jalilnoori
13-08-2012, 08:06
سیستم یک ویروس گرفته که انتهای تمام فایل های عکس و فیلم این پسوند رو گذاشته وقتی هم پاکش می کنم فیلم یا عکس اجراء نمیشه کسی هست بگه چطور میشه فایل ها رو ریکاور کرد ؟ ویروس رو پاک کردم ...
مشاهده نسخه کامل
: کمک در مورد یک ویروس که انتهای فایل های فیلم و عکس پسوند .cnVe32LgAR گذاشته
jalilnoori
13-08-2012, 09:24
من هارد رو باز کردم و وصل کردم به یک سیستمی که ویروس کش nod داشت nod رسمی نه کرک شده اونم 27 تا مورد رو پاک کرد لاگش رو هم می گذارم پائین ولی حالا چطوری فایل ها رو ریکاور کنم این پسوند رو هم پاک می کنم هیچی درست نمیشه تمام فایل های عکس و فیلم و .rar دیگه قابل اجرا نیست ... اینم لاگ ویروس کش :
Scan Log
Version of virus signature database: 7378 (20120812)
Date: 08/13/2012 Time: 08:06:18 Þ.Ù
Scanned disks, folders and files: E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\
E:\Documents and Settings\All Users\Application Data\5Yr1pyJrMBTnjg.exe - Win32/Adware.HDDRescue.AB application - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll - Win32/Adware.Yontoo.B application - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\RECYCLER\S-1-5-21-8331251543-0940697828-545595868-0891\MsMxEng.exe - Win32/Peerfrag.EC worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\regsvr.exe - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\system32\regsvr.exe - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\system32\setup.ini - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\system32\svchost .exe - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
F:\asli desktop\u9.96.exe - a variant of Win32/UltraReach potentially unsafe application - deleted - quarantined
F:\utility\narm afzaR\MOFID\installer_anydvd_6_5_4_4_English.exe » NSIS » Script.nsi - Win32/Toggle potentially unwanted application - was a part of the deleted object
F:\utility\narm afzaR\MOFID\SoftonicDownloader_for_aol-instant-messenger.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application - deleted - quarantined
F:\utility\narm afzaR\MOFID\winamp5581_full_emusic-7plus_en-us.exe » NSIS » OCSetupHlp.dll - Win32/OpenCandy potentially unsafe application - was a part of the deleted object
F:\utility\narm afzaR\MOFID\filter shekan jadid\U90.exe - probably a variant of Win32/UltraReach.AB potentially unsafe application - deleted - quarantined
F:\utility\narm afzaR\MOFID\filter shekan jadid\U91.exe - probably a variant of Win32/UltraReach.AB potentially unsafe application - deleted - quarantined
G:\DESKTOP\SoftonicDownloader_for_cryptcd.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application - deleted - quarantined
G:\DESKTOP\u1004.exe - Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\DESKTOP\U1008.exe - Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\DESKTOP\u998.exe - a variant of Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\DESKTOP\u999.exe - Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\ljy\SoftonicDownloader_for_bittorrent.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application - deleted - quarantined
G:\NARMAFZAR\NARM AFZAR\BitDefender Antivirus 2009 Build 12.0.11\Patch.exe - MSIL/HackAV.B potentially unsafe application - deleted - quarantined
G:\NARMAFZAR\NARM AFZAR\Dr.Hardware 2008 9.0e\Setup.exe » CAB » fix2.exe » RAR » mirc.exe » THINSTALL » ifx.dll - Win32/HideWindow potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\EDraw Soft Diagrammer 3.3\Setup.exe » INNO » {app}\ssloader.e32 - a variant of Win32/KeyLogger.Ardamax.NAS potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\PDF Password Remover 3.1\Crack.exe » RAR » winDecrypt.exe - Win32/PSWTool.PdfCracker.B potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\PDF Password Remover 3.1\Setup.exe » INNO » {app}\winDecrypt.exe - Win32/PSWTool.PdfCracker.B potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\Personal PC Spy 1.9.7\Crack.exe » RAR » 9355.exe - a variant of Win32/InvisibleKeylogger.AA potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\PhraseBook English-Persian(Farsi) 4.1.29\Crack.exe » RAR » PBStub.exe - a variant of Win32/HackTool.Patcher.N potentially unsafe application - was a part of the deleted object
H:\AXE KHANEVADEGI\pic\Pictures\Pictures .exe - Win32/Sohanad.NCB worm - cleaned by deleting - quarantined [1]
Number of scanned objects: 464539
Number of threats found: 27
Number of cleaned objects: 27
Time of completion: 08:58:19 Þ.Ù Total scanning time: 3121 sec (00:52:01)
Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[4] Object cannot be opened. It may be in use by another application or operating system.
Scan Log
Version of virus signature database: 7378 (20120812)
Date: 08/13/2012 Time: 08:06:18 Þ.Ù
Scanned disks, folders and files: E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\
E:\Documents and Settings\All Users\Application Data\5Yr1pyJrMBTnjg.exe - Win32/Adware.HDDRescue.AB application - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll - Win32/Adware.Yontoo.B application - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\RECYCLER\S-1-5-21-8331251543-0940697828-545595868-0891\MsMxEng.exe - Win32/Peerfrag.EC worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\regsvr.exe - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\system32\regsvr.exe - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\system32\setup.ini - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
E:\WINDOWS\system32\svchost .exe - Win32/Sohanad.NCB worm - cleaned by deleting (after the next restart) - quarantined [1,2]
F:\asli desktop\u9.96.exe - a variant of Win32/UltraReach potentially unsafe application - deleted - quarantined
F:\utility\narm afzaR\MOFID\installer_anydvd_6_5_4_4_English.exe » NSIS » Script.nsi - Win32/Toggle potentially unwanted application - was a part of the deleted object
F:\utility\narm afzaR\MOFID\SoftonicDownloader_for_aol-instant-messenger.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application - deleted - quarantined
F:\utility\narm afzaR\MOFID\winamp5581_full_emusic-7plus_en-us.exe » NSIS » OCSetupHlp.dll - Win32/OpenCandy potentially unsafe application - was a part of the deleted object
F:\utility\narm afzaR\MOFID\filter shekan jadid\U90.exe - probably a variant of Win32/UltraReach.AB potentially unsafe application - deleted - quarantined
F:\utility\narm afzaR\MOFID\filter shekan jadid\U91.exe - probably a variant of Win32/UltraReach.AB potentially unsafe application - deleted - quarantined
G:\DESKTOP\SoftonicDownloader_for_cryptcd.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application - deleted - quarantined
G:\DESKTOP\u1004.exe - Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\DESKTOP\U1008.exe - Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\DESKTOP\u998.exe - a variant of Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\DESKTOP\u999.exe - Win32/UltraReach potentially unsafe application - deleted - quarantined
G:\ljy\SoftonicDownloader_for_bittorrent.exe - a variant of Win32/SoftonicDownloader.A potentially unwanted application - deleted - quarantined
G:\NARMAFZAR\NARM AFZAR\BitDefender Antivirus 2009 Build 12.0.11\Patch.exe - MSIL/HackAV.B potentially unsafe application - deleted - quarantined
G:\NARMAFZAR\NARM AFZAR\Dr.Hardware 2008 9.0e\Setup.exe » CAB » fix2.exe » RAR » mirc.exe » THINSTALL » ifx.dll - Win32/HideWindow potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\EDraw Soft Diagrammer 3.3\Setup.exe » INNO » {app}\ssloader.e32 - a variant of Win32/KeyLogger.Ardamax.NAS potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\PDF Password Remover 3.1\Crack.exe » RAR » winDecrypt.exe - Win32/PSWTool.PdfCracker.B potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\PDF Password Remover 3.1\Setup.exe » INNO » {app}\winDecrypt.exe - Win32/PSWTool.PdfCracker.B potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\Personal PC Spy 1.9.7\Crack.exe » RAR » 9355.exe - a variant of Win32/InvisibleKeylogger.AA potentially unsafe application - was a part of the deleted object
G:\NARMAFZAR\NARM AFZAR\PhraseBook English-Persian(Farsi) 4.1.29\Crack.exe » RAR » PBStub.exe - a variant of Win32/HackTool.Patcher.N potentially unsafe application - was a part of the deleted object
H:\AXE KHANEVADEGI\pic\Pictures\Pictures .exe - Win32/Sohanad.NCB worm - cleaned by deleting - quarantined [1]
Number of scanned objects: 464539
Number of threats found: 27
Number of cleaned objects: 27
Time of completion: 08:58:19 Þ.Ù Total scanning time: 3121 sec (00:52:01)
Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[4] Object cannot be opened. It may be in use by another application or operating system.
jalilnoori
13-08-2012, 10:42
یک چیز دیگه این بود که وقتی این اتفاق افتاد یک پیغامی روی صفحه اومد البته روسی بود که در خواست می کرد اگه می خواین مشکلتون حل بشه باید 200 دلار به فلان حساب بریزید در مسکو ... فکر کنم سیستم حک شده باشه حالا راهی داره بنظر دوستان بشه کاری کرد ؟
A M ! N
13-08-2012, 12:32
یک چیز دیگه این بود که وقتی این اتفاق افتاد یک پیغامی روی صفحه اومد البته روسی بود که در خواست می کرد اگه می خواین مشکلتون حل بشه باید 200 دلار به فلان حساب بریزید در مسکو ... فکر کنم سیستم حک شده باشه حالا راهی داره بنظر دوستان بشه کاری کرد ؟
سلام..
از حالت Safe mode بالا بیاین و با برنامه های MBAM و Super Antispyware اسکن انجام بدین.
در آخر ناد رو هم پاک و به جاش نورتون یا ایویرا یا کسپرسکی نصب کنید.
سلام..
از حالت Safe mode بالا بیاین و با برنامه های MBAM و Super Antispyware اسکن انجام بدین.
در آخر ناد رو هم پاک و به جاش نورتون یا ایویرا یا کسپرسکی نصب کنید.
vBulletin , Copyright ©2000-2025, Jelsoft Enterprises Ltd.