5322
Help!
-
#1921
System32-drivers-etc mappa -
#1920
hosts file-t hol találom a windowsban? -
phredon #1919 spywsweeper-t futtasd le, letoltes.prim.hu-ról le tudod tölteni. Nekem az bevált erre. Iexplorem kezdőlapja még mindig nem ok, de azzal már nem volt türelmem foglalkozni:) -
dave85 #1918 Köszönöm, csökkentett módban sikerült kitörölni. 
Igaz, néha még mindig el akarja küldeni
-
#1917
Ezek a fájlok nem a windows rendszerfájljai - valami trójai sz@rok. Ezért nyugodtan törölheted. Ha normál indítás után nem engedi, próbáld meg csökkentett módban a törlést. -
dave85 #1916 Sziasztok!
Ma raktam fel a NOD 32-t, egyből vírust talált. Gyorsan leszedtem a legújabb frissítést (05.13), aztán futtattam egy vírusirtást. 4et meg is ölt, de egy kis buborék még mindig fel-fel villan a jobb alsó sarokban.
Az üzenet kb a következő:
A win32host.exe + ssvhoost94.exe valószínűleg fertőzött lehet, ezeket akarja elküldeni a NOD32 laborjába.
Mit kellene csinálnom? (elküldeni nem akarom, tört verzióról van szó)
Aki tud, kérem segítsen,
Köszönettel,
Dave -
#1915
Szerintem valami kamu oldal hogy vedd a termékeiket!!!
Elég furcsa hogy pl a NOD32,Avast,Dr.Web,stb seholsincs!
És ez az új Antivrus progi meg kapásból tarol! -
#1914
Ez a pcsecurityshield - mia rák ?
Norton meg 2. - ez igen - TOPPPLISTA. -
#1913
Az egyik toplista. -
#1912
köszi mindenkinek!
majd elválik, mi fog segíteni rajta... -
#1911
Találkoztam már ezzel a hibával, ott is csak SP1-e volt a srácnak,ezzel oldódott meg, hogy a szolgáltatásoknál tiltotta.
Cooldocnak igaza van abban, hogy a blaster és a sasser vírusoknál is van ilyen visszaszámolás, de azokat már megfogja minden vírusírtó. (talán) -
cooldoc #1910 Nekem is volt... Sasser, vagy Blaster csinálja (talán még a Netsky.
Fel kell tenni a Windows critical updates-eket, utána nem jelentzkezik a hiba.
Ez a dög a Windows sérülékenységét használja ki, és RPC-vel rebootoltat.
Mindenképpen csinálj egy alapos vyírusirtást csökkentettben! Vannak célmegsemmisítők ezekre, Symantec, F-Secure, Kaspersky oldalain!
Sok sikert! -
David Coulthard #1909 Pedig lassan nem ártana felrakni az sp2-t, ha másképp nem megy csináld úgy mint én.
Csináltam egy másik partíciót, oda felraktam az intgerált sp2-es xp-t, majd lassan átköltöztem és azóta azt használom, a régi xp pedig már nincs is meg.
A #1905-ben írtakat nézd meg, bár annak alapból kézinek kéne lenni.
-
#1908
különben az RPC pontosan mit csinál, mire kell?
Tudom, hogy távoli eljáráshívás stb..., de bővebben... -
#1907
tűzfal van
SP1 van, 2-es nincs... -
#1906
Javítások fel vannak rakva az xp-re, sp2 és utániak?
Tűzfal van?
-
#1905
Tedd kézire a szolgáltatásoknál a Távoli eljáráshívás(RPC)lokatort. -
#1904
![]()
-
#1903
ez mi?
nem tudok rájönni, és nagyon idegesít, mert restartolja a gépet...
[img=http://www.sg.hu/galeria/10749618121147536174.JPG]ez[/img] -
MasterJay #1902 Szaisztok. A Kaspersky Internet Security 2006-ot használom. Van egy olyan gondom, hogy mikor FullScan-t indítok akkor a tömörített darabolt fájloknál megakad és nem megy tovább. Hogyan lehetne ezt megoldani vagy esetleg van erre valami megoldás? -
#1901
tip:
Ha a nod32 karanténba tette akkor az Ad aware megtalálja ott, de nem tudja eltávolítani.
? -
#1900
sziasztok...letöltés közben a NOD32- riasztott hogy kaptam egy Win32.Win9x.CIH nevű fenét, A NOD32látszólag le is törtölte de amikor 2 hét múlva lefuttattam az Ad-Aware-t megtalálta és még egy Cookie-t is talált a,itől nem tudok megszabadúlni mert ha törlöm a Win32.Win9x.CIH ugyanott van a cookieval együtt próbáltam Spyboot-tal de az még meg se találta...aki tud segédprogramot vagy tippet az kérem segítsen...segitseget előre is köszönöm
-
#1899
sziasztok! Nem nagy a problémám csak gondoltam rákérdezek... NOD32-őm van és 1.1528-ig tudtam frissiteni az adatbázisát ami 05.09-re volt esedékes, azóta nem tudja frissiteni magát mert ezt irja ki: " Hiba történt a program modulok frissitése során (nem lehe kicserélni a jelenlegi filest)"...
Én véleményem az h töröljem és telepitsem ujra... vagy keressek egy másik verziót... Sztetek mi a teendő ilyenkor?
Előre is köszi!
Csaó -
cooldoc #1898 Van még pár tippem: SpySweeper, SpyBot, HijackThis
Esetleg: CoolWWWShredder (ez az ölő).TZrendMicro forgaélmazza - ingyenes.
Már ha tényleg CWWWSearch-öd van. Én nem vagyok szakértő, és ezek a rohadékok nagyon makacsak, teleszemetelik a registrydet, és egymásra hivatkozva fut több .dll file.
Tényleg macerás ezt az ún. "browser-hijacker"-t kiiratni.
Nem véletlenül tartják a leggonoszabb malware-nek.
Remélem, NEM ez van Neked, és sikerrel jársz -
phredon #1897 Na hát ez egyszerűnek tűnik:)
-
cooldoc #1896 Többiektől elnézést: priviben nem ment át - túl hosszú volt. -
cooldoc #1895 GENERIC SOLUTION FOR "Only the Best" aka "HSA" and about:blank HIJACKERS
Last update 10/22/2004 - Added update for ADS infection type in services file. Removed the colors that indicated updates (was getting too colorful).
INTRODUCTION
Below is an almost generic solution to use in attempting to fix the now infamous "Only the Best" aka "HomeSearchAssistent" aka "HSA" hijacker. I say almost generic because it is impossible to predict what DLL and EXE filenames everyone having this problem will see on their computer. In addition, it is also impossible to determine how many of these files will be found running. It appears that the more times an incorrect or incomplete fix is attempted the more EXE file names will be spawned. The difficult area is steps 7 and 8 below.
I have now added about:blank to the title since some form of the about:blank hijack can also be fixed using this procedure. The form I'm referring to is one the has R0, R1, and O2 type lines in a HijackThis log that are similar to those of an HSA hijack. The syntax of those lines are mentioned below in the section titled HOW TO IDENTIFY HIJACKER LINES: AN EXAMPLE. The kind of about:blank hijack that CANNOT be fixed with this procedure is of the following form:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {3DF009ED-54BF-4A31-AADC-679997254A74} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
O18 - Filter: text/plain - {7CC1DA6A-B893-4E55-997E-8046D9F77D8B} - C:\WINDOWS\SYSTEM\AIGHKH.DLL
PREPARATION WORK
Before starting the steps below, I want you to make sure you have several applications already installed and updated. Click on each of the links and make sure that is the version you are using. Then quickly run the programs just to verify that you have the current updates already installed (click check for updates or whatever they use to update). It is well worth the time to check this first. Don't just assume you have the correct versions. There have been many instances where we have found that users are not using current versions of applications. We may not use every one of these programs in all cases, but they may be necessary sometimes.
- Ad-aware SE
- SpyBot S&D
- HSRemover
- about:Buster
- HijackThis
- ADSspy
- Ccleaner
- ProcessExplorer for Win 9x/Me
- ProcessExplorer for Win NT/2K/XP
ADDITIONAL THINGS TO KNOW
If you do not know how to use the Windows Registry Editor please see this.
If using WinXP, setup search to locate hidden/system files: click Start, Search, All Files and folders, select More advanced options. Make sure you have checks on:
1) Search system folders
2) Search hidden files and folders
3) Search subfolders
HOW TO IDENTIFY HIJACKER LINES: AN EXAMPLE
Okay, below are the steps we are going to use. Make sure you print these or save them to a file on your PC because I am going to have you disconnect your PC from the internet at a certain point (Not Yet!). Once disconnected, do not connect again until I tell you to do so. In many cases this step had been one of the most important steps. Do not ignore it!!!
In an attempt to make this solution easier to follow, I'm first going to show parts of the information we are concerned with from a sample HijaakThis log. Sample log snipets:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftlsk.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ftlsk.dll/index.html#27859
O2 - BHO: (no name) - {ADFA3880-261B-1BF8-91EB-1DEF4A8C4300} - C:\WINDOWS\atlef.dll
O4 - HKLM\..\Run: [winya.exe] C:\WINDOWS\system32\winya.exe
O4 - HKLM\..\RunOnce: [msfo.exe] C:\WINDOWS\system32\msfo.exe
O4 - HKLM\..\RunOnce: [apisa32.exe] C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\RunOnce: [winuh32.exe] C:\WINDOWS\system32\winuh32.exe
O4 - HKLM\..\RunOnce: [nthc32.exe] C:\WINDOWS\nthc32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\syspg.exe
Note, your filenames will be different. The above lines are examples that I am using below for demonstrating the generic solution. The full path to the DLL file that you obtain from your HijaakThis log on the R0 & R1 lines is what you will need to substitute into step 5 below where it gives c:\windows\system32\xxxxx.dll as an example. Your R0 & R1 lines may not even have c:\windows\system32 as the directory. There have been several cases where the directory was either c:\windows or c:\windows\system.
This next paragraph will be important for you to understand before you get to step 8. You will need to do all of the online searching for good/bad files before I take you offline. So read the next paragraph and look at your HijackThis log and see if you can identify the bad files indicated in the O4 section. Some of these EXE files may only show in the processes list of HijackThis, and some may show in both the process list and the O4 section of HijaakThisNow. This is the hardest part, you need to identify these files good or bad. Try excite.com or google.com (I find excite.com to come up with more useful hits than google.com). Use PacMan's Startup List ( http://www.sysinfo.org/startuplist.php ) to find the entry and see if it's good or bad. You can also use http://www.liutilities.com/products...processlibrary/ to compare against. My experience is that typically these bad EXE file names will be 4 to 7 characters long + .exe Sometimes (as shown above) the have a 32 just before the .exe. In addition, when performing all the possible searches listed, you typically do not get any hits describing a valid EXE or even a known other type of bad EXE. You either get no hits or the only hits will be other peoples HijaakThis logs with the same type of hijack going on. Sometimes you can locate all of these EXE files in c:\windows, c:windows\system, or c:\windows\system32 easily by using Windows Explorer and sorting on modification date. Look for a date to be anywhere between the time you first got the problem to the current date. One additional note in identifying these bad files they, always have the following pattern:
[syspg.exe] C:\WINDOWS\syspg.exe
notice the name in [] is an exact match of the file name at the end of the line.
ALMOST READY TO START
Obviously before continuing, you need your current HijaakThis log. So if you rebooted since last checking your log, run another one to make sure it has not changed the filenames again. You should print this information so you can refer to it later when you are offline.
Note: In the steps below the blue underlined items are links that MUST be clicked to see additional important information and directions (how to do's)!
THE STEP BY STEP SOLUTION
1) If running WinMe or WinXP, disable system restore and reboot! Here's how to disable system restore.
2) Make sure you have enabled viewing of Hidden Files and Folders and system files with Windows Explorer. While doing this, also verify that you do NOT have a check on the option to Hide extensions for known file types.
3) Make sure you know how to boot in safe mode too (but don't do it yet!):
4) Physically disconnect from the internet (pull your ethernet cable if you have DSL or cable modem. If you have an analog modem, drop your connection and unplug the telephone line to the modem.) Also at this point, you MUST exit all Internet Explorer sessions (it would be a good idea to exit anything that is not necessary).
5) Now we are going to use notepad to erase the contents of the DLL file shown in the R0 & R1 lines of your HijaakThis log. To do this click Start, Run, and enter the following command "notepad c:\path\xxxxx.dll" (without the quotes) and click OK.
NOTE: You must replace the generic c:\path\xxxxx.dll will be replaced by the path and filename found in the R0 & R1 lines from your HijaakThis log. So for the example log being used the command would be:
notepad C:\WINDOWS\system32\ftlsk.dll
Now in the notepad window, hit CTRL-A to select all contents of the file then hit the Delete key to delete all lines of the file. Now save the file (yes as an empty file). Now using Windows Explorer, locate the file ftlsk.dll and right click on it and select Properties and change the attributes to Read Only and click OK.
6) This step only applies to WinNT, Win2K or WinXP systems. For Win9x and Me based systems you will most likely see additional lines in the O4 section of HijaakThis (typically O4 - HKLM\..\RunServices).
Check to see if a Windows service name "Network Security Service" (NSS for short) is running. To do this, click Start, Run, and enter the following in the Open box: "services.msc" (without the quotes). Then click OK. Now in the Services window that pops up look for Network Security Service. If you find that service, you must stop it by right clicking on it then select stop. Now disable it by right clicking on it and selecting Properties. Then in the General tab see the area that says "Startup type: " click on the pull down arrow and change it to Disabled. Also on the Properties page, make note of the information in the "Path to executable" box. You are going to use this
later.
Another service has been found to possibly be used. So we also need to look for the "Workstation Netlogon Service" (WNS for short) using the same method as above. And again, if found, stop it and disable it. Again make note of the "Path to executable" for later use.
A third possible service has been identified to be used sometimes. So now we need to look for the Remote Procedure Call (RPC) Helper using the same method as above. And again, if found, stop it and disable it. Again make note of the "Path to executable" for later use.
If you do not find any of these services running, just continue with the next steps.
Only look for those exact names "Network Security Service" and/or "Workstation Netlogon Service" and/or "Remote Procedure Call (RPC) Helper" nothing else.
7) This is where things become difficult. You need to determine the BHO (Browser Helper Object) line added by the hijacker. Normally you will see the hijacker add only one BHO line, however, there have been cases with many these BHO lines added. Be careful not to confuse the hijacker BHO with valid BHO lines. A typical BHO line may look like the line below from the example HijaakThis log:
O2 - BHO: (no name) - {ADFA3880-261B-1BF8-91EB-1DEF4A8C4300} - C:\WINDOWS\atlef.dll
8) You also need to determine all the executable (EXE) files that are loading during Startup. These EXE files can be loaded many different ways. Most of them will show in one of many types of O4 lines that HijaakThis can display. From the example HijaakThis log (there are more types that could occur):
O4 - HKLM\..\Run: [winya.exe] C:\WINDOWS\system32\winya.exe
O4 - HKLM\..\RunOnce: [msfo.exe] C:\WINDOWS\system32\msfo.exe
O4 - HKLM\..\RunOnce: [apisa32.exe] C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\RunOnce: [winuh32.exe] C:\WINDOWS\system32\winuh32.exe
O4 - HKLM\..\RunOnce: [nthc32.exe] C:\WINDOWS\nthc32.exe
O4 - HKLM\..\RunOnce: [syspg.exe] C:\WINDOWS\syspg.exe
9) Shutdown (not minimize) all applications (especially IE and Windows explorer) and run HijaakThis. Have it fix all the lines determined to be part of the hijacker in steps 7 & 8.
10a) Now reboot in safe mode (via method given in step 3) and then delete all the DLL and EXE file names found in steps 7 and 8.
10b) This step only applies to WinNT, Win2K or WinXP systems. If you found the Network Security Service or the Workstation Netlogon Service, or the Remote Procedure Call (RPC) Helper runnning in step 6, delete the files indicated in the Path to executable!
The Service file found in step 6 may look similar to any of the below (your file name will most likely be different):
C:Windows\system32\javajt32.exe /s
C:Windows\javajt32.exe /s
C:\WINDOWS\smscfg.ini:tfuqu
C:\WINDOWS\SYSTEM32\smscfg.ini:tfuqu
For the first two types, be careful here the Path to the executable always contains a trailing /s. The /s is not part of the filename. For example the Path to executable could be C:Windows\system32\javajt32.exe /s but the filename (with path) is C:Windows\system32\javajt32.exe If you have a problem deleting any of these files (like it is denied because it is in use), run ProcessExplorer and try to locate the running process and kill it. Then try to delete the file.
For the second two types with the colon in the filename. This is a new type. It is an Alternate Data Stream (ADS) infection and must be handled differently. Locate the ADSspy.zip file you downloaded at the beginning of this process and extract the executable program. Then double-click on ADSSpy.exe. Now click on the "Scan the system for alternate data streams" button. After ADSSpy has finished scanning your computer, you will see a list of files that were found. Look in this list for the entry that you found in Step 6 (the Path to executable service). This is the one that has the colon separating two filenames. When you find it, put a checkmark next to it. Then click on the "Remove selected streams" button. This should delete ADS file.
11a) This part of step 11 is for WinXP only. Now also look in c:\windows\Prefetch for all of the above files deleted in steps 7 to 10. If found, delete them too.
11b) Now for all OS's, after deleting all of the items from the steps above, empty your Recycle bin.
12) Now while still in safe mode, run only Hijaak This and have it fix all the R0 and R1 lines that have the typical symptom information. For example, these R0 & R1 lines always end with something like one of the following three lines:
res://C:\WINDOWS\system32\xxxxx.dll/qqqqq.html#nnnnn
res://C:\WINDOWS\xxxxx.dll/qqqqq.html#nnnnn
res://xxxxx.dll/qqqqq.html#nnnnn
where the xxxxx is random characters, qqqqq is a random name, and the nnnnn
is random numbers.
Here are a couple examples:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ftlsk.dll/sp.html#27859
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ftlsk.dll/index.html#27859
13a) Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
13b) Search the registry for every instance of xxxxx.dll (the file from step 5) and delete every instance.
13c) Search the registry for every instance of O2 BHO DLL file found in step 7 and delete every instance.
13d) Search the registry for every instance of the suspicious exe files found by Hijack This from step 8. Delete every instance.
13e) Search your computer for xxxxx.dll. Delete each instance. Also, look for files with the same name but having an extension of .DAT or .EXE. For example, if looking for ftlsk.dll, also look for ftlsk.dat and ftlsk.exe.
13f) Search your computer for the suspicious exe files. Delete each instances. Also, look for files with the same name but having an extension of .DAT or .DLL. For example, if looking for nthc32.exe, also look for nthc32.dat and nthc32.dll.
13g) Now for a second time: if running WinXP, delete everything in the Prefetch folder in C:\WINDOWS\Prefetch and now for all OS's empty your Recycle Bin again.
13h) Delete Memory.dmp if found in either C:\WINDOWS or C:\WINDOWS\System32
13i) Run CCleaner and on the Windows tab (you'll see when you run it) leave the defaults and click Run Cleaner.
13j) For Win NT/2K/XP, run HSRemover (does not support Win9x/Me)
13k) Run about:Buster (copy the output to a file ablog1.txt)
If you receive an error message about a missing MSCOMCTL.OCX file when you run about:Buster, download the file in the link below and run it. It will give you the necessary file.
http://www.javacoolsoftware.net/downloads/missingfilesetup.exe
13l) Also while still in Safe Mode to finish the cleanup process, please do the following:
Go to Start --> Run and type Regedit then click Ok.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and highlight Services in the left pane. In the right pane, look for any of these entries:
__NS_Service
__NS_Service_2
__NS_Service_3
If any are listed, right-click that entry in the right pane and choose Delete.
13m) Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
and highlight Root in the Left Pane. In the right pane, look for these entries:
LEGACY___NS_Service
LEGACY___NS_Service_2
LEGACY___NS_Service_3
If you find it, right-click it in the right-pane and choose delete.
13n) Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Workstation NetLogon Service
If Workstation NetLogon Service exists , right click on it and choose delete from the menu.
13o) Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Workstation NetLogon Service
If LEGACY_Workstation NetLogon Service exists then right click on it and choose delete from the menu.
13p) Now navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Procedure Call (RPC) Helper
If Remote Procedure Call (RPC) Helper exists, right click on it and choose delete from the menu.
13q) Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Remote Procedure Call (RPC) Helper
If LEGACY_Remote Procedure Call (RPC) Helper exists, right click on it and choose delete from the menu.
If you have trouble deleting a key from steps 13l or 13q. Then click once on the key name to highlight it. Then click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.
14) Now (still in safe mode) run Ad-aware SE and under scan select Perform Full System Scan and then SpyBot S&D and clean what they find.
15) Now click Start, Run, and in the Open box enter "regedit" (without the quotes). Now navigate thru the registry to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Click the [+] next to uninstall. Scroll down until you see the NAMES of programs (skip past the lines with numbers in {,} ). See if you can find any of the following listed:
HSA = Home Search Agent or Home_Search_Assistent (yes, the spelling of
assistant is wrong)
SA = Search Assistant
SE = Search Extender
SW = Shopping Wizzard
If you find any of them, select one at a time, and hit your delete key. Once you delete all three, you can exit the registry editor.
As an alternate approach save the following 4 lines to a file called hsafix.reg, then using windows explorer double click on the hsafix.reg file a merge the fix into the registry.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]
16) Now reboot normal mode. And run about:Buster one more time saving the output again (ablog2.txt do not overwrite the first log)
17) Before running anything else run HijaakThis and save a log.
18) Reconnect your internet connection, run your browser, and connect here to MG's and post the new HijackThis and about:Buster logs as attachments. Then continue running and let's see how everything is working.
19) After you have gone thru a few reboots and performed some typical surfing and if everything is working okay, re-enable your system restore (again only applies for WinMe and WinXP). -
cooldoc #1894 Phredon!
Ez nagyon jó fórum!
http://forums.majorgeeks.com/showthread.php?t=74501
Itt nézd meg! (abouzt:blank) -
cooldoc #1893 Valamelyik fórum írja a procedúrát. Szerintem ez egy CoolWWWebSearch.
Nem könnyű eltávolítani. Keress rá így a Gugliban: "about:blank removal spyware".
Ha megtalálom az oldalt, szólok (nagyon sok antispyware oldalon vagyok tag)Neked! -
phredon #1892 ja msot olvasom nekem is uez volt/vagy még van sztem. -
phredon #1891 Volna egy gondom, egy vírust sehogyse tudok leszedni:
nod32 avg semmit se talált, avast leszedte, de utána ismét előkerült, most webrott spysweeperrel eltüntettem, de az interent explorerben a kezdőlap about:blank és nem tudom másra átállítani, tehát vmi még mindig nincs rendben.
Aza baj már nem emléksze miket írt ki avast, talán vmi win32 zblob vagy ilyesmi nevű volt. -
Petrucci #1890 Hát sajna már nem emlékeszem..., de ha beugrik, akkor elmondom!!
-
cooldoc #1889 Milyen oldalt adott meg a gennyláda? Van egy hely, ahol kiderítik az IP-címét, egy amerikai fórum.
Szívesen betolom a köcsögöt. -
#1888
Jó. -
#1887
avast! ot ismeri valaki virusirto- vélemények
-
Petrucci #1886 Hi!
Vhol olvastam hogy valaki kapott egy szarságot ami után a tálcán egy tolókocsis, meg egy mittomén milyen lófasz ikon villogott, és feldobált félpercenként egy hibaüzit hogy vírusod van, és eriggy a honlapomra és vegyed meg, mer az neked jó.
Na ezzel én is beszoptam (hogy szakadjon le aki ezt megírta), de a reglogs.dll -t kitörölve minden ok. (legalábbis nekem)
Remélem tudtam ezzel vkiknek segíteni, ha meg nem, akkor bocsi a zavarásért.
-
#1885
Cfos -
Freeman6600 #1884 nem biztos hogy van magyar systemworks 2006 -
#1883
És akkor most mit csináljak ha gyengén törtem a cfost? -
cooldoc #1882 Nem többnyelvű? Biztos, hogy van magyar?
