×
[PR]上記の広告は3ヶ月以上新規記事投稿のないブログに表示されています。新しい記事を書く事で広告が消えます。
寝る前に 評判のAnti-Malware というソフトで調べてみた。
13件ヒット。
データぱくるウイルスが入ってた。
とりあえず全件消去した。
でも、PC立ち上げ直したら、novi.exe がスタートアップ項目に残ってた。チェックは外れてたけど。レジストリで手動削除。
あと、Temporary Internet Files フォルダに、bs.exe と ist.exe があったな。手動削除した。
困ったことに、adobe フォルダがシステムフォルダ扱いにされたままだった。これだけ、可視フォルダに直せないものか。
いいや、寝る。
(結果)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6420
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
2011/04/23 3:23:25
mbam-log-2011-04-23 (03-23-25).txt
Scan type: Quick scan
Objects scanned: 155616
Time elapsed: 11 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{431M3148-0A7R-8VTL-4G16-2531S1RG4634} (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{431M3148-0A7R-8VTL-4G16-2531S1RG4634} (Trojan.Backdoor) -> Delete on reboot.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Backdoor) -> Value: Policies -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Backdoor) -> Value: Policies -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Defender (Worm.AutoRun) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\my computer\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
13件ヒット。
データぱくるウイルスが入ってた。
とりあえず全件消去した。
でも、PC立ち上げ直したら、novi.exe がスタートアップ項目に残ってた。チェックは外れてたけど。レジストリで手動削除。
あと、Temporary Internet Files フォルダに、bs.exe と ist.exe があったな。手動削除した。
困ったことに、adobe フォルダがシステムフォルダ扱いにされたままだった。これだけ、可視フォルダに直せないものか。
いいや、寝る。
(結果)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6420
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
2011/04/23 3:23:25
mbam-log-2011-04-23 (03-23-25).txt
Scan type: Quick scan
Objects scanned: 155616
Time elapsed: 11 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{431M3148-0A7R-8VTL-4G16-2531S1RG4634} (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{431M3148-0A7R-8VTL-4G16-2531S1RG4634} (Trojan.Backdoor) -> Delete on reboot.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Backdoor) -> Value: Policies -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Trojan.Backdoor) -> Value: Policies -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Defender (Worm.AutoRun) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\my computer\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
PR
この記事にコメントする