YaSVeLi Posted November 10, 2008 Share Posted November 10, 2008 arkadaşlar bu virüs ile başımm belada yardım ederseniz sevinirimmm ! virüsün çalışma mantığı kopyalama yapıncaa çalışıyorr sistem dosyası olarak çalışıyorr diye biliyorumm ama bi türlüü silemiyorummm ms-dos tan siliyorum fakatt bilgisayarı yeniden başlatınca tekrar geliyorr autorun.inf dosyasıylaa virüs programlarıylaa tarattığımda görmüyorr ! Link to comment Share on other sites More sharing options...
alperica Posted November 10, 2008 Share Posted November 10, 2008 Taratmayı hangi programla yaptınız? bu virüsün raporu . C:\autorun.inf D:\Autorun.inf D:\r8wb.bat . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))) . 2008-11-08 00:36 . 2006-12-08 00:04 76,800 --a------ c:\windows\system32\E_FLBCCL.DLL 2008-11-08 00:36 . 2006-04-19 00:00 62,976 --a------ c:\windows\system32\E_FD4BCCL.DLL 2008-11-08 00:33 . 2008-11-08 00:39 77 --a------ c:\windows\EPC110.ini 2008-11-07 20:35 . 2008-11-08 00:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\UDL 2008-11-07 20:33 . 2007-03-26 23:01 1,964 --a------ c:\windows\EPBUYINK.HTM 2008-11-04 16:46 . 2008-11-04 16:46 <DIR> d-------- c:\documents and settings\Primeira Impressão\Dados de aplicativos\Media Player Classic 2008-11-04 16:46 . 2008-11-04 16:46 69 --a------ c:\windows\NeroDigital.ini 2008-11-02 17:54 . 2008-11-02 17:54 <DIR> d-------- c:\documents and settings\Primeira Impressão\Dados de aplicativos\AdobeUM 2008-10-29 22:57 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll 2008-10-29 22:49 . 2008-10-29 22:49 <DIR> d-------- c:\arquivos de programas\DAEMON Tools Lite 2008-10-29 22:47 . 2008-10-29 22:47 <DIR> d-------- c:\documents and settings\Primeira Impressão\Dados de aplicativos\DAEMON Tools 2008-10-29 22:47 . 2008-10-29 22:47 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-10-26 20:51 . 2008-11-05 22:46 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\AIDA 2008-10-26 16:36 . 2008-10-26 16:36 <DIR> d-------- C:\ProgramData 2008-10-26 16:36 . 2008-10-26 16:36 <DIR> d-------- c:\documents and settings\Primeira Impressão\Dados de aplicativos\Leadertech 2008-10-26 16:31 . 2008-10-26 16:31 <DIR> d-------- c:\arquivos de programas\EA Sports 2008-10-26 15:22 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-23 10:51 . 2008-11-06 19:05 244 --ah----- C:\sqmnoopt19.sqm 2008-10-23 10:51 . 2008-11-06 19:05 232 --ah----- C:\sqmdata19.sqm 2008-10-23 00:43 . 2008-11-06 18:56 244 --ah----- C:\sqmnoopt18.sqm 2008-10-23 00:43 . 2008-11-06 18:56 232 --ah----- C:\sqmdata18.sqm 2008-10-22 23:01 . 2008-11-06 11:10 244 --ah----- C:\sqmnoopt17.sqm 2008-10-22 23:01 . 2008-11-06 11:10 232 --ah----- C:\sqmdata17.sqm 2008-10-22 13:13 . 2008-11-06 09:35 244 --ah----- C:\sqmnoopt16.sqm 2008-10-22 13:13 . 2008-11-06 09:35 232 --ah----- C:\sqmdata16.sqm 2008-10-22 13:06 . 2008-11-06 02:32 244 --ah----- C:\sqmnoopt15.sqm 2008-10-22 13:06 . 2008-11-06 02:32 232 --ah----- C:\sqmdata15.sqm 2008-10-22 10:03 . 2008-05-09 08:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll 2008-10-22 10:03 . 2008-05-09 08:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll 2008-10-22 10:03 . 2008-05-09 08:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll 2008-10-22 10:03 . 2008-05-09 08:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll 2008-10-22 10:03 . 2008-05-08 09:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe 2008-10-22 10:03 . 2008-05-09 06:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe 2008-10-22 10:03 . 2008-05-09 08:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll 2008-10-22 00:37 . 2008-11-05 21:08 244 --ah----- C:\sqmnoopt14.sqm 2008-10-22 00:37 . 2008-11-05 21:08 232 --ah----- C:\sqmdata14.sqm 2008-10-21 23:55 . 2008-11-05 19:56 244 --ah----- C:\sqmnoopt13.sqm 2008-10-21 23:55 . 2008-11-05 19:56 232 --ah----- C:\sqmdata13.sqm 2008-10-21 23:53 . 2008-11-05 19:44 244 --ah----- C:\sqmnoopt12.sqm 2008-10-21 23:53 . 2008-11-05 19:44 232 --ah----- C:\sqmdata12.sqm 2008-10-21 23:49 . 2008-11-05 14:55 244 --ah----- C:\sqmnoopt11.sqm 2008-10-21 23:49 . 2008-11-05 14:55 232 --ah----- C:\sqmdata11.sqm 2008-10-21 23:42 . 2008-11-05 14:55 244 --ah----- C:\sqmnoopt10.sqm 2008-10-21 23:42 . 2008-11-05 14:55 232 --ah----- C:\sqmdata10.sqm 2008-10-21 15:08 . 2008-11-07 16:38 <DIR> d-------- c:\arquivos de programas\eMule 2008-10-21 14:55 . 2008-10-21 14:55 <DIR> d-------- c:\documents and settings\Primeira Impressão\Dados de aplicativos\Corel 2008-10-21 14:45 . 2008-10-21 14:45 <DIR> d-------- c:\windows\system32\bits 2008-10-21 14:17 . 2008-11-05 19:45 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys 2008-10-21 14:17 . 2008-10-21 14:17 8 -r-hs---- c:\windows\system32\FA351706D4.sys 2008-10-21 14:12 . 2008-10-21 14:52 <DIR> d-------- c:\arquivos de programas\Corel 2008-10-21 14:03 . 2008-10-21 14:03 <DIR> d-------- c:\arquivos de programas\MSXML 4.0 2008-10-21 14:00 . 2008-10-21 14:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel 2008-10-21 13:54 . 2008-11-05 14:55 244 --ah----- C:\sqmnoopt09.sqm 2008-10-21 13:54 . 2008-11-05 14:55 232 --ah----- C:\sqmdata09.sqm 2008-10-21 13:10 . 2008-11-05 14:55 244 --ah----- C:\sqmnoopt08.sqm 2008-10-21 13:10 . 2008-11-05 14:55 232 --ah----- C:\sqmdata08.sqm 2008-10-21 10:36 . 2008-11-05 14:54 244 --ah----- C:\sqmnoopt07.sqm 2008-10-21 10:36 . 2008-11-05 14:54 232 --ah----- C:\sqmdata07.sqm 2008-10-21 09:15 . 2008-11-08 10:54 244 --ah----- C:\sqmnoopt06.sqm 2008-10-21 09:15 . 2008-11-08 10:54 232 --ah----- C:\sqmdata06.sqm 2008-10-21 09:06 . 2008-11-08 10:37 244 --ah----- C:\sqmnoopt05.sqm 2008-10-21 09:06 . 2008-11-08 10:37 232 --ah----- C:\sqmdata05.sqm 2008-10-21 08:58 . 2008-11-08 10:34 244 --ah----- C:\sqmnoopt04.sqm 2008-10-21 08:58 . 2008-11-08 10:34 232 --ah----- C:\sqmdata04.sqm 2008-10-21 08:45 . 2008-11-08 02:45 244 --ah----- C:\sqmnoopt03.sqm 2008-10-21 08:45 . 2008-11-08 02:45 232 --ah----- C:\sqmdata03.sqm 2008-10-21 08:44 . 2008-11-07 16:38 244 --ah----- C:\sqmnoopt02.sqm 2008-10-21 08:44 . 2008-11-07 16:38 232 --ah----- C:\sqmdata02.sqm 2008-10-21 00:53 . 2008-10-21 00:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel(2) 2008-10-21 00:41 . 2008-10-21 00:41 <DIR> d-------- c:\windows\l2schemas 2008-10-21 00:40 . 2008-10-21 00:41 <DIR> d-------- c:\windows\ServicePackFiles 2008-10-21 00:05 . 2008-08-14 11:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-21 00:05 . 2008-08-14 11:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-21 00:05 . 2008-08-14 11:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-21 00:05 . 2008-08-14 11:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-21 00:05 . 2008-09-15 13:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-21 00:05 . 2008-09-08 08:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-11 18:04 . 2008-10-11 18:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield 2008-10-11 18:03 . 2008-10-11 18:03 <DIR> d-------- c:\arquivos de programas\EPSON Print CD 2008-10-11 18:02 . 2008-11-08 00:36 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\EPSON 2008-10-11 18:02 . 2006-12-08 00:04 76,800 --a------ c:\windows\system32\E_FLBCKL.DLL 2008-10-11 18:02 . 2006-04-19 00:00 62,976 --a------ c:\windows\system32\E_FD4BCKL.DLL 2008-10-11 18:02 . 2007-06-08 00:00 306 --a------ c:\windows\EPBUYINK.RTF 2008-10-11 18:01 . 2008-11-08 00:39 <DIR> d-------- c:\arquivos de programas\EPSON 2008-10-11 00:55 . 2008-10-11 00:55 <DIR> d-------- c:\documents and settings\Primeira Impressão\Dados de aplicativos\Autodesk 2008-10-10 02:06 . 2008-10-10 02:06 <DIR> d-------- c:\arquivos de programas\Ubisoft 2008-10-10 02:04 . 2008-10-10 02:04 <DIR> d-------- c:\arquivos de programas\WexTech 2008-10-10 02:04 . 2008-10-10 02:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\LHSPF 2008-10-10 02:04 . 1997-12-17 19:33 304,128 --a------ c:\windows\IsUninst.exe 2008-10-10 02:04 . 2000-05-02 11:03 225,280 --a------ c:\windows\system32\awrtl30.dll 2008-10-10 02:04 . 1998-08-04 12:22 111,616 --------- c:\windows\system32\Ltih30tb.dll 2008-10-10 02:03 . 2008-10-10 02:03 <DIR> d-------- c:\documents and settings\Primeira Impressão\WINDOWS 2008-10-10 02:03 . 2008-10-10 02:03 <DIR> d-------- c:\documents and settings\Primeira Impressão\WINDOWS 2008-10-10 02:03 . 2008-10-10 02:04 <DIR> d-------- c:\arquivos de programas\Volo View Express 2008-10-10 02:03 . 2008-10-10 02:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wextech Shared 2008-10-10 02:03 . 2000-10-20 14:25 487,184 --a------ c:\windows\system32\Mrt7enu.dll 2008-10-10 02:03 . 2000-10-20 14:25 446,464 --a------ c:\windows\system32\hhactivex.dll 2008-10-10 02:03 . 2000-10-20 14:25 299,520 --a------ c:\windows\uninst.exe 2008-10-10 02:03 . 2000-10-20 14:25 79,360 --a------ c:\windows\system32\acdbres.dll 2008-10-10 02:03 . 2000-10-20 14:25 31,744 --a------ c:\windows\system32\Hlp95en.dll 2008-10-10 02:02 . 2008-10-11 00:55 <DIR> d-------- c:\arquivos de programas\AutoCAD 2002 2008-10-10 02:02 . 2008-10-10 02:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Autodesk Shared . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-08 02:39 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-08 02:38 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield 2008-10-22 12:25 --------- d-----w c:\arquivos de programas\MSN Messenger 2008-10-21 16:59 --------- d-----w c:\documents and settings\Primeira Impressão\Dados de aplicativos\Ahead 2008-10-07 02:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel 2008-10-06 00:35 --------- d-----w c:\arquivos de programas\Google 2008-10-06 00:34 --------- d-----w c:\arquivos de programas\Marcos Velasco Security 2008-10-06 00:34 --------- d-----w c:\arquivos de programas\CCleaner 2008-10-06 00:32 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack 2008-10-06 00:26 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe 2008-10-06 00:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems 2008-10-06 00:24 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared 2008-09-29 18:48 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead 2008-09-29 18:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero 2008-09-29 18:47 --------- d-----w c:\arquivos de programas\Nero 2008-09-29 13:19 --------- d-----w c:\arquivos de programas\Arquivos comuns\Hewlett-Packard 2008-09-29 13:18 --------- d-----w c:\arquivos de programas\HP 2008-09-28 01:18 --------- d-----w c:\arquivos de programas\NVIDIA Corporation 2008-09-28 01:17 --------- d-----w c:\documents and settings\Primeira Impressão\Dados de aplicativos\InstallShield 2008-09-28 01:13 --------- d-----w c:\arquivos de programas\Vtune 2008-09-28 01:00 --------- d-----w c:\arquivos de programas\microsoft frontpage 2008-09-28 00:59 --------- d-----w c:\arquivos de programas\Serviços on-line 2008-09-28 00:58 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços 2008-09-27 14:35 --------- d-----w c:\arquivos de programas\Microsoft.NET 2008-09-27 14:34 --------- d-----w c:\arquivos de programas\Microsoft Works 2008-09-27 14:22 155,995 ----a-w c:\windows\java\Packages\9RN13N13.ZIP 2008-09-27 14:22 --------- d-----w c:\arquivos de programas\Alwil Software 2008-09-27 14:16 --------- d-----w c:\arquivos de programas\DIFX 2008-09-27 14:14 315,392 ----a-w c:\windows\HideWin.exe 2008-09-27 14:14 --------- d-----w c:\arquivos de programas\Realtek 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:24 2,149,376 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:24 2,028,032 ----a-w c:\windows\system32\ntkrnlpa.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "EPSON Stylus Photo R290 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKL.EXE" [2007-04-13 182272] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] "EPSON Stylus C110 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICCL.EXE" [2007-03-12 182272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\arquivos de programas\Vtune\TBPanel.exe" [2007-11-27 2162688] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2006-09-27 81920] "nwiz"="nwiz.exe" [2007-11-28 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Primeira ImpressÆo\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Registration Chessmaster 10th Edition.LNK - c:\arquivos de programas\Ubisoft\Chessmaster 10th Edition\Register\RegistrationReminder.exe [2003-11-06 864256] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94a5fc52-967c-11dd-bf5b-001fc62502d6}] \Shell\AutoRun\command - K:\r8wb.bat \Shell\explore\Command - K:\r8wb.bat \Shell\open\Command - K:\r8wb.bat *Newly Created Service* - PROCEXP90 . . ------- Scan Suplementar ------- . R0 -: HKCU-Main,Start Page = hxxp://www.uol.com.br/ R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.uol.com.br/ O8 -: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, Please register to see this content. Rootkit scan 2008-11-08 11:14:32 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-11-08 11:14:53 ComboFix-quarantined-files.txt 2008-11-08 13:14:51 Pré-execução: 11 pasta(s) 79.212.052.480 bytes disponíveis Pós execução: 11 pasta(s) 79,259,635,712 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 227 --- E O F --- 2008-10-26 18:08:01 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, November 8, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 08, 2008 12:53:29 Records in database: 1374491 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 56188 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 00:49:46 File name / Threat name / Threats count C:\Qoobox\Quarantine\D\r8wb.bat.vir Infected: Trojan-GameThief.Win32.Magania.ajnd 1 The selected area was scanned. Link to comment Share on other sites More sharing options...
canpolat11 Posted November 10, 2008 Share Posted November 10, 2008 arkadaşım combofix programını kullanabilirsin forumda arat mevcut.saygılar Link to comment Share on other sites More sharing options...
hackerss Posted November 11, 2008 Share Posted November 11, 2008 arkadaşım en kolay yolu bana göre kendin temizleyeceksin. bu türden .bat uzantılı dosyalar genelde dosyalara bulaşmaz sadece içinde yazılı komutları çalıştırır. -öncelikle windowsu güvenli modda başlat -Başlat/Çalıştır/cmd -bilgisayarım ve cmd pencerelerini yanyana dikey döşe -cmd için komut: ''c:\attrib -a -r -s -h *.*'' komut başına ''c:\'' yazmayacaksın tabiki o aktif sürücü -c sürücüsü içindeki tüm gizli dosyalar görüntülenir büyük ihtimal senin ''R8wb.bat'' da görülecektir ama bazı dosyalar hemen kendini gizler onun için göründüğünde hemen Shift+delete ile sil -aynı komutu diğer sürücülerin içinde kullan örnek ''d:\attrib -a -r -s -h *.*'' , ''e:\attrib -a -r -s -h *.*'' vs. -ama şuna dikat et sürücüleri kesinlikle çift tıklayıpta açma klasörler seçeneğini aktif hale getirip sürücüyü tek tıklama ile aç -bunları yaptıktan sonra regedit içinde ''R8wb.bat'' dosyasını arat ve bulduğu tüm kayıt girdilerini sil -kontrol için yukarıdaki cmd komutlarını tekrar dene -bilgisayarı yeniden başlat -bendede .bat uzantılı bazı dosyalar oldu bu yöntemin faydasını gördüm. inşallah sende de işe yarar Link to comment Share on other sites More sharing options...
kerim67 Posted November 14, 2008 Share Posted November 14, 2008 arkadsım bende de o virüs vard ı ama simdi yok ben onu şu programla sildim kavo_killer trojen temizleyici link vereyim Please register to see this content. Link to comment Share on other sites More sharing options...
comet Posted July 10, 2010 Share Posted July 10, 2010 arkdaşım başlangıçta çalışan programlarda exesini pc açılışında çalıştırıyor olabilir o yüzden msconfig te tik işareti varsa kaldır ayrıca regeditte arattır dosya ismini bulursa dosyayı sil direk o zmn etkinliği gitmesi lazım. ayrıca sürücüleri çift tıklamada adres çubuğunun açılan kutusunu tıklayarak sürücü yüe gir bu nedenle autoran çalışmamış olur. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.