Forum
Merhaba,
CMD çalıştırdıktan sonra Echo ON yaptıktan sonra komut çalıştırmayı dener misiniz ?
Bir de bu CMD virüs yemiş olabilir. Kısayoldan çalıştırmayın direk dizini bulup buradan CMD bulun ve oradan çalıştırın.
Hocam 2 yöntemide denedim fakat malesef çözüm olmadı zaten her hangi bir komut yazınca echo kapalı yazdıktan yarım saniye sonra kapanıyor cmd
Selamlar,
İyi bir antivirüs programı ile full taramdan geçirip deneyip sonucu paylaşır mısın lütfen.
Hocam F-Secure ile tarattım sonuçlar aşağıdaki gibi;
Scanning
Report
08
April 2014 09:47:00 - 09:47:30
Computer
name: HTTPSERVER
Scanning type: Scan target
Target:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\server59[1].exe
Result:
1 malware found
Gen:Variant.Graftor.874
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\server59[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\4RXKN65S\server[1].exe Action: quarantined
Gen:Variant.Kazy.246978
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\all[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\S3OIORL3\all[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\all[2].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\4RXKN65S\all[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\4RXKN65S\all[2].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1V0VQVQQ\all[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1FA4OC0L\all[1].exe Action: quarantined
MemScan:Trojan.Generic.7690736
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\lpk.dll Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\S3OIORL3\lpk.dll Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\4RXKN65S\lpk.dll Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1V0VQVQQ\123456help[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1V0VQVQQ\lpk.dll Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1FA4OC0L\lpk.dll Action: quarantined - D:\MSOCache\All
Users\9000041f-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\lpk.dll
Action: quarantined - D:\MSOCache\All
Users\9000041f-6000-11D3-8CFE-0150048383C9\FILES\SETUP\lpk.dll Action:
quarantined - D:\MSOCache\All
Users\9000041f-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\lpk.dll
Action: quarantined
Gen:Variant.Strictor.26189
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\server[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1FA4OC0L\1234[1].exe Action: quarantined
Gen:Variant.Graftor.43188
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\SFF7IWPL\jlkra[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\4RXKN65S\jlkra[1].exe Action: quarantined
Gen:Variant.Zusy.67641
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\S3OIORL3\dz[1].exe Action: quarantined
Dropped:Generic.Malware.SFdld.2C530BCF
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\S3OIORL3\zcsdfs[1].exe Action: quarantined
Backdoor.Farfli.AS
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\4RXKN65S\5099[1].exe Action: quarantined - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1FA4OC0L\5099[1].exe Action: quarantined
Gen:Variant.Symmi.27178
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\S3OIORL3\SB360[1].exe Action: quarantined
Gen:Variant.Graftor.38935
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1V0VQVQQ\dz[1].exe Action: quarantined
Gen:Variant.Graftor.107543
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1V0VQVQQ\jinlul[1].exe Action: quarantined
Trojan.Generic.7240379
(virus)
- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\1FA4OC0L\Install[1].exe Action: quarantined
Statistics
Scanned:
- Files: 1
- Not scanned: 0
Result:
- Viruses: 1
- Spyware: 0
- Suspicious
items: 0 - Riskware: 0
Actions:
- Disinfected: 0
- Renamed: 0
- Deleted: 0
- Quarantined:
30 - Failed: 0
Boot Sectors:
- Scanned: 0
- Infected: 0
- Suspicious
items: 0 - Disinfected: 0
Options
Definitions version:
- Viruses:
2014-04-04_07 - Spyware:
2014-04-04_07
Scanning Engines:
- F-Secure
Aquarius: 11.00.01, 2014-04-04 - F-Secure
Hydra: 5.11.87, 2014-04-04 - F-Secure
Online: 13.51.02, 0-00-00 - F-Secure
Gemini: 3.02.243, 2014-03-12
Scanning options:
- Scan defined
files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL?
RTF CPL WIZ HTA PP? PWZ POT MSO PIF ACM ASP AX CNV CSC DRV INI MDB MPD MPP
MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG
ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI BAT CMD DOC DOT
JOB LSP MHT PHP PPT SWF WMA WMV WMF WRI XLS XLT CLASS TMP ZIP JAR ARJ LZH
TAR TGZ GZ CAB RAR BZ2 HQX - Scan inside
archives
Actions:
- Viruses:
Disinfect infected files - Spyware: Ask
after scan
Selamlar,
Sunucunuz virüs yemiş görüldüğü gibi. Farklı bir yerden CMD dosyası alıp bu sunucudaki ile değiştirin. Ayrıca farklı antivirüs programları ile taratıp temizletin.