Vir v Boot Sectoru

[CrazyManer]

zdravim,

kdyz zapinam pocitac tak mi tam najednou zaclo skakat TrendAway Chip MicroVirus Boot Protection nebo tak nejak, a pise mi to ze mi to naslo virus v bootsectoru, nechal sem radsi zaplej pocitac, a kdyz jsem prisel k pocitaci asi po hodině tak sem měl blue screen ... pls help me, nevíte někdo co mám dělat?

[CrazyManer]

nobody knows ?

[X]

Na to pomáhal jen celkový formát harddisku (žádný rychlý, ten vir přežije).

[d'0N3]

Si pak nezapomen zapnou ochranu boot sektoru v biosu.

[CrazyManer]

omg, tak to radsi pockam nez mi vir znici data sam nez abych je nicil proto aby je neznicil

[Kosak]

Dobry den,

pouzite Recovery konzolu s prikazom "fixmbr".

[Pic]

Co za program hlásí uvedené? Podle mne to je spíše trojan a chce do PC nastěhovat další veteš. Dej do sekce Hijack This log a vyčkej, než se na to nějaký odborník mrkne. Jinak Boot viry se vcelku nevyskytuji, ale mohu se mýlit a je to něco nového.

[Owner]

Low level formát to vše vyřeší!

[CrazyManer]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:13:56, on 16.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Documents and Settings\GoldDigga\Plocha\dsksve7\DeskSave.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\JetAudio\jetAudio.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\GoldDigga\Plocha\ZÁSTUPCI\HiJackThis_v2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [XPize Reloader] C:\WINDOWS\XPize\XPizeReloader.exe /S
O4 - HKCU\..\Run: [DeskSave] C:\Documents and Settings\GoldDigga\Plocha\dsksve7\DeskSave.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c8e2ea82c72cd8) (gupdate1c8e2ea82c72cd8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4352 bytes

[Kosak]

HijackThis je tu na dve veci. Postupuj podla toho, co som napisal vyssie.

[CrazyManer]

netusim co je to Recovery konzola