악성코드 antivirus 2008에 감염되어 치료중입니다.-_-.. 정보
악성코드 antivirus 2008에 감염되어 치료중입니다.-_-..
본문
어떤 루트로 감염되었는지는 모르겠지만 이게 어떻게 걸려버렸네요....
익스플로러 실행시키면 팝업들이 뜨면서 뭐라뭐라 하면서 악성코드 치료해라고 창도 뜨고...
바탕화면에는 이상한 성인사이트 아이콘도 생성되고 -_-.....
윈도우 접근까지 첨에는 안되고 안전모드로 접근하려고 해도 무한 부팅되버리고
부팅중 F8 눌러서 이전에 성공한 모드로 부팅후 윈도우로 들어왔습니다..
이게 램상주와 동시에 프로그램 추가/삭제 에도 안보이고.. 레지스터에 까지 등록이 되어있으니..
그리고 안렙에서도 Fakeav 백신을 올려놨던데 이걸로도 저는 검색이 되지 않아 포기하고
결국은 이미 저보다 먼저 걸리신분들의 조언을 토대로 malwarebytes 프로그램으로 치료중이
네요.
이게 AVG anti-spyware 와 카스퍼스키에서도 못잡아주네요...지독한 악성코드...
혹시나 추후에 저와 비슷한 경험을 겪는 분이 생길지도 모르니 USB메모리에 항상 저런 프로그
램을 마련해두시기 바랍니다.
ㅡㅡㅡㅡㅡㅡ
아래는 치료항목 ㅡㅡ;;
Malwarebytes' Anti-Malware 1.28
데이터베이스 버전: 1225
Windows 5.1.2600 Service Pack 2
데이터베이스 버전: 1225
Windows 5.1.2600 Service Pack 2
2008-10-02 오전 12:04:25
mbam-log-2008-10-02 (00-04-25).txt
mbam-log-2008-10-02 (00-04-25).txt
검색 유형 : 전체 검색 (C:\|D:\|)
검사되는 목표: 130495
시간 경과: 18 minute(s), 30 second(s)
검사되는 목표: 130495
시간 경과: 18 minute(s), 30 second(s)
메모리를 프로세스에 감염: 1
메모리 모듈에 감염: 0
레지스트리 키에 감염: 5
레지스트리 값에 감염: 18
레지스트리 데이터를 상품에 감염: 0
폴더를 감염: 2
파일에 감염: 38
메모리 모듈에 감염: 0
레지스트리 키에 감염: 5
레지스트리 값에 감염: 18
레지스트리 데이터를 상품에 감염: 0
폴더를 감염: 2
파일에 감염: 38
메모리를 프로세스에 감염:
C:\WINDOWS\system32\YUR3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\YUR3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
메모리 모듈에 감염:
(검출되는 악의 있는 품목 없음)
(검출되는 악의 있는 품목 없음)
레지스트리 키에 감염:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
레지스트리 값에 감염:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur60.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur61.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur60.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur61.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur60.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur61.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur60.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur61.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur62.exe (Trojan.Agent) -> Quarantined and deleted successfully.
레지스트리 데이터를 상품에 감염:
(검출되는 악의 있는 품목 없음)
(검출되는 악의 있는 품목 없음)
폴더를 감염:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
파일에 감염:
C:\WINDOWS\system32\YUR3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007346.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007347.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007348.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007350.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\JH\바탕 화면\Micro Antivirus 2009.lnk (Rogue.XPertAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\JH\바탕 화면\GAY FETISH SEX.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\JH\Local Settings\Temp\TDSS40f3.tmp
C:\WINDOWS\system32\YUR3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007346.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007347.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007348.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007350.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9FDD48A9-7EEC-429D-8F96-2FE7EB283491}\RP44\A0007351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\JH\바탕 화면\Micro Antivirus 2009.lnk (Rogue.XPertAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\JH\바탕 화면\GAY FETISH SEX.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\JH\Local Settings\Temp\TDSS40f3.tmp
ㅡㅡㅡㅡㅡㅡㅡㅡㅡ
추천
0
0
댓글 3개
존알람(방화벽)을 써보세요~~(추천)
치료는 안돼지만 차단은 할수있습니다...
치료는 안돼지만 차단은 할수있습니다...
악성 프로그램은..
보통 크랙이나 불법 다운로드 한 파일에 잘 끼워져 있더라고요...
주의해서 받아야 할것 같습니다.
보통 크랙이나 불법 다운로드 한 파일에 잘 끼워져 있더라고요...
주의해서 받아야 할것 같습니다.
포맷~~~~~~ㅋㅋㅋㅋㅋㅋㅋ