[Savjet] Na kojem principu radi keyloger?

Započeo ωт:яρ | αχєℓ иєℓѕσи, Maj 27, 2011, 18:33:06 POSLE PODNE

prethodna tema - sledeća tema

0 članova i 3 gostiju pregledaju ovu temu.

Štampaj
Idi dole Stranice1
Korisničke akcije

ωт:яρ | αχєℓ иєℓѕσи

*

Maj 27, 2011, 18:33:06 POSLE PODNE
Pozdrav svima,naime imam problem. Neko mi hakuje GP vec 2 put -.-'.
Prvi put sam prijavio hostingu oni su mi rekli da stavim veci pass. i tezi.
To sam i uradio i evo prije pola sata opet mi je hakovan server :O
Ako moze neko mi objasniti na kojem principu radi taj takozvani hack za GP "Keyloger"... :(
//

BOSNIACUS

*

#1
Maj 27, 2011, 18:36:25 POSLE PODNE
TO ti nije hack za GP
Keylogger ti moze biti ubacen tako sto ti skines nesto sa neta ili ti posalje neko preko msn ili slicno neki fajl najcesce su to neke slike, i keylogger biljezi sve tvoje sifre i sve sto kucas na svom pc-u i taj koji ti je poslao keylogger prima te podatke i tako ti uzima sifru.

ωт:яρ | αχєℓ иєℓѕσи

*

#2
Maj 27, 2011, 18:37:34 POSLE PODNE
da , meni je GP 2 puta hakovan... :( Evo pogledaj mi signature kakvo je ime servera :(
I objasni mi kako mogu zastiti GP? :(
Poslednja Izmena: Maj 27, 2011, 18:41:45 POSLE PODNE od Axel Nelson.iso
//

[A]hidroKrilac

*

#3
Maj 27, 2011, 18:55:00 POSLE PODNE
Koji Anti Virus Koristis...

mozes da koristis ovaj besplatni program (ne brinite ovo nije warez...i potpuno je free)

http://www.combofix.org/download.php

skini ga, ugasi AntiVirus, ugasi net(preventiva) pusti ga da skenira...on ce sam naci viruse i obrisati ih. To je obicno neki Trojanac ili tako nesto..

Kada ti to zavrsi posalji mi na PM log files da vidim sta ti je sve nasao. Log File ces dobiti po zavrsetku samo mi ga kopiraj ovde..

Niposto nemoj prekidati taj proces pusti ga da odradi svoje ma koliko trajalo

I nakon toga sve sifre obavezno promeni ali nakon toga, sto ti on izbrise sve to....
Poslednja Izmena: Maj 27, 2011, 18:58:04 POSLE PODNE od Ralph
//

KombinatoR

*

#4
Maj 27, 2011, 18:59:02 POSLE PODNE
probaj start-run- "runrefog"  bez navodnika naravno, to ti je komanda koja pokrece keylogger koji sam ja imo....xD
ako nista ne nade... onda start-search "keylogger" i pogledaj pa obrisi... :D

ωт:яρ | αχєℓ иєℓѕσи

*

#5
Maj 27, 2011, 19:00:12 POSLE PODNE
Koristim ESET NOD32 Antivirus ... najnovija verzija,updatiran,licensiran... :(
Ma nevjerujem da je meni on tako usao... mozda ima neki bug GamePanel pa preko toga ulazi :(
Poslednja Izmena: Maj 27, 2011, 19:01:29 POSLE PODNE od Axel Nelson.iso
//

[A]hidroKrilac

*

#6
Maj 27, 2011, 19:01:56 POSLE PODNE
Citat: Axel Nelson.iso poslato Maj 27, 2011, 19:00:12 POSLE PODNE
Koristim ESET NOD32 Antivirus ... najnovija verzija,updatiran,licensiran... :(


Uradi sta sam ti rekao, do prije 2 dana sam i ja imao taj problem, samo ne sa Gp-om nego sa FaceBook-om..tako sam resio svoj problem
//

ωт:яρ | αχєℓ иєℓѕσи

*

#7
Maj 27, 2011, 19:20:50 POSLE PODNE
CitatComboFix 11-05-26.05 - Muharem Tvrtkovic 27.05.2011  19:14:27.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.385.1033.18.1015.715 [GMT 2:00]
Running from: c:\documents and settings\Muharem Tvrtkovic\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-27 to 2011-05-27  )))))))))))))))))))))))))))))))
.
.
2011-05-22 13:46 . 2011-05-22 13:46   --------   d-----w-   c:\program files\MTA San Andreas
2011-05-21 11:16 . 2011-05-21 16:18   --------   d-----w-   c:\program files\GIGAtech Rol3Play
2011-05-20 18:15 . 2011-05-27 17:03   --------   d-----w-   c:\documents and settings\Muharem Tvrtkovic\Application Data\FileZilla
2011-05-20 18:15 . 2011-05-20 19:16   --------   d-----w-   c:\program files\FileZilla FTP Client
2011-05-16 14:00 . 2011-05-16 14:00   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\Xfire
2011-05-14 18:00 . 2011-05-14 18:00   --------   d-----w-   c:\documents and settings\Muharem Tvrtkovic\Local Settings\Application Data\SA_MP_KeyBind
2011-05-13 09:11 . 2011-05-13 09:11   --------   d-sh--w-   c:\windows\ftpcache
2011-05-10 14:44 . 2011-05-16 14:21   --------   d-----w-   c:\documents and settings\Muharem Tvrtkovic\Application Data\GameRanger
2011-05-10 11:32 . 2011-05-11 16:08   --------   d-----w-   c:\program files\Rockstar Games
2011-05-10 11:32 . 2004-10-22 00:16   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-05-10 11:30 . 2004-10-22 00:18   749568   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-10 11:30 . 2004-10-22 00:17   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-10 11:30 . 2004-10-22 00:17   274432   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-10 11:30 . 2004-10-22 00:16   180224   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-10 11:30 . 2011-05-10 11:30   323716   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-10 11:30 . 2011-05-10 11:30   192644   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-08 14:41 . 2011-05-08 14:41   --------   d-----w-   c:\program files\Microsoft
2011-05-08 14:40 . 2011-05-08 14:42   --------   d-----w-   c:\program files\Windows Live
2011-05-08 11:56 . 2011-05-08 12:08   --------   d-----w-   c:\documents and settings\Muharem Tvrtkovic\Local Settings\Application Data\MTA San Andreas
2011-05-08 08:43 . 2011-05-08 08:43   98304   ----a-w-   c:\windows\system32\CmdLineExt.dll
2011-05-07 19:29 . 2004-08-20 13:50   159744   ----a-w-   c:\windows\system32\igfxres.dll
2011-05-07 19:24 . 2011-05-07 19:24   --------   d-----w-   c:\documents and settings\All Users\Uniblue
2011-05-04 20:10 . 2011-05-04 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-05-04 20:00 . 2011-05-04 20:07   --------   d-----w-   c:\program files\Common Files\Adobe
2011-05-02 22:19 . 2011-05-02 22:19   --------   d-----r-   C:\AHCache
2011-05-02 21:07 . 2011-05-02 21:07   --------   d-sh--w-   c:\documents and settings\Muharem Tvrtkovic\IECompatCache
2011-05-02 19:10 . 2011-05-02 19:10   --------   d-----w-   c:\documents and settings\Muharem Tvrtkovic\Local Settings\Application Data\Identities
2011-04-29 15:11 . 2011-04-29 15:12   --------   d-----w-   c:\documents and settings\Muharem Tvrtkovic\Application Data\DAEMON Tools Pro
2011-04-29 15:11 . 2011-04-29 15:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2011-04-28 12:10 . 2011-04-28 14:07   --------   d--h--w-   c:\windows\$hf_mig$
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 16:51 . 2011-04-16 16:51   41872   ----a-w-   c:\windows\system32\xfcodec.dll
2011-04-14 07:47 . 2011-04-14 07:47   86016   ----a-w-   c:\windows\system32\frapsvid.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-06-07 . F958DC764FCCB2E899FC5F58BACF8494 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6 by KGB\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6 by KGB\\hlds.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GIGAtech Rol3Play\\v1.4 Beta\\samp-server.exe"=
"c:\\Program Files\\GIGAtech Rol3Play\\Kopija od v1.4 Beta\\samp-server.exe"=
"c:\\Documents and Settings\\Muharem Tvrtkovic\\Desktop\\GIGAtech Rol3Play\\samp-server.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 77.78.192.10 94.140.66.194
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-AdobeBridge - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 19:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-27  19:20:53
ComboFix-quarantined-files.txt  2011-05-27 17:20
.
Pre-Run: 19.706.806.272 bytes free
Post-Run: 19.675.541.504 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - A8A70245068FAD6A9D224AA646C53040

Evo ga log :)
Btw: ja neznam odakle mozila folder kada sam ja mozilu dlt prije skoro 1mjesec -.-'
Poslednja Izmena: Maj 27, 2011, 19:21:40 POSLE PODNE od Axel Nelson.iso
//

[A]hidroKrilac

*

#8
Maj 27, 2011, 19:27:28 POSLE PODNE
Pa ostane, ti posto moras neke fajlove i rucno da brises, sada pokrenu Nod Sve skeniraj...ali bas sve..i dajvove i sve..i Skini Malware neki program pa i sa tim skeniraj. onda ne bi trebao imati problema
//

ωт:яρ | αχєℓ иєℓѕσи

*

#9
Maj 27, 2011, 19:30:48 POSLE PODNE
Citat: Ralph poslato Maj 27, 2011, 19:27:28 POSLE PODNE
Pa ostane, ti posto moras neke fajlove i rucno da brises, sada pokrenu Nod Sve skeniraj...ali bas sve..i dajvove i sve..i Skini Malware neki program pa i sa tim skeniraj. onda ne bi trebao imati problema

Ma kada sam uninstall onda sam pogledao nema tog foldera u program files... ovo je bio skriven fajl :(
//
Štampaj
Idi gore Stranice1
Korisničke akcije