos.com/image.php
foto: http://wallerimages.com/image.php
foto: http://foto-spaces.com/image.php
foto: http://joblin.co.nz/image.php
foto: http://margaretiamges.com/image.php
foto: http://beautyphotoson.com/image.php
foto: http://photos-fb.com/image.php
foto: http://facebook-lmg.com/image.php
foto: http://lmagesbucket.com/image.php
foto http://facebook-lmages.com/image.php
foto: http://facebook-imb.com/image.php
foto: http://lmb-space.com/image.php
foto: http://myspace-imb.biz/image.php
foto: http://lmages-space.com/image.php
foto: http://yungimages.net/image.php
foto: http://mimapic.com/image.php
foto: http://post-photos.com/image.php
foto: http://limpskr.com/image.php
foto: http://kompnk.com/image.php
foto: http://yunphotos.net/image.php
foto: http://domeimg.com/image.php
foto: http://vertiphotos.com/image.php
foto: http://twittersphoto.com/image.php
foto: http://myphotoarchives.net/image.php
foto: http://mycomimg.com/image.php
foto: http://funwiththisguy.com/image.php
foto: http://red-myspace.com/image.php
foto: http://ariafotos.com/image.php
foto: http://zhelefun.com/image.php
foto: http://tviceimg.com/image.php
foto: http://tuesimages.com/image.php
foto: http://ceceliaimg.com/image.php
Odata accesat acest link primit pe messenger de la un contact din lista, vi se va oferi spre descarcare un fisier cu o denumire asemanatoare cu cea de mai jos:
IM56245.JPG-www.myspace.com.exe
Cei mai multi nu vor vedea extensia de la final .exe, deoarece Windows-ul vine setat by default sa nu afiseze extensia unui fisier. (Mare greseala dupa parerea mea)
Pentru a nu lungi vorba, iata cum puteti scapa de acest intrus:
Metoda 1: Descarcati Malwarebytes Anti-Malware.
Instalati-l si la sfarsit asigurati-va ca ati bifat urmatoarele: Update Malwarebytes’ Anti-Malware si Launch Malwarebytes’ Anti-Malware. Apoi apasati Finish
Dupa lansarea programului, selectati Perform quick scan (sau Full scan, dar dureaza mult mai mult) si apoi apasati pe Scan.
Dupa ce termina apasati OK si apoi Show Results. Asigurati-va ca e totul bifat si apoi apasati Remove Selected.
La final va solicita restartarea PC-ului.
Metoda 2: Descarcati Kaspersky Removal Tool si scanati partitia C:\ cu el, stergand infectiile gasite.
Metoda 3:
Descarcati ComboFix si salvati-l pe Desktop.
Apoi asigurati-va ca ati inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si rulati ComboFix. Va va intreba daca sa inceapa sa curete sistemul. Confirmati cu Yes de fiecare data. Nu-l opriti in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu va ingrijorati.
La sfarsit va afisa rezultatele scanarii. Salvati acel fisier si trimiteti-mi continutul prin e-mail.
Metoda 4: Faceti un log HijackThis, trimiteti-mi-l prin e-mail si va voi da solutia manuala de dezinfectie, adaptata fiecarui utilizator in parte.
Este nevoie uneori si de aceasta solutie, fiindca virusul creeaza denumiri aleatorii ale fisierelor.
Pentru cei interesati de mai multe detalii, virusul creeaza urmatoarele fisiere:
%Windir%\infocard.exe (acesta va fi si procesul activ; sunt folosite si alte denumiri, cum ar fi net.exe sau net1.exe)
%Windir%\mds.sys
%Windir%\mdt.sys
%Windir%\winbrd.jpg
De asemenea urmatoarele chei registry ii apartin:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [Firewall Administrating = "%Windir%\infocard.exe"]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\ [Firewall Administrating = "%Windir%\infocard.exe"]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ [Firewall Administrating = "%Windir%\infocard.exe"]
Prin aceste intrari in registry-ul Windows, virusul isi asigura rularea la fiecare pornire a computer-ului.
Daca ai reusit sa cureti aceasta infectie, iti recomand sa cumperi versiunea PRO a Malwarebytes Anti-Malware pentru a te proteja si pe viitor de astfel de amenintari, avand in vedere ca nu au fost detectate\eliminate de antivirusul tau actual.
Loading ...
ComboFix 10-10-19.04 – adelina 10/20/2010 18:54:49.1.1 – FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.120 [GMT 3:00]
Running from: c:\documents and settings\adelina\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.
2010-10-20 11:32 . 2010-10-20 11:32 ——– d—–w- c:\windows\LastGood
2010-10-20 11:32 . 2009-10-22 10:54 37392 —-a-w- c:\windows\system32\drivers\18531472.sys
2010-10-20 11:32 . 2009-10-09 20:31 315408 —-a-w- c:\windows\system32\drivers\1853147.sys
2010-10-20 11:32 . 2009-09-25 14:59 128016 —-a-w- c:\windows\system32\drivers\18531471.sys
2010-10-20 10:37 . 2010-10-20 10:37 ——– d—–w- c:\documents and settings\adelina\Application Data\Malwarebytes
2010-10-20 10:37 . 2010-04-29 12:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 10:37 . 2010-10-20 10:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 10:37 . 2010-04-29 12:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 10:36 . 2010-10-20 10:36 ——– d—–w- c:\program files\Malwarebytes’ Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Messenger (Yahoo!)”=”c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe” [2009-05-26 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=”c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-11-14 1410304]
“WinampAgent”=”c:\program files\Winamp\winampa.exe” [2009-07-01 37888]
“NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2006-10-22 7700480]
“nwiz”=”nwiz.exe” [2006-10-22 1622016]
“NvMediaCenter”=”c:\windows\system32\NvMcTray.dll” [2006-10-22 86016]
“Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-12-21 35760]
“Adobe ARM”=”c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2010-09-21 932288]
“NeroFilterCheck”=”c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
c:\documents and settings\adelina\Start Menu\Programs\Startup\
setup_9.0.0.722_20.10.2010_13-19.lnk – c:\documents and settings\adelina\Desktop\Virus Removal Tool\setup_9.0.0.722_20.10.2010_13-19\startup.exe [2010-10-20 72208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk – c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\uTorrent\\uTorrent.exe”=
“c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
R0 18531472;18531472 Boot Guard Driver;c:\windows\system32\drivers\18531472.sys [10/20/2010 2:32 PM 37392]
R1 18531471;18531471;c:\windows\system32\drivers\18531471.sys [10/20/2010 2:32 PM 128016]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/14/2007 3:06 PM 30728]
R1 setup_9.0.0.722_20.10.2010_13-19drv;setup_9.0.0.722_20.10.2010_13-19drv;c:\windows\system32\drivers\1853147.sys [10/20/2010 2:32 PM 315408]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/14/2007 3:05 PM 455936]
— Other Services/Drivers In Memory —
*NewlyCreated* – 18531471
*NewlyCreated* – 18531472
*NewlyCreated* – SETUP_9.0.0.722_20.10.2010_13-19DRV
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.google.ro/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel – c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {9BDA277F-9AD6-4258-9C1D-F03F4F7CAF52} = 213.154.124.1 193.231.252.1
FF – ProfilePath – c:\documents and settings\adelina\Application Data\Mozilla\Firefox\Profiles\8071pa58.default\
FF – prefs.js: browser.search.defaulturl – hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF – prefs.js: browser.search.selectedEngine – Google
FF – prefs.js: browser.startup.homepage – hxxp://www.google.ro/
FF – component: c:\documents and settings\adelina\Application Data\Mozilla\Firefox\Profiles\8071pa58.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF – component: c:\documents and settings\adelina\Application Data\Mozilla\Firefox\Profiles\8071pa58.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF – plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF – plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js – pref(“network.IDN.whitelist.xn--mgbaam7a8h”, true);
c:\program files\Mozilla Firefox\greprefs\all.js – pref(“network.IDN.whitelist.xn--mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js – pref(“dom.ipc.plugins.enabled”, false);
.
- – - – ORPHANS REMOVED – - – -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} – (no file)
HKCU-Run-Search Protection – c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
——————— LOCKED REGISTRY KEYS ———————
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=”FlashBroker”
“LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101″
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=”c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe”
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=”IFlashBroker4″
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=”1.0″
.
——————— DLLs Loaded Under Running Processes ———————
- – - – - – - > ‘explorer.exe’(248)
c:\windows\system32\shdoclc.dll
.
Completion time: 2010-10-20 19:17:54
ComboFix-quarantined-files.txt 2010-10-20 16:17
Pre-Run: 1,548,173,312 bytes free
Post-Run: 2,380,398,592 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=”Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=”do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect
- – End Of File – - 072E503CD627AB34B42DCF53352E57DE
ms amice chiar a functionat prima varianta
sper sa nu mai am problema asta
si am incercat singura data sa instalez singura un program si am reusit si chiar si-a facut treaba
multumesc mult
@veres simmona: Cu placere
Daca mai ai probleme te asteptam aici… si chiar daca nu ai, te asteptam
i nedd to get out of virus
@marcus: Did you follow my instructions ?
ce virus e asta ?
Ð ä n ¥ Ê l: is this you? http://doiop.com/id1.php?=http://www.facebook.com/profile.php
Da mass…cum il scot ?
@eamon: Incearca solutia asta: http://www.faravirusi.com/2010/11/30/solutie-virusul-is-this-you-facebookui-netprofile-php/
Am avut si eu virusul asta, nu stiu exact ce am facut dar am scapat de el:)). Asa, dar acum ceva timp am primit un mesaj de la o prietena pe care o cunosc de jumatate de viata, in romana , ceva de genu ” fata uite asta e colega cu mine si are 24 de ani =)) [link]” am intreabt-o daca e virus nu stiu ce si a zis ceva de genu “ce-ai fata, eu si virusii=))” in fine, l-am luat ca proasta, dupa care imi zice tot fata aia, eu nepatind nimic pana atunci :” fata, am o problema, intri tu la mine pe mess sa ma ajuti sa imi schimb parola [sau nu mai stiu ce mi-a zis, oricum ceva credibil ] si i-am zis da. ea mi-a dat aparenta ei parola, si eu i-am dat-o pe a mea pentru ca mi-a cerut-o chipurile sa comunicam. cand sa intru la ea pe mess, marea tzaca! a inceput sa intre si la mine pe mess, sa vorbeasca efectiv cu prietenii mei:|. am ramas uimita, dar mi-am recuperat parola si am schimbat-o, evident.
IN CONCLUZIE: POATE FI SI CEL MAI BUN PRIETEN, CEL MAI DE INCREDERE, NU DA FRATE CLICK LA CE NU STII! [zic asta pentru ca si eu mi-am luat-o]
multumesc de sfaturi
. deja mi-am sters toti prietenii din lista de mess ca le dadusem tuturor parola mea si ma gandeam sa nu am surprize 
. mai mult, unii imi trimiteau link-uri subversive de genul “www.youtube.com” si am decis sa nu dau crezare unor astfel de provocari marsave.
pe o scara de la 1 la 10 tu cam pe unde crezi ca te situezi, 10 fiind blonda autentica ?
eu am dat din greseala pe un link cu face-poc…si am virus,nu am fost atent si a intrat virusu in pc,acum nu mai vad scrisu de pe mess…:|….. acum sa vad daca reusesc cu prima varianta si revin cu unu topic
e bun….am scapat de virusu ala
salut ma poti ajuta si pe mine cu virusul assta?
1) XXX: Scuze de deranj, la tine merge www.jdetector.com ? mie imi zice busy cand bag un id acolo
2) XXX: incearca sa scanezi id meu pe www.Jdetector.com sa vezi ce imagine am la avatar
3) XXX: Salut, daca te intrebi dc primesti asa multe mass-uri cu www.Jdetector.com , trebuie neaparat sa citesti asta: http://www.jdetector.com/unsubscribe/
Precizez ca doar pe un id l-am capatat . MS mult.
@vlad: Ai intrat pe site-ul respectiv si ai descarcat fisierul oferit cumva?
sincer sa fiu nu retin asa ceva. am reinstalat windows ul deci ma gandesc ca nu ar si avut unde sa ramana. metionez ca doar pe id ul ala trimite mass uri doar cand nu sunt logat.
PS. uite si mesaje ca astea a mai trimis :
xxx (01/11/2011 3:34:57 PM) : Daca vrei sa descarci melodii sau filme de pe youtube, acuma poti, nu trebuie sa instalezi nici un program in pc, intri pe vvv.YGrabber.com si introduci link-ul de youtube. PS: trimite si tu mai departe
xxx (12/26/2010 3:55:01 PM) : hahahaha uite aici !!! vvv.FazePenale.com numai pot de ras…
Scuze am pus linkul corect prima data.
@vlad: Incearca sa-mi trimiti un log HijackThis pe faravirusicom@gmail.com
Am investigat site-urile respective si fisierul jdetector.exe, dar nu observ comportament malitios.
Trebuie sa fie altceva.
cand fac acest log HijackThis?
@vlad: Il poti face chiar acum. Ai instructiuni aici: http://www.faravirusi.com/2008/10/16/hijackthis-log-instructiuni/
am trimis.
Am reusit din prima cu varianta 1
Pana sa gasesc solutiile date de voi am incercat o gramada de alte metode, urma sa imi reinstalez sistemul de operare. Bine ca v-am gasit la timp. Multumesc foarte frumos.
am si eu virusul ala. am urmat pasii si la hijack mi’a aparut asta…ma poti ajuta te rog?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:04 PM, on 3/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Join Air\AssistantServices.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\jusched.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/2/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 – URLSearchHook: UrlSearchHook Class – {00000000-6E41-4FD3-8538-502F5495E5FC} – C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 – URLSearchHook: Winamp Search Class – {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} – C:\Program Files\Winamp Toolbar\winamptb.dll
R3 – URLSearchHook: DeviceVM Url Search Hook – {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} – C:\WINDOWS\system32\dvmurl.dll
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 – URLSearchHook: McAfee SiteAdvisor Toolbar – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class – {EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 – URLSearchHook: Zynga Toolbar – {7b13ec3e-999a-4b70-b9cb-2617b8323822} – C:\Program Files\Zynga\tbZyn0.dll
O2 – BHO: btorbit.com – {000123B4-9B42-4900-B3F7-F4B073EFC214} – C:\Program Files\Orbitdownloader\orbitcth.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: PriceGong – {1631550F-191D-4826-B069-D9439253D926} – C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 – BHO: Winamp Toolbar Loader – {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} – C:\Program Files\Winamp Toolbar\winamptb.dll
O2 – BHO: Zynga Toolbar – {7b13ec3e-999a-4b70-b9cb-2617b8323822} – C:\Program Files\Zynga\tbZyn0.dll
O2 – BHO: Ajutor conectare Windows Live – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 – BHO: McAfee SiteAdvisor BHO – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SWEETIE – {EEE6C35C-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 – BHO: Norton Safe Web Lite BHO – {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} – C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 – BHO: HP Smart BHO Class – {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 – Toolbar: McAfee SiteAdvisor Toolbar – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 – Toolbar: SweetIM Toolbar for Internet Explorer – {EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: Grab Pro – {C55BBCD6-41AD-48AD-9953-3609C48EACC7} – C:\Program Files\Orbitdownloader\GrabPro.dll
O3 – Toolbar: Winamp Toolbar – {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} – C:\Program Files\Winamp Toolbar\winamptb.dll
O3 – Toolbar: Zynga Toolbar – {7b13ec3e-999a-4b70-b9cb-2617b8323822} – C:\Program Files\Zynga\tbZyn0.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 – Toolbar: Ask Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 – Toolbar: Norton Safe Web Lite – {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} – C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [UIExec] “C:\Program Files\Join Air\UIExec.exe”
O4 – HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 – HKLM\..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [msnmsgr] ~”C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 – HKCU\..\Run: [3DRelax Product Alerter] C:\Documents and Settings\ADmin\Application Data\3DRelax Product Alerter\TrioTrayApp.exe
O4 – HKCU\..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] ~”C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 – Startup: FlipToast.lnk = C:\Program Files\FlipToast\FlipToast.exe
O4 – Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 – Extra context menu item: &Download by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 – Extra context menu item: &Grab video by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 – Extra context menu item: &Winamp Search – C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 – Extra context menu item: Do&wnload selected by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 – Extra context menu item: Down&load all by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 – Extra button: (no name) – {53F6FCCD-9E22-4d71-86EA-6E43136192AB} – (no file)
O9 – Extra button: (no name) – {925DAB62-F9AC-4221-806A-057BFB1014AA} – (no file)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: HP Smart Select – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256818813731
O16 – DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) – https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{EC5D5E2E-0EC8-40A9-BF42-4EEF480D18CA}: NameServer = 82.76.253.115 82.76.253.125
O18 – Protocol: dssrequest – {5513F07E-936B-4E52-9B00-067394E91CC5} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 – AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: ES lite Service for program management. (ES lite Service) – Unknown owner – C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 – Service: Manager Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: McAfee SiteAdvisor Service – McAfee, Inc. – c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: Norton Safe Web Lite (NSL) – Symantec Corporation – C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
O23 – Service: PLFlash DeviceIoControl Service – Prolific Technology Inc. – C:\WINDOWS\system32\IoctlSvc.exe
O23 – Service: UI Assistant Service – Unknown owner – C:\Program Files\Join Air\AssistantServices.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
–
End of file – 15120 bytes
mie mia trimis asa si lam luat Foto si mi se trimite 1 data la 5 min
In Hijack-This bifeaza si apasa Fix Checked pentru liniile:
O4 – HKLM\..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe
O4 – HKCU\..\Run: [Java developer Script Browse] C:\WINDOWS\jusched.exe
Apoi descarca Removal.zip, dezarhiveaza si executa fisierul Removal.bat.
De cateva zile tot primesc massuri de la ID-uri necunoscute cu un site… mai exact http://www.x1u .eu.Le-am dat ignore dar vad ca primesc de la alte ID-uri acum…Cum pot sa rezolv problema sa nu mai primesc massuri?
@Vexx: Problema nu este la tine, ci la cei care trimit. Sunt niste roboti, nu persoane reale, cei care trimit asemenea mesaje. Am primit si eu de cateva ori. Solutia este sa apesi “Report Spam” si apoi “Ignore”. Vor dispare dupa un timp.
sal. mai devreme sora mea a dat un click pe un link (hxtp://paidly.com/ifR1DY) iar dupa catva timp a a dat alte link-uri fantoma (htxp://paidly.com/W5AHH4) si tot asa. cum sa scap de el? il gasesc in regedit? am antivirus NOD32 si nu l-a gasit. alte sugestii? mersi
@Zoone: Ai aici solutia: http://www.faravirusi.com/2011/04/11/solutie-virusul-httppaidly-com-pentru-yahoo-messenger/
salut. mersi de reply dar cum am spus, sora mea e cea care a activat virusul asta si mi-a zis ca a downloadat ceva fisier .exe (PIC976242742133-JPG-www.facebook.com). am dat search dar nu il gasesc.
@Zoone: Nu trebuie sa cauti acel fisier. El este sters in momentul rularii chiar de catre virus. Cel mai probabil procesul activ este jusched.exe, dupa cum am scris in articol.
Ruleaza doar o scanare cu Malwarebytes Anti-Malware conform instructiunilor si vei scapa de infectie.
@Radu FaraVirusi(com): am instalat ComboFix. A scanat, a procesat, a sters virusii si dupa ce am intrat pe Yahoo Mesenger, minune… totul e perfect. Bine ca am iintrat aici la voi pe site. Mersi de ajutor Radu. Numai bine si sarbatori fericite. Daca mai am probleme o sa mai intru. Numai bine. :0
Respecte, Zoone.
am si eu o problema am primit de la un pieten de pe mess cica Foto:D si linkul am dat pe iel ca prostul si am primit ceva de descarcat sa descarcat si cica instalat eu find tampit sa fac asa chestie a aparus sai dau Ok misepare si la mess dupa ce am dat restart a inceput sa trimita mesaje eu aveam ID meu in lista si am observat ca EU imi trimit MIE aceiasi chestie Foto:D si linkul nustiu cum sa scap dar mia aparut daca vreau sami sterg toate adresele din lista ce fac
am rulat antivirusul am sters cateva infecti dar tot afel imi fac va rog sami spuneti ce sa fac plz
(((http://x61.ch/186df8))))))) dupa ce am primit link-ul asta, la cateva min mi se albastreste lista toata si imi intra messul in bara (yahoo messenger)
@mihai pop: Link-ul respectiv nu mai functioneaza, directioneaza spre site-ul principal, care este unul de prescurtat link-uri. Trimite-ne un log HijacThis pentru a vedea despre ce e vorba.
problema mea este ca de catva zile prietenii de pe lista de mess se plang ca primesc messaje cu my profile , am rulat o scanare cu Malwarebytes Anti-Malware dar nu a gasit nici o infectie , ajutati-ma , devine devine penibila toata povestea. multumesc
@cibocip: Trimite-mi prin email mesajul exact pe care-l trimiti tu prietenilor, cu link.
Salut. Am primit de la o adresă de Messenger Yahoo! pe care nu o am în listă următorul mesaj, cu funcţie de link: http://WWW.X1U.EU
Nu i-am dat click, ci doar am selectat textul mesajului ca să-i dau un search cu google. La selecţie, mesajul mi-a apărut în întregime ca fiind: IE Wh 8 V 8Wnrv1Cf<WWW.X1U.EU
Pe google mi-a dat mai multe rezultate, printre care şi site-ul tău. În câteva dintre cele pe care apărea linkul se dădea şi sugestia de a instala antiviruşi sau antimalware pentru a da un scan calculatorului.
Întrebarea mea: dacă nu am dat curs linkului din mesaj, este posibil să-mi fie calculatorul infectat? Precizez că mesajul nu mi s-a salvat în Message Archive şi nu am primit de la calculator nici un fel de atenţionări privitor la vreo problemă. Am instalat un Avast. De asemenea, după ce am primit mesajul, am şters Temporary Internet Files.
Merci.
Am scris aici despre problema: http://www.faravirusi.com/2011/02/04/spam-cu-site-porno-pe-yahoo-messenger/
Mulţumim frumos. Deci e clar că nu m-am infectat. Ar fi fost naşpa.
Merci încă o dată.
Buna,am o problema, de pe adresa mea de yahoo-mail se trimit automat e.mail-ri la toata lista de contacte.Initial erau sub forma ‘ no subject’ si contineau reclame la produse farmaceutice,acum apar sub forma de mai jos:
iulia…………… Re: Re: I am my own boss
Hey.
I could see my future fading fast this got me back on my feet in no time now nobody would dare disrespect me this is just between us
http://wbopole.home.pl/CraigBaker87.html
talk to you soon.
E-mail-l se trimite zilnic fara ca eu sa fiu logata.
Te rog da-mi o solutie sa rezolv problema.
buna ….va rog sa ma ajutati urgent !!!! de 2 zile mi se tot trimit mass-uri celor din lista mea cu urmatorul link rofl lol hxxp://i2.tinyphotohd.com/g.php?5u9c1&res ……cred ca e virus …nu stiu cum sa scap de el .
Ai antivirus instalat?
@Yana: Foloseste solutia descrisa aici: http://www.faravirusi.com/2011/10/09/solutie-virusul-rofl-lol-htttpi2-tinyphotohd-comg-php5u9c1res-pentru-yahoo-messenger/
Va multumesc foarte mult ca m-ati ajutat !!!:*
ce virus e asta? haha hxxp://s9.megaphotohost.com/g.php?j7d4h6b-Picture38.JPG
Buna…am apasat din greseala cred..deobicei nu dau click pe nimic din ce primesc si dupa cateva zile am vazut ca numai am aproape nici un id in lista si daca dau add dupa ce imi zice finish nu apare id ul in lista ..iar cei pe care nu ii mai vad in lista ei ma vad pe mine online?poti sa ma ajuti ca nu stiu ce sa fac:(? mersi
Sall all ! Am si eu o problema unei prietene ii se schimba din 5 in 5 min sts … cu cv gen ( Iau M#ie, Sug P#la, etc …) SCZ CA NU AM CENZURAT :d … si nu stie cum sa scape de el + ca primeste cate 1 mesaj automat de la diferite ID cu acelashi continut …. ce sa faca ??? a dat igg la alea dar tot nu scapa …. ziceti rpd
Am aflat virusul !!!
htxp://www.ymland.com/schimbare-status <—– asta e dar nu dati click pe el eu am dat dar nu mi sa infectat PC am noroc
dar io vreau sa trimit virusi unuia pe mess qum fac/:)))) sa ma scap de el dami private msg sa il distrug pe ala dar virus sa numai se aleaga nimic din pc;))