Forum » Pomoč in nasveti » POMOČ - ntdlr.exe - Troj/Feutel-CH Trojan
POMOČ - ntdlr.exe - Troj/Feutel-CH Trojan
mirando ::
Alo mojstri,
Imam težave z zgoraj navedenim virusom/črvom?!
Ima kdo kakšne izkušnje z odstranjevanjem, ali obstaja kak dober removal tool?!
Očitno se nahaj v nekem startupu v registry-u!!!!
AVG antiviru ga redno zaznava....?!
Prosim za pomoč - hvala
M.
Imam težave z zgoraj navedenim virusom/črvom?!
Ima kdo kakšne izkušnje z odstranjevanjem, ali obstaja kak dober removal tool?!
Očitno se nahaj v nekem startupu v registry-u!!!!
AVG antiviru ga redno zaznava....?!
Prosim za pomoč - hvala
M.
detroit ::
mislim da tega fajla ne mores kr zbrisat oz razkuzit (kar pomeni v velik primerih lih brisanje) zato si dob copy tega fajla pa ga v safe modu deletej ce se da ce ne pa z eno systemsko disketo zazen comp (win98 ftw:) in bris pa posnam tanovga ofc seveda se lahk pojavijo problemi z updatanimi winsi (lahk da je tud ta fajl updatan bog ve)
Skero
mirando ::
ja saj...klasični worm....sem že gledal!
nikjer pa ni natančnega postopko odstranjevanja...?! :(
nikjer pa ni natančnega postopko odstranjevanja...?! :(
mirando ::
rešeno!
ntdlr.exe sem umaknil iz zagonskih procesov!
v registry-u še najbrž tiči kak gremlin; ampak dokler se ne zgodi vse deluje OK....
ntdlr.exe sem umaknil iz zagonskih procesov!
v registry-u še najbrž tiči kak gremlin; ampak dokler se ne zgodi vse deluje OK....
amigo_no1 ::
Klikni na link ki sem ga dal
Lepo piše zavitku Advanced
This section contains the description and advanced technical information
Troj/Feutel-CH is a Trojan for the Windows platform.
Troj/Feutel-CH includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Feutel-CH copies itself to Windows\ntdlr.exe and creates the following files:
Windows\ntdlr.dll
Windows\ntdlr_Hook.DLL
The file ntdlr.dll is detected as Troj/Feutel-P.
The file ntdlr.exe is registered as a new system driver service named "Windows Internet Server", with a display name of "Windows Internet Server" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Windows Internet Server\
Troj/Feutel-CH changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\
Lepo piše zavitku Advanced
This section contains the description and advanced technical information
Troj/Feutel-CH is a Trojan for the Windows platform.
Troj/Feutel-CH includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Feutel-CH copies itself to Windows\ntdlr.exe and creates the following files:
Windows\ntdlr.dll
Windows\ntdlr_Hook.DLL
The file ntdlr.dll is detected as Troj/Feutel-P.
The file ntdlr.exe is registered as a new system driver service named "Windows Internet Server", with a display name of "Windows Internet Server" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Windows Internet Server\
Troj/Feutel-CH changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\
Vredno ogleda ...
Tema | Ogledi | Zadnje sporočilo | |
---|---|---|---|
Tema | Ogledi | Zadnje sporočilo | |
» | problem z odpiranjem strani v IEOddelek: Omrežja in internet | 1960 (1775) | bbf |
» | Regedit in brisanje ključaOddelek: Pomoč in nasveti | 4393 (4184) | Silvano |
» | Dual boot Vista in XP problem.Oddelek: Operacijski sistemi | 1253 (1123) | matjaz23 |
» | zajedalski spywareOddelek: Operacijski sistemi | 2596 (2263) | hunter01 |
» | Par problemov z XPjiOddelek: Operacijski sistemi | 2725 (1971) | Mercier |