--> Archiwum Forum
Mutant z Krainy OZ [ Legend ]
Trojan - co za dziadostwo?
Na obrazku obok zaznaczone jest coś w czym kryje się Trojan.Jeemp.C. Przez to, że jest używany przez winde nie da się go usunąć:/ Nie wiem czy to jest coś bez czego winzgroza nie może pracować czy coś. Można to bez skutków ubocznych wyłączyć i usunąć?
U_N [ -KOCHAM ANIE- ]
a masz go spakowanego ??
Mutant z Krainy OZ [ Legend ]
To jest ten plik->
Może to głupie pytanie, ale wolę się upewnić, bo kiedyś taka akcja źle się skończyła dla mojego systemu;)
U_N [ -KOCHAM ANIE- ]
wesz znajdz w google strone MksVir'a spakoj ten plik i im wyslij oni ci pomoga juz 3 razy chyba im cos wysylalem izawsze dostawalem info o virusie, mialem ten adres ale po ostatnich pozadkach usunolem go ze skrzynki przypadkiem
Trzepiskor [ SETH ]
a sprobuj
Spy-boot moze to pomorze
piokos [ ]
spróbuj w trybie awaryjnym Spy-Botem, Ad aware'm....
tygrysek [ behemot ]
msrexe - msrexe.exe - Process Information
Process File: msrexe or msrexe.exe
Process Name: Remote Access / Hacking tool / ICQ trojan
Description: Added to the system as a result of an ICQ Trojan that alters Win.ini and System.ini files and generates several. .exe-files with randomly chosen names.
Company: N/A
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A
tygrysek [ behemot ]
lub takie info:
BackDoor-G2.svr.21
A 'Medium-Level' trojan that arrives as an attachment in your email, it is usually disguised as a picture file (.JPG or .BMP). When you click on the picture file, two '.EXE' files are loaded onto your hard drive, MSREXE.EXE and one of the following three: RUN.EXE, WINDOS.EXE or MUEEXE.EXE.
Unfortunately, these files may not be on your hard drive under these particular names. Look also for garbled files, like: 'RLSIEHTOS2ERSKLDSOXZK.EXE'.
This trojan allows remote access, via the internet, to your user files and data files. You may see strange boxes pop up on your screen, or keystrokes being entered without your interaction.
The trojan can also make changes to your WIN.INI, SYSTEM.INI and Registry files. These changes will result in an error message popping up everytime you try to run a program with a '.EXE' extension. The error message may say "cannot find MSREXE.EXE or something wierd like, "cannot find RLSIEHTOS2ERSKLDSOXZK.EXE".
Removal
Do not clean or delete any of the infected files yet!
First off, it's important to realize that older versions of anti-virus software won't necessarily find this trojan.
Some may find it, and clean or delete the infected files, but won't repair the Registry. Look for information on your anti-virus program's website.
The registry changes that are made by BackDoor-G2.svr.21 will prevent you from running any '.EXE' programs, which means REGEDIT.EXE can't be run at this time. If you try to start a program with a '.EXE' extension you'll get an error box that says 'File Not Found'. Make note of the file it says it can't find The example above is RLSIEHTOS2ERSKLDSOXZK.EXE.
(Anywhere the file MSREXE.EXE is mentioned, it may be replaced with this other filename.)
It's necessary to rename REGEDIT.EXE to REGEDIT.COM. Files with a '.COM' extension are also executable program files!
(In WindowsNT, you would change REGEDIT32.EXE to REGEDIT32.COM)
Start a DOS session by clicking on START/PROGRAMS/DOS PROMPT, or click on START/RUN, type COMMAND and press ENTER. At the DOS prompt, make sure you're in the Windows directory, and type:
REN REGEDIT.EXE REGEDIT.COM
Close out of the DOS session.
Now, from Windows, you can click on START/RUN and type REGEDIT. The Registry Editor will open. If you're not familiar with making changes to the Registry, get someone who is!
Check out
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. When you click on the 'Run' key, delete any entries that make reference to the trojan. Look at the 'RunServices' key in this area and delete any references found there.
Next, look under
HKEY_CLASSES_ROOT\exefile\shell\open\command. You'll see the entry:
(Default) = MSREXE.EXE "%1"%*
Change this to read: (Default) = "%1"%*
Do the same for the identical entry under HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command.
Also, check under HKEY_CLASSES_ROOT for the key '.dl'. If you find it, delete it.
Exit the Registry Editor.
Edit the WIN.INI file. If there is any reference to the trojan on the line that says 'run=', then delete it. For example, if the line says
run=RLSIEHTOS2ERSKLDSOXZK.EXE, then change it to just read
run= .
Edit the SYSTEM.INI file. Under the [boot] section, If there is any reference to the trojan on the line that says 'shell=', then change it. The line should only say shell=EXPLORER.EXE.
Restart the computer, search for any of the files associated with the trojan and delete them. Make sure the original email and attached trojan are deleted.
..::Tr0yAn::.. [ Konsul ]
tylko nie dziadostwo, tylko nie dziadostwo, dobra?!! ;)
Jarvis [ Legionista ]
Ja go usunalem i nic sie nie stalo. Przynajmiej narazie nic sie nie dzieje.