Nytt msn virus:S

http://msn-videos.obxhost.net/ Akta det finns virus på denna sida.
Var så dum så jag tankade flashplayer från sidan och därefter fick jag msn virus ngn som vet hur jag kan få bort detta?

Virusscanna kanske?
Börjar bli lite tjatigt med alla som postar alla "nya" msn virus, alla är ändå istortsett baserade på samma sak.
Är man dock dum nog att faktiskt följa länken som är spammat av något random meddelande och dessutom installerar ett program från en okänd sida, är det ganska välförtjänt.

vilket AV har du i datorn?

http://sosvirus.changelog.fr/MSNFix.zip
spara och packa upp filen på skrivbordet >öppna mappen och kör MSNFix.bat, följ anvisningarna. här skapas en logg C:\WINDOWS\msnfix.txt som du postar
guide:
http://changelog.fr/index.php?topic=308.0

Alla länkar från o b x h o s t . c o m är till för att sprida virus, det finns flera exempel i andra trådar. Kontentan är, som vanligt, att allt för få människor tänker efter före innan de klickar på allsköns länkar.

Tack hoppas det funkar

det är ju inte säkert att verktyget är uppdaterat om det tillkommit några nya malware filer men posta loggen du får fram/som skapas

här får du loggen


MSNFix 1.746

C:\Documents and Settings\majo2803\Skrivbord\MSNFix
Sokningen var klar pa 2008-10-01 - 16:04:43,00 By majo2803
normalt lage

************************ Kollar filer

... C:\WINDOWS\admintxt.txt
... C:\WINDOWS\admintxt.txt
... C:\WINDOWS\windowsupdate.exe

************************ Kollar mappar

Inga Mappar Funna




************************ Tar bort virus filer

.. OK ... C:\DOCUME~1\majo2803\LOKALA~1\Temp\winlogon.exe
.. OK ... C:\DOCUME~1\majo2803\LOKALA~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\cftmon.exe
/!\ ... C:\WINDOWS\admintxt.txt
/!\ ... C:\WINDOWS\admintxt.txt
.. OK ... C:\WINDOWS\windowsupdate.exe



************************ Rensar registret



************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20081001160613
-- original size 259.24 Kb / 9241 lines
-- Start cleaning Hosts file ....

/!\... antivirus.com ..... Found and removed
/!\... avast.com ..... Found and removed
/!\... ca.com ..... Found and removed
/!\... mcafee.com ..... Found and removed
/!\... spybot.info ..... Found and removed


-- final size 257.81 Kb / 9197 lines
-- entry Found : 5 / Entry check : 310

End .............................. 15.44 Secondes





Resten av filerna tas bort efter omstart


************************ Tar bort virus filer

.. OK ... C:\WINDOWS\admintxt.txt
.. OK ... C:\WINDOWS\admintxt.txt





************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20081001160900
-- original size 257.81 Kb / 9197 lines
-- Start cleaning Hosts file ....



-- final size 257.81 Kb / 9197 lines
-- entry Found : 0 / Entry check : 310

End .............................. 20.24 Secondes

spara HJTInstall.exe på skrivbordet >klicka på filen >välj install och klicka på: "do a system scan and save logfile".
posta den loggen från txt filen som visas då.
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Frågan e hur du fattar loggarna hahaha.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:16, on 2008-10-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
c:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Winamp\winampa.exe
C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\V0400Mon.exe
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Steam\Steam.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\VOIPlay\voiplay.exe
C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0400Mon.exe] C:\WINDOWS\V0400Mon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [VOIPlay] "C:\Program\VOIPlay\voiplay.exe"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211810209815
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.global
O17 - HKLM\Software\..\Telephony: DomainName = student.global
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.global
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program\Delade filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9468 bytes

finns inget skräp i loggen men du får testa dig fram och se om allt är ok

Det ska jag tack så mycket.

kolla om du har dessa filer och isf när dom är skapade
C:\WINDOWS\system32\install_flash_player.exe
C:\WINDOWS\WLXPGSS.SCR