Home
Top.Mail.Ru Yandeks.Metrika
Forum: "Other";
Current archive: 2010.08.27;
Download: [xml.tar.bz2];

Down

Help establish a comp. Find similar branches


Прохожий2   (2010-02-09 16:43) [0]

I am not a very advanced computer user.
recently caught a "virus". I turn on the computer, and there the whole screen is black and only the inscription in the center says, they say send an SMS to such a number and we will unlock it for you. looking at this scam, I realized that this is a black form stretched out on the whole screen, with a hook on the keyboard, to catch all the vital hot keys. (task manager passed out)
I contacted a friend on the phone. he told how to be treated.
(digging through the registry in safe mode)
everything, like the problem is gone.
I launch a comp. in normal mode, and there is nothing besides the desktop there. No taskbar, no shortcuts.
how to treat further?
with respect.



{RASkov} ©   (2010-02-09 16:51) [1]

> [0] Passerby2 (09.02.10/16/43 XNUMX:XNUMX)
> how to treat further?

whom?)



Прохожий2   (2010-02-09 16:55) [2]

Comp.



stas ©   (2010-02-09 17:02) [3]

and if after loading to do so?
alt + ctrl + del - task manager - run - explorer.exe



Ega23 ©   (2010-02-09 17:05) [4]

It was necessary to send SMS, now sit and suffer.



stas ©   (2010-02-09 17:07) [5]

Ega23 © (09.02.10 17: 05) [4]
I know the brow that sent)))
he still has the same screen, only the price of SMS has increased.



картман ©   (2010-02-09 17:08) [6]


> stas © (09.02.10 17: 07) [5]

and he tried a second time?



Прохожий2   (2010-02-09 17:10) [7]


> alt + ctrl + del - task manager - execute - explorer.exe


writes: Task Manager is disconnected by the administrator.



stas ©   (2010-02-09 17:11) [8]

Cartman © (09.02.10 17: 08) [6]
don’t know, said no)



stas ©   (2010-02-09 17:14) [9]

Passer-by2 (09.02.10 17:10) [7]
This is all included in the registry; you need to enable your explorer and task manager.



TUser ©   (2010-02-09 17:15) [10]

Under the administrator comes in? If so, then I would stupidly create a new user and not take a steam bath. You can drag and drop data from the desktop.



boa_kaa ©   (2010-02-09 17:17) [11]


> Passer-by2 (09.02.10 17:10) [7]

well now only boot with ERD COMMANDER "and look at the registry from there
with the removal of such things you need to be more careful, he could also be integrated as a debugger for the explorer



12 ©   (2010-02-09 17:19) [12]


> I know the brow who sent)))

+ 1 :)
And nothing has changed, I remember


> Passer-by2 (09.02.10 17:10) [7]

well and
http://www.google.ru/#hl=ru&source=hp&q=%D0%B4%D0%B8%D1%81%D0%BF%D0%B5%D1%82%D1%87%D0%B5%D1%80+%D0%B7%D0%B0%D0%B4%D0%B0%D1%87+%D0%BE%D1%82%D0%BA%D0%BB%D1%8E%D1%87%D0%B5%D0%BD+%D0%B0%D0%B4%D0%BC%D0%B8%D0%BD%D0%B8%D1%81%D1%82%D1%80%D0%B0%D1%82%D0%BE%D1%80%D0%BE%D0%BC&lr=&aq=0&oq=%D0%B4%D0%B8%D1%81%D0%BF%D0%B5%D1%82%D1%87%D0%B5%D1%80+%D0%B7%D0%B0%D0%B4%D0%B0%D1%87+%D0%BE%D1%82%D0%BA%D0%BB%D1%8E%D1%87%D1%91%D0%BD+%D0%B0%D0%B4%D0%BC%D0%B8%D0%BD%D0%B8%D1%81%D1%82%D1%80%D0%B0%D1%82%D0%BE%D1%80%D0%BE%D0%BC&fp=dd5c49271439086d

Chesh-words, sometimes just hands drop.
There, by the way, a bunch of options on the SMS problem

Depending on what you picked up, the methods can be different.
Look, for example, by the SMS number that displays. According to what words.
Maybe it’s your case that’s decided / you will find something like that ..
etc.



Прохожий2   (2010-02-09 17:20) [13]


> This is all included in the registry, you need to enable your user
> explorer and task manager.


and in which particular registry branches to register, I am in this full zero.



картман ©   (2010-02-09 17:21) [14]


> stas © (09.02.10 17: 11) [8]

then the money for the 1st SMS went in vain



stas ©   (2010-02-09 17:27) [15]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"Shell" = "explorer.exe"



stas ©   (2010-02-09 17:28) [16]

if it’s not infected, of course, and remains intact, it should work.



Ega23 ©   (2010-02-09 17:32) [17]


> stas © (09.02.10 17: 07) [5]
> Ega23 © (09.02.10 17: 05) [4]
> I know the brow who sent)))
> he still has the same screen, only the price of SMS has increased.
>


He was blown away after the first level. And there are 36 of them.



Прохожий2   (2010-02-09 17:33) [18]


> stas © (09.02.10 17: 27) [15]


I have two fields there: (by default) and disabletaskmgr, but there is no shella.

tried to restore the task manager.
disabletaskmgr - set 0. (did not help)
global policy - delete task manager - not set. (did not help)



stas ©   (2010-02-09 17:36) [19]

Try adding a shell. Or really, as they said above, create a new user and do not suffer.



Прохожий2   (2010-02-09 17:41) [20]


> Or really, as said above, create a new user and
> do not suffer.


tell me how. )
It would be a start menu.

in general, there is this:

I went into the computer in safe mode.
(the screen is black and there is nothing)
at the command line launched a dolphin.
and through his download dialog I launch the files.

note32 I launch, writes: it is not possible to start the kernel.



KSergey ©   (2010-02-09 17:42) [21]

Call a friend just once.



KSergey ©   (2010-02-09 17:44) [22]

By the way, here on this site they help, really. Is free.
The main thing is to strictly follow the recommendations described there.

http://virusinfo.info/

Here - vryatli someone will butt with your problem "on the phone."



12 ©   (2010-02-09 17:44) [23]

at command line control



Германн ©   (2010-02-09 17:44) [24]


> Ega23 © (09.02.10 17: 05) [4]
>
> It was necessary to send SMS, now sit and suffer.
>


> He was blown away after the first level. And there are 36 of them.

So who made this infection!



KSergey ©   (2010-02-09 17:46) [25]

> Hermann © (09.02.10 17: 44) [24]
> So who made this infection!

Well, why did you do it? He passed them! Not many succeed.
:)



Игорь Шевченко ©   (2010-02-09 17:48) [26]

search the registry for the word Safer



Прохожий2   (2010-02-09 17:59) [27]

http://support.microsoft.com/default.aspx?scid=kb;ru;Q256194

I see the reason in explorer.exe
I find winlogon - shell - explorer.exe (restart, the field changes to the old% SystemRoot% \ system32 \ user32.exe)



Прохожий2   (2010-02-09 18:05) [28]


> 12 © (09.02.10 17: 44) [23]
>
> on the command line control


Thank you.
created a new account with admin rights.
restarted.
blue screen, task manager is loading, but there is no task bar or shortcuts.
how to edit further?



test ©   (2010-02-09 18:06) [29]

#idef FEELINGS
Where's the fucking department K?
# endif // FEELINGS



Игорь Шевченко ©   (2010-02-09 18:11) [30]

Now there are many offices that carry out the "treatment of viruses", why not contact?



12 ©   (2010-02-09 18:13) [31]


> how to edit further?


to edit something, you need to know what to look for and what to edit


> search the registry for the word Safer

if it is

at the regedit command line
or alt + ctrl + del - task manager - execute -regedit

or alt + ctrl + del - task manager - execute -explorer
you can try it, the shell will appear



test ©   (2010-02-09 18:14) [32]

12 © (09.02.10 18: 13) [31]
It is closed in the registry.



12 ©   (2010-02-09 18:17) [33]


> test © (09.02.10 18: 14) [32]

should not apply to a new user,
or not?



Прохожий2   (2010-02-09 18:18) [34]


> 12 © (09.02.10 18: 13) [31]
>
>
quotedXNUMX>> how to edit further?
>
>
> in order to edit something, you need to know what to look for and what to edit


as a new user, but already with the task manager, restore the taskbar and transfer data from the previous user.



12 ©   (2010-02-09 18:36) [35]

explorer starts or what?
and regedit?



Прохожий2   (2010-02-09 18:39) [36]

Yes, they start.
in the task manager, open the console.
in it I give the command explorer (works), regedit (works)



12 ©   (2010-02-09 18:41) [37]

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
what is there?



Прохожий2   (2010-02-09 18:43) [38]

the shell field is:
% SystemRoot% \ system32 \ user32.exe



Galera   (2010-02-09 18:43) [39]

You need to start from here
http://www.drweb.com/unlocker/index/?lng=ru

All sorts of different options for infection and its treatment are demonstrated.



12 ©   (2010-02-09 18:47) [40]

Shell = Explorer.exe



Прохожий2   (2010-02-09 18:49) [41]


> Galera (09.02.10/18/43 39:XNUMX) [XNUMX]


thanks, useful link.
Found my trojan - winlock.100, but it has already been deleted.



Прохожий2   (2010-02-09 18:52) [42]


> 12 © (09.02.10 18: 47) [40]
>
> Shell = Explorer.exe


Prescribed, rebooted.
The field has changed before.



Прохожий2   (2010-02-09 19:11) [43]

added explorer.exe and the desktop appeared. =)

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe



Игорь Шевченко ©   (2010-02-09 19:28) [44]

> but already deleted it.

This is an illusion



Anatoly Podgoretsky ©   (2010-02-09 21:26) [45]

> Ega23 (09.02.2010 17: 05: 04) [4]

Now it’s too late, now for such atrocity you need to send three SMS already.



Anatoly Podgoretsky ©   (2010-02-09 21:41) [46]

> stas (09.02.2010 17: 11: 08) [8]

And let him try, once is not enough.
For those who try the amount each time we increase, because they pay.



Anatoly Podgoretsky ©   (2010-02-09 21:41) [47]

> Cartman (09.02.2010 17: 21: 14) [14]

Not for nothing, they went to the savings fund, at 8 percent each time. 20 each time we increase, because they pay.



Anatoly Podgoretsky ©   (2010-02-09 21:42) [48]

Deleted by moderator



Прохожий2   (2010-02-10 18:36) [49]


> Igor Shevchenko © (09.02.10 19: 28) [44]
quotedXNUMX>> but it has already been deleted.
>
> This is an illusion


kak dobit "&



Pages: 1 2 whole branch

Forum: "Other";
Current archive: 2010.08.27;
Download: [xml.tar.bz2];

Top





Memory: 0.72 MB
Time: 0.121 c
15-1275759433
Alkid
2010-06-05 21:37
2010.08.27
Code Review


2-1268992876
samdal
2010-03-19 13:01
2010.08.27
Windows signature


15-1271357566
Burst
2010-04-15 22:52
2010.08.27
Using DB


15-1272621615
Who would doubt
2010-04-30 14:00
2010.08.27
FCS allowed Mikhalkov to receive royalties on net sales


15-1275679642
Feedback
2010-06-04 23:27
2010.08.27
Comments





afrikaans albanian Arabic armenian azerbaijani basque belarusian bulgarian catalan Chinese (Simplified) Chinese (Traditional) croatian Czech danish Dutch English estonian filipino finnish French
galician georgian German greek haitian Creole hebrew Hindi hungarian icelandic Indonesian Irish italian Japanese Korean latvian lithuanian macedonian malay maltese norwegian
persian polish portuguese Romanian russian serbian slovak Slovenian Spanish swahili Swedish ภาษาไทย turkish Ukrainian urdu Tiếng Việt welsh yiddish bengali bosnian
cebuano Esperanto gujarati hausa hmong igbo javanese kannada Khmer lao latin maori marathi mongolian nepali punjabi somali tamil telugu yoruba
zulu
English French German Italian Portuguese Russian Spanish