-
Posts
9 -
Cadastrado em
-
Última visita
Tipo de conteúdo
Artigos
Selos
Fabricantes
Livros
Cursos
Análises
Fórum
posts postados por celosvas
-
-
@Elias Pereira Tudo certinho, nenhum problema.
-
Eu tinha removido o WarSaw ontem, vou colar o report de ontem também, ok?
RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ari [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210426_080854, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/29 00:25:46 (Duration : 00:11:01)
Switches : -minimize¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-6BH2A.tmp\corefixer.exe (/norerun) -> Deleted
RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ari [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210426_080854, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/29 11:20:11 (Duration : 00:10:34)
Switches : -minimize¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|USB Gamepad -- [%SystemRoot%\USB] -> Deleted
-
RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : ari [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210426_080854, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/04/29 00:10:09 (Duration : 00:11:01)
Switches : -minimize¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-6BH2A.tmp\corefixer.exe [/norerun] -> Found¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O4 - Run
[Suspicious.Path (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|USB Gamepad -- C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot (missing) -> Found¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
-
Oi Elias boa noite. Muito obrigado pela resposta e me desculpe pela demora pra responder, fiz uma viagem curta no domingo, mas já estou de volta e comecei o processo de remoção que você citou.
Vou colar abaixo o LOG do AdwCleaner:
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-27-2021
# Duration: 00:00:01
# OS: Windows 7 Ultimate
# Cleaned: 0
# Failed: 0
***** [ Services ] *****No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock*************************
AdwCleaner[C01].txt - [1732 octets] - [25/04/2021 12:36:31]
AdwCleaner[S00].txt - [1470 octets] - [27/04/2021 19:09:34]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
LOG do ZHPCleaner:
~ ZHPCleaner v2021.4.24.292 by Nicolas Coolman (2021/04/24)
~ Run by ari (Administrator) (27/04/2021 20:57:02)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version :
~ Type : Repair
~ Report : C:\Users\ari\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\ari\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (40)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (4)
MOVED file: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED folder: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\ari\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome
---\\ Registry ( Key, Value, Data) (6)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{979A70FF-2430-4CDA-84C0-3773E07FDAA0}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\cyber hunter\bin\client.exe [client.exe] =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\cyber hunter\bin\ccmini\ccmini.exe [CC直播内置语音] =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\steam\steam.exe [Steam] =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe [Smite] =>.SUP.Orphan.MUICache
---\\ Summary of the elements found (4)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser
https://nicolascoolman.eu/forum/Topic/orphan-muicache-logiciel-potentiellement-superflu-lps/ =>.SUP.Orphan.MUICache
---\\ Other deletions. (2)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (2)
---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Internet Explorer OK
---\\ Statistics
~ Items scanned : 1028
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 16/17
---\\ OPTIONS NOT ACTIVES
~ Start browsers with extensions removed~ End of clean in 00h00mn11s
---\\ Reports (4)
ZHPCleaner-[R]-25042021-13_58_45.txt
ZHPCleaner-[S]-25042021-13_58_12.txt
ZHPCleaner-[S]-27042021-20_56_19.txt
ZHPCleaner-[R]-27042021-20_57_13.txt
-
@GabrielLV Abri um tópico lá. Muito obrigado!
-
Fui infectado por esses vírus: Virus Seabrook.exe e haleng.exe e agora após remove-lo notei que minha conta no instagram está publicando posts automaticamente. Troquei todas as minhas senhas e reativei o login em 2 fatores, mas ainda não me sinto seguro. Podem me ajudar na remoção?
-
-
Pessoal, estou com esses dois programas desconhecidos sendo iniciados com o windows. Não conheço os programas e não os instalei e eles tão não aparecem no Desinstalar Programas nem são detectados pelos antivirus. Eu tentei o MalwareBytes e apesar dele ter achado vários arquivos de vírus e removido todos esses programas não saem do iniciar.
Podem me ajudar a remove-los? Uso windows 7.
Estou anexando um relatório do MalwareBytes, parece que alguns arquivos não puderam ser removidos e pelo que entendi o Google Chrome também estava infectado, pois tive que reinstala-lo.Abaixo uma foto do MSCONFIG
Agradeço desde já.
Sobre o Clube do Hardware
No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais
Direitos autorais
Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais
Virus Seabrook.exe e haleng.exe e invasão de contas
em Casos resolvidos
Postado
@Elias Pereira Muitíssimo obrigado pela ajuda. Eu uso o Windows 7 por conta dos jogos, mas já vou voltar pro 10, justamente por segurança.
Valeu mesmo, cara!