VÍRUS!

System32-drivers-etc mappa

hosts file-t hol találom a windowsban?

spywsweeper-t futtasd le, letoltes.prim.hu-ról le tudod tölteni. Nekem az bevált erre. Iexplorem kezdõlapja még mindig nem ok, de azzal már nem volt türelmem foglalkozni😊

Köszönöm, csökkentett módban sikerült kitörölni. <#worship>
Igaz, néha még mindig el akarja küldeni <#nevetes1>

Ezek a fájlok nem a windows rendszerfájljai - valami trójai sz@rok. Ezért nyugodtan törölheted. Ha normál indítás után nem engedi, próbáld meg csökkentett módban a törlést.

Sziasztok!

Ma raktam fel a NOD 32-t, egybõl vírust talált. Gyorsan leszedtem a legújabb frissítést (05.13), aztán futtattam egy vírusirtást. 4et meg is ölt, de egy kis buborék még mindig fel-fel villan a jobb alsó sarokban.
Az üzenet kb a következõ:
A win32host.exe + ssvhoost94.exe valószínûleg fertõzött lehet, ezeket akarja elküldeni a NOD32 laborjába.
Mit kellene csinálnom? (elküldeni nem akarom, tört verzióról van szó)

Aki tud, kérem segítsen,
Köszönettel,

Dave

Szerintem valami kamu oldal hogy vedd a termékeiket!!!
Elég furcsa hogy pl a NOD32,Avast,Dr.Web,stb seholsincs!
És ez az új Antivrus progi meg kapásból tarol!

Ez a pcsecurityshield - mia rák ?
Norton meg 2. - ez igen - TOPPPLISTA.

Az egyik toplista.

köszi mindenkinek!
majd elválik, mi fog segíteni rajta...

Találkoztam már ezzel a hibával, ott is csak SP1-e volt a srácnak,ezzel oldódott meg, hogy a szolgáltatásoknál tiltotta.

Cooldocnak igaza van abban, hogy a blaster és a sasser vírusoknál is van ilyen visszaszámolás, de azokat már megfogja minden vírusírtó. (talán)

Nekem is volt... Sasser, vagy Blaster csinálja (talán még a Netsky.
Fel kell tenni a Windows critical updates-eket, utána nem jelentzkezik a hiba.
Ez a dög a Windows sérülékenységét használja ki, és RPC-vel rebootoltat.
Mindenképpen csinálj egy alapos vyírusirtást csökkentettben! Vannak célmegsemmisítõk ezekre, Symantec, F-Secure, Kaspersky oldalain!
Sok sikert!

Pedig lassan nem ártana felrakni az sp2-t, ha másképp nem megy csináld úgy mint én.
Csináltam egy másik partíciót, oda felraktam az intgerált sp2-es xp-t, majd lassan átköltöztem és azóta azt használom, a régi xp pedig már nincs is meg.

A #1905-ben írtakat nézd meg, bár annak alapból kézinek kéne lenni.

különben az RPC pontosan mit csinál, mire kell?
Tudom, hogy távoli eljáráshívás stb..., de bõvebben...

tûzfal van
SP1 van, 2-es nincs...

Javítások fel vannak rakva az xp-re, sp2 és utániak?

Tûzfal van?

Tedd kézire a szolgáltatásoknál a Távoli eljáráshívás(RPC)lokatort.

ez mi?
nem tudok rájönni, és nagyon idegesít, mert restartolja a gépet...

Szaisztok. A Kaspersky Internet Security 2006-ot használom. Van egy olyan gondom, hogy mikor FullScan-t indítok akkor a tömörített darabolt fájloknál megakad és nem megy tovább. Hogyan lehetne ezt megoldani vagy esetleg van erre valami megoldás?

tip:
Ha a nod32 karanténba tette akkor az Ad aware megtalálja ott, de nem tudja eltávolítani.
?

<#felkialtas> sziasztok...letöltés közben a NOD32- riasztott hogy kaptam egy Win32.Win9x.CIH nevû fenét, A NOD32látszólag le is törtölte de amikor 2 hét múlva lefuttattam az Ad-Aware-t megtalálta és még egy Cookie-t is talált a,itõl nem tudok megszabadúlni mert ha törlöm a Win32.Win9x.CIH ugyanott van a cookieval együtt próbáltam Spyboot-tal de az még meg se találta...aki tud segédprogramot vagy tippet az kérem segítsen...segitseget elõre is köszönöm<#conf><#help><#felkialtas>

sziasztok! Nem nagy a problémám csak gondoltam rákérdezek... NOD32-õm van és 1.1528-ig tudtam frissiteni az adatbázisát ami 05.09-re volt esedékes, azóta nem tudja frissiteni magát mert ezt irja ki: " Hiba történt a program modulok frissitése során (nem lehe kicserélni a jelenlegi filest)"...

Én véleményem az h töröljem és telepitsem ujra... vagy keressek egy másik verziót... Sztetek mi a teendõ ilyenkor?

Elõre is köszi!
Csaó

Van még pár tippem: SpySweeper, SpyBot, HijackThis
Esetleg: CoolWWWShredder (ez az ölõ).TZrendMicro forgaélmazza - ingyenes.
Már ha tényleg CWWWSearch-öd van. Én nem vagyok szakértõ, és ezek a rohadékok nagyon makacsak, teleszemetelik a registrydet, és egymásra hivatkozva fut több .dll file.
Tényleg macerás ezt az ún. "browser-hijacker"-t kiiratni.
Nem véletlenül tartják a leggonoszabb malware-nek.
Remélem, NEM ez van Neked, és sikerrel jársz

Na hát ez egyszerûnek tûnik😊

Többiektõl elnézést: priviben nem ment át - túl hosszú volt.

GENERIC SOLUTION FOR "Only the Best" aka "HSA" and about:blank HIJACKERS
Last update 10/22/2004 - Added update for ADS infection type in services file. Removed the colors that indicated updates (was getting too colorful).

INTRODUCTION
Below is an almost generic solution to use in attempting to fix the now infamous "Only the Best" aka "HomeSearchAssistent" aka "HSA" hijacker. I say almost generic because it is impossible to predict what DLL and EXE filenames everyone having this problem will see on their computer. In addition, it is also impossible to determine how many of these files will be found running. It appears that the more times an incorrect or incomplete fix is attempted the more EXE file names will be spawned. The difficult area is steps 7 and 8 below.

I have now added about:blank to the title since some form of the about:blank hijack can also be fixed using this procedure. The form I'm referring to is one the has R0, R1, and O2 type lines in a HijackThis log that are similar to those of an HSA hijack. The syntax of those lines are mentioned below in the section titled HOW TO IDENTIFY HIJACKER LINES: AN EXAMPLE. The kind of about:blank hijack that CANNOT be fixed with this procedure is of the following form:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3DF009ED-54BF-4A31-AADC-679997254A74} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
O18 - Filter: text/plain - {7CC1DA6A-B893-4E55-997E-8046D9F77D8B} - C:\WINDOWS\SYSTEM\AIGHKH.DLL


PREPARATION WORK
Before starting the steps below, I want you to make sure you have several applications already installed and updated. Click on each of the links and make sure that is the version you are using. Then quickly run the programs just to verify that you have the current updates already installed (click check for updates or whatever they use to update). It is well worth the time to check this first. Don't just assume you have the correct versions. There have been many instances where we have found that users are not using current versions of applications. We may not use every one of these programs in all cases, but they may be necessary sometimes.

- Ad-aware SE
- SpyBot S&D
- HSRemover
- about:Buster
- HijackThis
- ADSspy
- Ccleaner
- ProcessExplorer for Win 9x/Me
- ProcessExplorer for Win NT/2K/XP

ADDITIONAL THINGS TO KNOW
If you do not know how to use the Windows Registry Editor please see this.

If using WinXP, setup search to locate hidden/system files: click Start, Search, All Files and folders, select More advanced options. Make sure you have checks on:
1) Search system folders
2) Search hidden files and folders
3) Search subfolders


HOW TO IDENTIFY HIJACKER LINES: AN EXAMPLE
Okay, below are the steps we are going to use. Make sure you print these or save them to a file on your PC because I am going to have you disconnect your PC from the internet at a certain point (Not Yet!). Once disconnected, do not connect again until I tell you to do so. In many cases this step had been one of the most important steps. Do not ignore it!!!
In an attempt to make this solution easier to follow, I'm first going to show parts of the information we are concerned with from a sample HijaakThis log. Sample log snipets:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftlsk.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ftlsk.dll/index.html#27859
O2 - BHO: (no name) - {ADFA3880-261B-1BF8-91EB-1DEF4A8C4300} - C:\WINDOWS\atlef.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\winya.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\system32\msfo.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\system32\winuh32.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\nthc32.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\syspg.exe

Note, your filenames will be different. The above lines are examples that I am using below for demonstrating the generic solution. The full path to the DLL file that you obtain from your HijaakThis log on the R0 & R1 lines is what you will need to substitute into step 5 below where it gives c:\windows\system32\xxxxx.dll as an example. Your R0 & R1 lines may not even have c:\windows\system32 as the directory. There have been several cases where the directory was either c:\windows or c:\windows\system.

This next paragraph will be important for you to understand before you get to step 8. You will need to do all of the online searching for good/bad files before I take you offline. So read the next paragraph and look at your HijackThis log and see if you can identify the bad files indicated in the O4 section. Some of these EXE files may only show in the processes list of HijackThis, and some may show in both the process list and the O4 section of HijaakThisNow. This is the hardest part, you need to identify these files good or bad. Try excite.com or google.com (I find excite.com to come up with more useful hits than google.com). Use PacMan's Startup List ( http://www.sysinfo.org/startuplist.php ) to find the entry and see if it's good or bad. You can also use http://www.liutilities.com/products...processlibrary/ to compare against. My experience is that typically these bad EXE file names will be 4 to 7 characters long + .exe Sometimes (as shown above) the have a 32 just before the .exe. In addition, when performing all the possible searches listed, you typically do not get any hits describing a valid EXE or even a known other type of bad EXE. You either get no hits or the only hits will be other peoples HijaakThis logs with the same type of hijack going on. Sometimes you can locate all of these EXE files in c:\windows, c:windows\system, or c:\windows\system32 easily by using Windows Explorer and sorting on modification date. Look for a date to be anywhere between the time you first got the problem to the current date. One additional note in identifying these bad files they, always have the following pattern:
C:\WINDOWS\syspg.exe

notice the name in [] is an exact match of the file name at the end of the line.

ALMOST READY TO START
Obviously before continuing, you need your current HijaakThis log. So if you rebooted since last checking your log, run another one to make sure it has not changed the filenames again. You should print this information so you can refer to it later when you are offline.

Note: In the steps below the blue underlined items are links that MUST be clicked to see additional important information and directions (how to do's)!

THE STEP BY STEP SOLUTION

1) If running WinMe or WinXP, disable system restore and reboot! Here's how to disable system restore.
2) Make sure you have enabled viewing of Hidden Files and Folders and system files with Windows Explorer. While doing this, also verify that you do NOT have a check on the option to Hide extensions for known file types.
3) Make sure you know how to boot in safe mode too (but don't do it yet!):

4) Physically disconnect from the internet (pull your ethernet cable if you have DSL or cable modem. If you have an analog modem, drop your connection and unplug the telephone line to the modem.) Also at this point, you MUST exit all Internet Explorer sessions (it would be a good idea to exit anything that is not necessary).
5) Now we are going to use notepad to erase the contents of the DLL file shown in the R0 & R1 lines of your HijaakThis log. To do this click Start, Run, and enter the following command "notepad c:\path\xxxxx.dll" (without the quotes) and click OK.

NOTE: You must replace the generic c:\path\xxxxx.dll will be replaced by the path and filename found in the R0 & R1 lines from your HijaakThis log. So for the example log being used the command would be:
notepad C:\WINDOWS\system32\ftlsk.dll

Now in the notepad window, hit CTRL-A to select all contents of the file then hit the Delete key to delete all lines of the file. Now save the file (yes as an empty file). Now using Windows Explorer, locate the file ftlsk.dll and right click on it and select Properties and change the attributes to Read Only and click OK.

6) This step only applies to WinNT, Win2K or WinXP systems. For Win9x and Me based systems you will most likely see additional lines in the O4 section of HijaakThis (typically O4 - HKLM\..\RunServices).

Check to see if a Windows service name "Network Security Service" (NSS for short) is running. To do this, click Start, Run, and enter the following in the Open box: "services.msc" (without the quotes). Then click OK. Now in the Services window that pops up look for Network Security Service. If you find that service, you must stop it by right clicking on it then select stop. Now disable it by right clicking on it and selecting Properties. Then in the General tab see the area that says "Startup type: " click on the pull down arrow and change it to Disabled. Also on the Properties page, make note of the information in the "Path to executable" box. You are going to use this
later.

Another service has been found to possibly be used. So we also need to look for the "Workstation Netlogon Service" (WNS for short) using the same method as above. And again, if found, stop it and disable it. Again make note of the "Path to executable" for later use.

A third possible service has been identified to be used sometimes. So now we need to look for the Remote Procedure Call (RPC) Helper using the same method as above. And again, if found, stop it and disable it. Again make note of the "Path to executable" for later use.

If you do not find any of these services running, just continue with the next steps.
Only look for those exact names "Network Security Service" and/or "Workstation Netlogon Service" and/or "Remote Procedure Call (RPC) Helper" nothing else.

7) This is where things become difficult. You need to determine the BHO (Browser Helper Object) line added by the hijacker. Normally you will see the hijacker add only one BHO line, however, there have been cases with many these BHO lines added. Be careful not to confuse the hijacker BHO with valid BHO lines. A typical BHO line may look like the line below from the example HijaakThis log:

O2 - BHO: (no name) - {ADFA3880-261B-1BF8-91EB-1DEF4A8C4300} - C:\WINDOWS\atlef.dll

8) You also need to determine all the executable (EXE) files that are loading during Startup. These EXE files can be loaded many different ways. Most of them will show in one of many types of O4 lines that HijaakThis can display. From the example HijaakThis log (there are more types that could occur):

O4 - HKLM\..\Run: C:\WINDOWS\system32\winya.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\system32\msfo.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\system32\winuh32.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\nthc32.exe
O4 - HKLM\..\RunOnce: C:\WINDOWS\syspg.exe

9) Shutdown (not minimize) all applications (especially IE and Windows explorer) and run HijaakThis. Have it fix all the lines determined to be part of the hijacker in steps 7 & 8.

10a) Now reboot in safe mode (via method given in step 3) and then delete all the DLL and EXE file names found in steps 7 and 8.

10b) This step only applies to WinNT, Win2K or WinXP systems. If you found the Network Security Service or the Workstation Netlogon Service, or the Remote Procedure Call (RPC) Helper runnning in step 6, delete the files indicated in the Path to executable!

The Service file found in step 6 may look similar to any of the below (your file name will most likely be different):
C:Windows\system32\javajt32.exe /s
C:Windows\javajt32.exe /s
C:\WINDOWS\smscfg.ini:tfuqu
C:\WINDOWS\SYSTEM32\smscfg.ini:tfuqu

For the first two types, be careful here the Path to the executable always contains a trailing /s. The /s is not part of the filename. For example the Path to executable could be C:Windows\system32\javajt32.exe /s but the filename (with path) is C:Windows\system32\javajt32.exe If you have a problem deleting any of these files (like it is denied because it is in use), run ProcessExplorer and try to locate the running process and kill it. Then try to delete the file.

For the second two types with the colon in the filename. This is a new type. It is an Alternate Data Stream (ADS) infection and must be handled differently. Locate the ADSspy.zip file you downloaded at the beginning of this process and extract the executable program. Then double-click on ADSSpy.exe. Now click on the "Scan the system for alternate data streams" button. After ADSSpy has finished scanning your computer, you will see a list of files that were found. Look in this list for the entry that you found in Step 6 (the Path to executable service). This is the one that has the colon separating two filenames. When you find it, put a checkmark next to it. Then click on the "Remove selected streams" button. This should delete ADS file.

11a) This part of step 11 is for WinXP only. Now also look in c:\windows\Prefetch for all of the above files deleted in steps 7 to 10. If found, delete them too.

11b) Now for all OS's, after deleting all of the items from the steps above, empty your Recycle bin.

12) Now while still in safe mode, run only Hijaak This and have it fix all the R0 and R1 lines that have the typical symptom information. For example, these R0 & R1 lines always end with something like one of the following three lines:

res://C:\WINDOWS\system32\xxxxx.dll/qqqqq.html#nnnnn
res://C:\WINDOWS\xxxxx.dll/qqqqq.html#nnnnn
res://xxxxx.dll/qqqqq.html#nnnnn

where the xxxxx is random characters, qqqqq is a random name, and the nnnnn
is random numbers.
Here are a couple examples:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftlsk.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ftlsk.dll/index.html#27859


13a) Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
13b) Search the registry for every instance of xxxxx.dll (the file from step 5) and delete every instance.
13c) Search the registry for every instance of O2 BHO DLL file found in step 7 and delete every instance.
13d) Search the registry for every instance of the suspicious exe files found by Hijack This from step 8. Delete every instance.
13e) Search your computer for xxxxx.dll. Delete each instance. Also, look for files with the same name but having an extension of .DAT or .EXE. For example, if looking for ftlsk.dll, also look for ftlsk.dat and ftlsk.exe.
13f) Search your computer for the suspicious exe files. Delete each instances. Also, look for files with the same name but having an extension of .DAT or .DLL. For example, if looking for nthc32.exe, also look for nthc32.dat and nthc32.dll.
13g) Now for a second time: if running WinXP, delete everything in the Prefetch folder in C:\WINDOWS\Prefetch and now for all OS's empty your Recycle Bin again.
13h) Delete Memory.dmp if found in either C:\WINDOWS or C:\WINDOWS\System32
13i) Run CCleaner and on the Windows tab (you'll see when you run it) leave the defaults and click Run Cleaner.
13j) For Win NT/2K/XP, run HSRemover (does not support Win9x/Me)
13k) Run about:Buster (copy the output to a file ablog1.txt)

If you receive an error message about a missing MSCOMCTL.OCX file when you run about:Buster, download the file in the link below and run it. It will give you the necessary file.

http://www.javacoolsoftware.net/downloads/missingfilesetup.exe

13l) Also while still in Safe Mode to finish the cleanup process, please do the following:
Go to Start --> Run and type Regedit then click Ok.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and highlight Services in the left pane. In the right pane, look for any of these entries:
__NS_Service
__NS_Service_2
__NS_Service_3
If any are listed, right-click that entry in the right pane and choose Delete.

13m) Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
and highlight Root in the Left Pane. In the right pane, look for these entries:
LEGACY___NS_Service
LEGACY___NS_Service_2
LEGACY___NS_Service_3

If you find it, right-click it in the right-pane and choose delete.


13n) Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Workstation NetLogon Service

If Workstation NetLogon Service exists , right click on it and choose delete from the menu.

13o) Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Workstation NetLogon Service

If LEGACY_Workstation NetLogon Service exists then right click on it and choose delete from the menu.

13p) Now navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Procedure Call (RPC) Helper

If Remote Procedure Call (RPC) Helper exists, right click on it and choose delete from the menu.

13q) Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Remote Procedure Call (RPC) Helper

If LEGACY_Remote Procedure Call (RPC) Helper exists, right click on it and choose delete from the menu.


If you have trouble deleting a key from steps 13l or 13q. Then click once on the key name to highlight it. Then click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.


14) Now (still in safe mode) run Ad-aware SE and under scan select Perform Full System Scan and then SpyBot S&D and clean what they find.
15) Now click Start, Run, and in the Open box enter "regedit" (without the quotes). Now navigate thru the registry to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Click the <+> next to uninstall. Scroll down until you see the NAMES of programs (skip past the lines with numbers in {,} ). See if you can find any of the following listed:

HSA = Home Search Agent or Home_Search_Assistent (yes, the spelling of
assistant is wrong)
SA = Search Assistant
SE = Search Extender
SW = Shopping Wizzard

If you find any of them, select one at a time, and hit your delete key. Once you delete all three, you can exit the registry editor.

As an alternate approach save the following 4 lines to a file called hsafix.reg, then using windows explorer double click on the hsafix.reg file a merge the fix into the registry.
REGEDIT4
<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA>
<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE>
<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW>

16) Now reboot normal mode. And run about:Buster one more time saving the output again (ablog2.txt do not overwrite the first log)

17) Before running anything else run HijaakThis and save a log.

18) Reconnect your internet connection, run your browser, and connect here to MG's and post the new HijackThis and about:Buster logs as attachments. Then continue running and let's see how everything is working.

19) After you have gone thru a few reboots and performed some typical surfing and if everything is working okay, re-enable your system restore (again only applies for WinMe and WinXP).

Phredon!
Ez nagyon jó fórum!
http://forums.majorgeeks.com/showthread.php?t=74501
Itt nézd meg! (abouzt:blank)

Valamelyik fórum írja a procedúrát. Szerintem ez egy CoolWWWebSearch.
Nem könnyû eltávolítani. Keress rá így a Gugliban: "about:blank removal spyware".
Ha megtalálom az oldalt, szólok (nagyon sok antispyware oldalon vagyok tag)Neked!

ja msot olvasom nekem is uez volt/vagy még van sztem.

Volna egy gondom, egy vírust sehogyse tudok leszedni:
nod32 avg semmit se talált, avast leszedte, de utána ismét elõkerült, most webrott spysweeperrel eltüntettem, de az interent explorerben a kezdõlap about:blank és nem tudom másra átállítani, tehát vmi még mindig nincs rendben.
Aza baj már nem emléksze miket írt ki avast, talán vmi win32 zblob vagy ilyesmi nevû volt.

Hát sajna már nem emlékeszem..., de ha beugrik, akkor elmondom!!

Milyen oldalt adott meg a gennyláda? Van egy hely, ahol kiderítik az IP-címét, egy amerikai fórum.
Szívesen betolom a köcsögöt.

Jó.

avast! ot ismeri valaki virusirto- vélemények

Hi!

Vhol olvastam hogy valaki kapott egy szarságot ami után a tálcán egy tolókocsis, meg egy mittomén milyen lófasz ikon villogott, és feldobált félpercenként egy hibaüzit hogy vírusod van, és eriggy a honlapomra és vegyed meg, mer az neked jó.
Na ezzel én is beszoptam (hogy szakadjon le aki ezt megírta), de a reglogs.dll -t kitörölve minden ok. (legalábbis nekem)
Remélem tudtam ezzel vkiknek segíteni, ha meg nem, akkor bocsi a zavarásért.

nem biztos hogy van magyar systemworks 2006

És akkor most mit csináljak ha gyengén törtem a cfost?

Nem többnyelvû? Biztos, hogy van magyar?

De magyarul kéne, mert az antivírus és az internet security is magyarul van fent. Vagy nem számít?

Tudja valaki hogy honnan lehet letölteni a Norton Systemworks 2006-ot magyarul seriallal, aktivációs kóddal ?

Nem igaznán jól törted meg 😊

A cFost a weboldaláról szedtem le. (igaz most, hoygmár teljesen lejárt a próbaidõ é kikapcsolt a progi crackeltem)

Ha nem az van, hogy gyengén loptad el a Cfos progit akkor
www.avast.com

Alarm!
Your system is in danger!

The cFos consistency check has detected, that one or more components have been modified.

Thereby Viruses, Trojan Horses, Backdoor Programs, Spy-Ware, etc. could have sneaked into your System. Also costly dialer programs may have been installed.
Your system is exposed to the following risks:

* Viruses and Worms spread either confidential documents on the internet, delete your hard disk or damage your PC.
* Trojan Horses and Backdoor Programs allow others access into your PC and transmit confidential data, e.g. passwords, banking/financial information, etc.
* Dialer Programs cause great costs for internet access.

The danger of Viruses, Trojan Horses and Backdoor and Spy Programs especially leads from the software piracy scene and is often found in Cracks of commercial programs. Nothing prevents a cracker from modifying the software to his advantage.
Therefore please check your system and install at least an unmodified driver from www.cfos.de. You can test it for 45 days free of charge.

Ezt kaptam a gépemtõl.

Tudna nekem valaki sürgõssen segíteni? Kéne valami szuperextracoolhiperszupibrutál vírusírtó, mert az egy hónapja nem kis pénzbõl vett erõmû szintû gépemtõl annyi vírusriasztást (a víruskeresõtõl még nem kaptam) kapok egy nap alatt, hoygnincs ebben a hozzászólásomban annyi betû. Nem tudom, hogy mi lehet pontosan a víruskeresõ nem talált semmit vagy valami idegesítõ hirdetésszerûség sem nagyon, mert azt is kerestem a gépen, de nem találtam. Szóval kéne valami nagyon ütõs vírusirtó meg néhány tipp, hogy mi a fene lehet ez.

a spooisv.exe akar kimenni mostanában egyfolytában

mi lehet az?