Warning.htm

fon_tomov · February 26, 2004

Dnes zabeliazah, che na edna ot mashinite v rabotata se poiaviava kato homepage na IE edna meko kazano "stranna" stranica, na koiato prochetoh slednia tekst:

Your IP address is XXX.XXX.XXX.XXX. Using this address a remote computer has gained anaccess to your computer and probably is collecting the information about the sites you've visited and the files contained in the folder Temporary Internet Files. Attention! Ask for help or install the software for deleting secret information about the sites you visited.

Tova vsichko mnogo hubavo, no po nikakav nachin nemoze da se smeni home stranicata. V momenta, v koito si otvorish IE otnovo se poiaviava tazi. Saotvetno te preprashta kam niakakav sait za da si drapnesh "reshenie" na problema. Uvi saita ne e na Microsoft (kakto si pomislih) a mi e http://www.privacyoutpost.com.

Vednaga pusnah edin Ad-aware 6 (s poslednite za momenta definicii) no toi ne uspia da opravi neshtata. Pusnah f-prot za dos (niamah nishto drugo pod ruka), no i toi ne kaza nishto. Shah s peshkata.

Opitah se da nameria neshto po vaprosa v neta, no sami se seshtate kolko rezultata izkara google-to na search warning.htm. Idi se rovi ako si niamash druga rabota.

Potarsih vaprosnoto HTM, koeto se poiaviava kato homepage i go namerih v windows direktoriata s ime warning.htm. Zabursah go naburzo za da ne me drazni pone i sega IE plache vseki pat kato se startira che nemoze da si go nameri . Neka reve, neka se uchi

Kachil sam vaprosnoto warning.htm eto tuk, ako niakoi ima zelanie da go razgleda. NO ISKAM DA PRDUPREDIA CHE NE NOSIA NIKAKVA OTGOVORNOST AKO I VASHETO PC ZAPOCHNE DA REVE!!!!!!! Vseki go proveriava na svoia otgovornost!!!!!!!!!!!!!!

Niakoi da se e sbluskval s takova neshto? Da ima ideia kakva e taia nagla istoria?

TED · February 26, 2004

Гадни реклами , предполагам следващото обновяване на Ad-aware ще ти реши проблема. Или просто ползвай Mozilla Firebird вместо M$ Exploder

DeZoeker · February 26, 2004

Резултатът е от Google-ско търсене с цитиране на съдържанието на страницата:

http://spyblocker-software.com/IPB/index.p...iew=getlastpost

Успех

**Godfather** · February 26, 2004

Нищо особено, не отиде ли в опциите на експлодера да му сложиш един хубав About:blank?

fon_tomov · February 26, 2004

Нищо особено, не отиде ли в опциите на експлодера да му сложиш един хубав About:blank?

E te tochno de, tova beshe parvoto, koeto napravih. No pri sledvashtia start na IE otnovo homepage e tazi gadoria.

Reshenieto, koeto e nameril DeZoeker mai ste svarshi rabota. Utre ste go opitam.

Blagodaria.

KnoppiX · February 26, 2004

А не разбрах с други браузъри пак ли така прави??

**Godfather** · February 26, 2004

E te tochno de, tova beshe parvoto, koeto napravih. No pri sledvashtia start na IE otnovo homepage e tazi gadoria.
Reshenieto, koeto e nameril DeZoeker mai ste svarshi rabota. Utre ste go opitam.

Blagodaria.

Може да си жертва на hijack. Виж дали не е променен файла c:\windows\system32\drivers\etc\hosts, даже спокойно може и да го изтриеш ако има нещо съмнително в него

Виж също тук за пач от M$ ако наистина това е проблема.

fon_tomov · February 26, 2004

KnoPPix, drugi browseri niamam instalirani na tova PC.

karaman, nali tochno takava e funkciata i na ad-aware.

Godfather, utre ste se porovia v tova PC za da vidia dali ima neshto takova.

Mezduvremenno resih da se prezastrahovam ot po-natatushni izdunki i izkliucih swithcha kam koito sa zakacheni vsichki PC-ta okolo "infektiranoto", kakto i na infektiranoto (mreza ne im tribva). Ako obache se setiat da si vkliuchat switcha ste se natuknat na fakta che net-a im e sprian. Ako obache zarevat i se nalozi da im go pusna (predi da sam uspial da resha problema) ste se nahakat na porednata iznenada - nikade niama shortkuti na IE (zabursah gi vsichkite). Razchitam i na fakta, che tezi useri ako niamat dadena programa na desktopa (start menu-to) - to vse edno ne im e instalirana .

Nadiavam se vsichki tezi prechki da gi otkazat ot po-natatushnite im opiti da polzvat internet pone za edin den.

**Godfather** · February 27, 2004

Nadiavam se vsichki tezi prechki da gi otkazat ot po-natatushnite im opiti da polzvat internet pone za edin den.

Абе трябваше направо да скриеш бушоните, мухахаха

ov3rm4n · February 27, 2004

Абе пак ще те изненадат.... Примири се - юзърите са толкова изобретателни....

tanko111 · February 27, 2004

Description

Troj/Regldr-A is a simple Trojan that copies itself to the windows folder as the file Reg32.exe and sets the following registry entry so that it will be executed on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Reg32

= C:\Windows\Reg32.exe

Troj/Regldr-A will also set the registry entries listed below to point to the page secure.html located in the default Windows folder. This HTML page claims that the system has been compromised by spyware and prompts the user to visit the URL http://www.privacyoutpost.com/enter.html?wm=dkvage.

HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

HKCU\Software\Microsoft\Internet Explorer\Main\Local Page

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

HKLM\Software\Microdoft\Internet Explorer\Main\Local Page

HKLM\Software\Microsoft\Internet explorer\Main\Start Page

Recovery

Please follow the instructions for removing Trojans.

You should also change your Internet Explorer settings using Tools|Internet options|General to remove any modifications made by the Trojan.

Windows NT/2000/XP/2003

In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

Reg32= C:\Windows\Reg32.exe

and delete it if it exists.

Close the registry editor.

fon_tomov · February 27, 2004

Ta znachi, problema se reshi eto kak:

Stranicata, koiato citira DeZoeker mi se vidia nai-shodna s problema, koito az imam i sledvah instrukciite, koito biaha napisani tam. Drapnah si cwshredder.exe i ia pusnah da skanira PC-to za "infekcii". Rezultata, koito izleza e:

CWS affiliate Winshow - REMOVED

Restoring Internet Explorer Pages - Restored (5 items)Sega veche vsichko e OK.

Blagodaria na vsichki za supporta.

P.S.

Ot suobrazenia za sigurnost sam iztril onova warning.htm, koeto biah kachil, za da ne se poluchi taka, che az da sam vinoven posle za neshto.

Sign In

Warning.htm

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived