Citat:
loxy: Interesantno je da nije dirao "zip" fajlove. Tako da kod nas postoje neki kriptirani i nekriptirani identični fajlovi, a to bi već moglo da pomogne. Onaj ključ koji se navodi čisto sumnjam da nečemu služi.
Vidis...to nisam ni proveravao.
Elem...covek je nasao koji je virus kriptovao fajlove, updateovao bazu AV, ja ga pronasao (sa jos par nekih propratnih trojanaca), zipovao mu virus i poslao onako kako je trazio sa sve AV scan log-om da bi napravio dekripter. Ako nemate updateovan AV proverite da li na c:\Documents And Settings\LocalServices\LocalSettings\Temporary Internet
Files\Content.IE5\O1MJKP2R\ ima gpc.exe ili gpc[1].exe.
Evo ga i poslednji AV scan log doticnog racunara, mozda nekome pomogne :
Scan : completed
----------------
Scanned: 34997
Detected: 11
Untreated: 10
Start time: 6/5/2008 8:15:13 AM
Duration: 00:21:28
Finish time: 6/5/2008 8:36:41 AM
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Dropper.Win32.NSIS.f File: \\Ilija\c$\Documents and Settings\Ilija\Local Settings\Temp\.tt1A.tmp
detected: Trojan program Trojan-Dropper.Win32.NSIS.f File: \\Ilija\c$\Documents and Settings\Ilija\Local Settings\Temp\.tt5.tmp
detected: Trojan program Trojan-Downloader.Win32.Injecter.ss File: \\Ilija\c$\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WT7N4OGI\notepad32[2].exe
detected: Trojan program Trojan.Win32.Vapsup.gcg File: \\Ilija\c$\WINDOWS\vregfwlx.dll
detected: virus Heur.Trojan.Generic (modification) File: \\Ilija\c$\WINDOWS\system32\svchost.exe:exe.exe
detected: Trojan program Trojan-Downloader.Win32.Mutant.acm File: \\Ilija\c$\WINDOWS\system32\WinNt32.dll
detected: Trojan program Trojan-Downloader.Win32.Mutant.acm File: \\Ilija\c$\WINDOWS\system32\WinNt32.dl_
detected: Trojan program Trojan-Downloader.Win32.Mutant.acl File: \\Ilija\c$\WINDOWS\system32\drivers\djN15.sys
detected: Trojan program Trojan-Downloader.Win32.Mutant.acl File: \\Ilija\c$\WINDOWS\system32\drivers\yeJ84.sys
detected: virus Virus.Win32.Gpcode.ak File: \\Ilija\c$\WINDOWS\Temp\13.tmp
detected: virus Virus.Win32.Gpcode.ak File: \\Ilija\c$\WINDOWS\Temp\14.tmp