-
کمک در حذف تروجان
سیستمم به یک تروجان مبتلا شده.. متاسفانه همه آنتی ویروس هام واسه 2009 هست و قادر به شناسایی نیستن..
این تروجان امنیت سیستم منو به شدت پایین آورده و مصرف اینترنتم به حداکثر رسیده. و همین طور از dial up استفاده میکنم و قادر به آپدیت آنتی ویروس نیستم. از آنجایی که autorun هست با نصب مجدد ویندوز باز خواهد گشت. قصد fdisk هم ندارم.
دوستان اگه بتونن روش حذف دستی رو به من معرفی کنن... لطف میکنن.
نمودنم چرا نمیتونم فایل رو ضمیمه کنم.
این اطلاعاتی هست که سایت چک کننده از نظر ویروس هست و نتیجه این بود. نام یکی از فایلهای آلوده سیستمم در خط اول نتیجه نوشته شده. fipv.exe و در پایینتر آنتی ویروسهایی که شناساییش میکنن و نامی که برای این ویروس قرار دادن رو معرفی کردن.
کد:
File fipv.exe received on 2010.03.19 09:33:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 25/42 (59.53%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.19 Backdoor.Win32.Cetorp!IK
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.194 2010.03.18 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.18 Win32:Malware-gen
Avast5 5.0.332.0 2010.03.18 Win32:Malware-gen
AVG 9.0.0.787 2010.03.18 Generic17.CWQ
BitDefender 7.2 2010.03.19 -
CAT-QuickHeal 10.00 2010.03.19 Win32.Backdoor.Tofsee.I.3.Pack
ClamAV 0.96.0.0-git 2010.03.19 -
Comodo 4315 2010.03.19 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.03.19 Trojan.Packed.19696
eSafe 7.0.17.0 2010.03.18 Win32.TRCrypt.XPACK
eTrust-Vet 35.2.7374 2010.03.19 -
F-Prot 4.5.1.85 2010.03.18 -
F-Secure 9.0.15370.0 2010.03.19 -
Fortinet 4.0.14.0 2010.03.18 PossibleThreat
GData 19 2010.03.19 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.03.19 Backdoor.Win32.Cetorp
Jiangmin 13.0.900 2010.03.19 -
K7AntiVirus 7.10.1001 2010.03.18 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.03.19 Backdoor.Win32.Cetorp.dl
McAfee 5924 2010.03.18 Generic.dx!pdt
McAfee+Artemis 5924 2010.03.18 Generic.dx!pdt
McAfee-GW-Edition 6.8.5 2010.03.18 Trojan.Crypt.XPACK.Gen
Microsoft 1.5605 2010.03.19 -
NOD32 4956 2010.03.18 a variant of Win32/Kryptik.KD
Norman 6.04.09 2010.03.18 -
nProtect 2009.1.8.0 2010.03.19 -
Panda 10.0.2.2 2010.03.18 Trj/CI.A
PCTools 7.0.3.5 2010.03.19 -
Prevx 3.0 2010.03.19 Medium Risk Malware
Rising 22.39.04.04 2010.03.19 Packer.Win32.UnkPacker.a
Sophos 4.51.0 2010.03.19 -
Sunbelt 5966 2010.03.19 -
Symantec 20091.2.0.41 2010.03.19 Suspicious.Insight
TheHacker 6.5.2.0.238 2010.03.19 Trojan/Kryptik.kd
TrendMicro 9.120.0.1004 2010.03.19 PAK_Generic.001
VBA32 3.12.12.2 2010.03.19 -
ViRobot 2010.3.19.2236 2010.03.19 Backdoor.Win32.Cetorp.16896
VirusBuster 5.0.27.0 2010.03.18 -
Additional information
File size: 16896 bytes
MD5...: 7ab70025b648c74d68952a798c1783cf
SHA1..: 564989cfaa44248eac6ecbf2b296bc5f575e315f
SHA256: 583de16e0e51efe5bf21d127a93e18c8814d96c1f2c23a14d5d577e2053efac7
ssdeep: 384:dy1rEQ3CSjoxs8+WTzlBA/CCjFCyNFHOctjEZc/HKfP:dWosCSSimlBWCCfF
rwc/K
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x15980
timedatestamp.....: 0x416e8939 (Thu Oct 14 14:12:09 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x11000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x12000 0x4000 0x3c00 7.87 63177a2112d84acd73b065e3a6c8cba4
UPX2 0x16000 0x1000 0x200 2.79 4803d33611ad2b50764169d2bad6f50b
( 4 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> GDI32.DLL: SaveDC
> OLE32.DLL: OleRun
> OLEAUT32.dll: VarPow
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.5%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Clipper DOS Executable (2.5%)
packers (F-Prot): UPX
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3DDE286C0049A06D42E9002DC559A200C829318D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3DDE286C0049A06D42E9002DC559A200C829318D</a>
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Scan another file
سایت معرفی ویروس به زبان فارسی
[PHP]http://cert.um.ac.ir/Article281.html[/PHP]
