[01:51:42 PM] LEE [9W2LJT] says: sibuk ko
[01:51:47 PM] LEE [9W2LJT] says: minta bantuan
[02:01:02 PM] LEE [9W2LJT] says: help
[02:07:54 PM] ketuketeh says: ya
[02:07:56 PM] ketuketeh says: apa dia
[02:08:04 PM] ketuketeh says: sibuk jugak tapi biasa lar.. akan cuba
[02:09:17 PM] LEE [9W2LJT] says: ni, bila kawe buka ie, kat atas tu dia tulis selamat_berposa. kawe trace dlm regedit. under windows title ada benda tu, some sort script. bila delete pun datang abalik, mcm mana nak buat
[02:09:49 PM] ketuketeh says: there is samting active in your pc.. some active process
[02:10:03 PM] ketuketeh says: can you give me your process list?
[02:10:40 PM] LEE [9W2LJT] says: kat mana
[02:10:47 PM] ketuketeh says: task manager
[02:10:56 PM] ketuketeh says: some time tak keluar kat task manager...
[02:11:10 PM] LEE [9W2LJT] says: nak hantar lagu mana list tu
[02:11:20 PM] ketuketeh says: sent kat sini ler...
[02:11:51 PM] LEE [9W2LJT] says: print screen ko
[02:11:59 PM] ketuketeh says: bukan
[02:12:08 PM] LEE [9W2LJT] says: then
[02:12:36 PM] LEE [9W2LJT] says: kena worm ke virus ke ni
[02:12:46 PM] ketuketeh says: guna HiJackThis
[02:14:02 PM] LEE [9W2LJT] says: then
[02:14:16 PM] ketuketeh says: save senarai dia tu...
[02:14:33 PM] LEE [9W2LJT] sent file "hijackthis.log" to members of this chat
[02:15:08 PM] ketuketeh says: C:\WINDOWS\system32\devldr32.exe, ini untuk apa? adal dalam awak pun process
[02:15:20 PM] LEE [9W2LJT] says: apa tu
[02:15:53 PM] ketuketeh says: C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WinPatrol\WinPatrol.exe
[02:16:14 PM] ketuketeh says: conime.exe mungkin untuk language...
[02:16:22 PM] ketuketeh says: wcsript.exe ?
[02:16:25 PM] ketuketeh says: winpatrol?
[02:16:36 PM] LEE [9W2LJT] says: winpatrol pakai
[02:16:47 PM] LEE [9W2LJT] says: wcsript tu kat mana
[02:16:59 PM] ketuketeh says: ok.. cuba terminate wscript.exe
[02:17:04 PM] ketuketeh says: ada tu.. dalam process...
[02:17:08 PM] ketuketeh says: sbb ada dalam log ni
[02:18:33 PM] ketuketeh says: anda guna sound card cap apa? creative ke?
[02:19:01 PM] LEE [9W2LJT] says: dah buat , dia tetap set sendiri dlm regedit windows title
[02:19:43 PM] ketuketeh says: ya... bila dah terminate.. kena search dalam registery .. delete juga dia tu.. atau guna any spyware remover...do u harve one?
[02:19:59 PM] LEE [9W2LJT] says: mcm mana nak buat, rasanya kena worm ke apa
[02:20:04 PM] ketuketeh says: guna soundcard apa?
[02:20:12 PM] LEE [9W2LJT] says: nope
[02:20:20 PM] LEE [9W2LJT] says: soundcard creatibe
[02:20:23 PM] LEE [9W2LJT] says: creative
[02:20:44 PM] ketuketeh says: okay.. kalau creavtie.. delvdr32.exe adalah driver creative.. if not maybe virus
[02:20:49 PM] LEE [9W2LJT] says: sebelum ni tadak, tp bila kawe ada guna pendrive org, terus mcm tu
[02:21:18 PM] ketuketeh says: hehe... dlaam pendirve tu ada autorun.inf.. bak sini autorun.inf tu
[02:21:31 PM] LEE [9W2LJT] says: kawe search dlm registry dan delete tapi masih ada, dlm registry dia tulis file tu sbg .js
[02:21:49 PM] LEE [9W2LJT] says: pendrive tu dah hantar balik
[02:21:51 PM] ketuketeh says: oooo... hangus.. memang bermaharajalela lah...
[02:22:01 PM] ketuketeh says: js = javascript.. demo tau kan
[02:22:04 PM] ketuketeh says: ok
[02:22:35 PM] LEE [9W2LJT] says: yup. dia masuk melalui java ni l
[02:23:02 PM] ketuketeh says: download ini
[02:23:04 PM] ketuketeh says: then run
[02:23:06 PM] ketuketeh says: http://download6.emsisoft.com/a2FreeSetup.exe
[02:23:19 PM] ketuketeh says: ni buang malware tu
0 komen:
Catat Ulasan