Author Topic: вирус govome (Read 6950 times)

viaponz · « **on:** November 07, 2013, 06:08:58 PM »

Ктонибудь знает как избавится от навязчивой страницы govome.com??

Andrey,pro · « **Reply #1 on:** November 07, 2013, 06:11:48 PM »

viaponz, здравствуйте и добро пожаловать на форум!

Для плодотворной работы рекомендуем ознакомиться с темой Информация о форуме.

Для подготовки отчётов (логов), необходимых для лечения Вашего компьютера от заражений, рекомендуем ознакомиться с темой Логи для помощи в очистке компьютера от заражений

Не стесняйтесь задавать вопросы, если Вам что-то непонятно. Желаем удачи!

viaponz · « **Reply #2 on:** November 07, 2013, 06:56:02 PM »

как узнать какие фалйы легитимные и какие вобще нельзя удалять ?

Andrey,pro · « **Reply #3 on:** November 07, 2013, 07:06:53 PM »

Лучше ничего не удаляйте, просто сохраните отчет.

viaponz · « **Reply #4 on:** November 07, 2013, 07:40:02 PM »

файлы сканирования

viaponz · « **Reply #5 on:** November 07, 2013, 07:41:31 PM »

и ещё 1

Andrey,pro · « **Reply #6 on:** November 07, 2013, 08:04:24 PM »

Скачайте прикрепленный файл fix.txt на Рабочий стол
запустите снова программу OTL by OldTimer и нажмите run fix
OTL спросит о местонахождении файла fix.txt
Выберите файл, который Вы загрузили, и снова нажмите run fix.

Компьютер перезагрузится.
После перезагрузки откройте папку "C:\_OTL\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.

ВНИМАНИЕ! данный скрипт написан только для этого пользователя,использование его на другом компьютере может привести к неработоспособности ОС!

viaponz · « **Reply #7 on:** November 08, 2013, 01:52:16 PM »

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-2695297788-303855387-2084937596-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysisplus@SpeedAnalysis.com deleted successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com\chrome\skin folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com\chrome\content\mz folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com\chrome\content folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com\chrome folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysisplus@SpeedAnalysis.com deleted successfully.
File C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SpecialSavings@SpecialSavings.com deleted successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com\chrome\skin folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com\chrome\content\mz folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com\chrome\content folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com\chrome folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com folder moved successfully.
Folder C:\Users\ульталодкишка\AppData\Roaming\mozilla\Extensions\SpecialSavings@SpecialSavings.com\ not found.
Folder C:\Users\ульталодкишка\AppData\Roaming\mozilla\Extensions\speedanalysisplus@SpeedAnalysis.com\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}\ not found.
ADS C:\Users\ульталодкишка\wws_crashreport_uploader.exe:crc deleted successfully.
ADS C:\Users\ульталодкишка\WebBrowserAssets.txt:crc deleted successfully.
ADS C:\Users\ульталодкишка\vld.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\vivoxsdk.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\vivoxplatform.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\vivoxoal.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\Uninstaller.exe:crc deleted successfully.
ADS C:\Users\ульталодкишка\SoundSettings.xml:crc deleted successfully.
ADS C:\Users\ульталодкишка\pxtask_cuda_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\PlanetSide2.exe:crc deleted successfully.
ADS C:\Users\ульталодкишка\PhysX3Gpu_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\PhysX3Cooking_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\PhysX3Common_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\PhysX3CharacterKinematic_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\PhysX3_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\nvToolsExt32_1.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\LoadingScreen.xml:crc deleted successfully.
ADS C:\Users\ульталодкишка\libsndfile-1.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\libGLESv2.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\libEGL.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\LaunchPad.ini:crc deleted successfully.
ADS C:\Users\ульталодкишка\LaunchPad.ico:crc deleted successfully.
ADS C:\Users\ульталодкишка\inspector.pak:crc deleted successfully.
ADS C:\Users\ульталодкишка\InputProfile_Default.xml:crc deleted successfully.
ADS C:\Users\ульталодкишка\GraphicsDriver.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\Graphics.ini:crc deleted successfully.
ADS C:\Users\ульталодкишка\GInput_GDI.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GInput_DX8.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GInput.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GFont_FT2.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GDraw_GDI.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GDraw_D3D9.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GDraw.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GDF.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GCtrlTheme_Infinity.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GCtrlTheme_Bitmap.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GControlForms.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GControl.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\faultlog.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\dpvsd.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\DeepGraphicsWrapper.ini:crc deleted successfully.
ADS C:\Users\ульталодкишка\cudart32_42_6.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\cgGL.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\ca-bundle.crt:crc deleted successfully.
ADS C:\Users\ульталодкишка\awesomium.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\avutil-51.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\avformat-53.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\avcodec-53.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\atimgpud.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\ApexFramework_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_TurbulenceFS_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_ParticleIOS_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Loader_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_ForceField_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_FieldSampler_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_DynamicSystemPROFILE_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_DynamicSystem_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Destructible_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Destructible_LEGACY_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\welcome.txt:crc deleted successfully.
ADS C:\Users\ульталодкишка\vld.ini:crc deleted successfully.
ADS C:\Users\ульталодкишка\steam_api.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\picn1020.ssm:crc deleted successfully.
ADS C:\Users\ульталодкишка\ortp.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\mss32.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\icudt.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GParse.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\GDraw_GL.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\dpvs.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\cudart64_32_16.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\cudart32_32_16.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\ClientConfigLiveLaunchpad.ini:crc deleted successfully.
ADS C:\Users\ульталодкишка\cg.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\awesomium_process.exe:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_IOFX_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_IOFX_Legacy_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Framework_Legacy_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Emitter_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Emitter_Legacy_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_Common_Legacy_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_BasicIOS_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\APEX_BasicFS_x86.dll:crc deleted successfully.
ADS C:\Users\ульталодкишка\glut32.dll:crc deleted successfully.

viaponz · « **Reply #8 on:** November 08, 2013, 01:52:45 PM »

========== FILES ==========
C:\RECYCLER\S-1-5-21-1229272821-776561741-839522115-1004\Dc139.exe moved successfully.
File\Folder C:\Users\ульталодкишка\AppData\Roaming\SPEEDANALYSIS.ICO. not found.
C:\Program Files (x86)\MOZILLA FIREFOX\browser\SEARCHPLUGINS\dosearches.xml moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\dosearches folder moved successfully.
C:\Users\ульталодкишка\AppData\Roaming\speedanalysisplus folder moved successfully.
C:\Users\ульталодкишка\Videos\iLividSetup-r484-n-bu.exe moved successfully.
C:\Users\ульталодкишка\AppData\Local\Temp\MircosoftStudio\eGdpSvc.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Все пользователи

User: г«мв «®¤ЄЁиЄ
->Temporary Internet Files folder emptied: 33170 bytes

User: ульталодкишка
->Temp folder emptied: 9002405721 bytes
->Temporary Internet Files folder emptied: 45611475 bytes
->FireFox cache emptied: 387026231 bytes
->Google Chrome cache emptied: 219017731 bytes
->Flash cache emptied: 91503 bytes

User:

viaponz · « **Reply #9 on:** November 08, 2013, 01:54:35 PM »

User:

Andrey,pro · « **Reply #10 on:** November 08, 2013, 02:25:49 PM »

viaponz, проблема решена или по-прежнему открывается govome.com?

viaponz · « **Reply #11 on:** November 08, 2013, 02:45:27 PM »

да решена не открывается

Andrey,pro · « **Reply #12 on:** November 08, 2013, 02:50:20 PM »

Запустите снова программу OTL by OldTimer и нажмите кнопку CleanUp для удаления программы OTL.

Author Topic: вирус govome (Read 6950 times)

viaponz

вирус govome

Andrey,pro

Re: вирус govome

viaponz

Re: вирус govome

Andrey,pro

Re: вирус govome

viaponz

Re: вирус govome

viaponz

Re: вирус govome

Andrey,pro

Re: вирус govome

viaponz

Re: вирус govome

viaponz

Re: вирус govome

viaponz

Re: вирус govome

Andrey,pro

Re: вирус govome

viaponz

Re: вирус govome

Andrey,pro

Re: вирус govome