Forum Sementara Putera.com

Would you like to react to this message? Create an account in a few clicks or log in to continue.
Forum Sementara Putera.com

Bersama kita perkemaskan forum ini sementara forum asal dalam pemulihan.

Forum putera dah kembali. Masalah sudah berjaya diselesaikan. Sila lawati http://forum.putera.com/tanya


4 posters

    Keyboard.exe

    anakin
    avatar
    anakin
    Ahli Baharu
    Ahli Baharu


    Number of posts : 27
    Registration date : 05/03/2009
    • Post n°1

    Keyboard.exe Empty Keyboard.exe

    Post by anakin Wed Aug 19, 2009 6:00 pm

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:47:57 PM, on 8/19/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\Fonts\Fonts.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\HBCD\WinTools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
    O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
    O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FreshDownload - {D618FA0B-EE57-4759-84EF-BEBA856154AF} - F:\Fresh_Download\FreshDownload\fd.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{58F76935-1AD9-4801-A851-50A43B60D4E7}: NameServer = 192.168.6.230,10.46.0.70
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SWEEP for Windows NT Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    O23 - Service: SWEEP for Windows NT (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 6397 bytes


    Assalamualaikum..
    Aku ada problem virus ni Keyboard.exe
    Banyak PC kat ofis aku dah kena virus ni..
    Setakt ni solution yang aku ada ialah FORMAT..

    -Virus ni akan mematikan anti virus.. Tak kiralah apa jenis antivirus sekalipun..
    -Akan disable kan regedit n taskmanager..
    -Semua PC yang kena virus ni, x blh masuk safemode..
    -Aku cuba buang kat startup (msconfig), tapi bila restart ada balik Keyboard.exe ni..
    -File ni berada kat C:\WINDOWS\system\Keyboard.exe, bila aku cuba attrib, dia x boleh show..

    Tolong bro-bro semua..
    • Back to top
    ayoi
    ayoi
    ayoi
    Moderators
    Moderators


    Gender : Male Number of posts : 1090
    Age : 94
    Registration date : 04/03/2009
    • Post n°2

    Keyboard.exe Empty Re: Keyboard.exe

    Post by ayoi Wed Aug 19, 2009 6:48 pm

    huhu virus jelmaan sality ..hehehe

    amik ni http://www.avg.com/virus-removal.ndi-67769 or sini http://www.ziddu.com/download/4592701/sality_off.rar.html

    atau memana remover antivirus lain ngan nama sally or sality


    atau leh cuba yang ni punya anti virus http://morphians.wordpress.com/
    indo punya
    • Back to top
    anakin
    avatar
    anakin
    Ahli Baharu
    Ahli Baharu


    Number of posts : 27
    Registration date : 05/03/2009
    • Post n°3

    Keyboard.exe Empty Re: Keyboard.exe

    Post by anakin Thu Aug 20, 2009 7:05 pm

    ayoi wrote:huhu virus jelmaan sality ..hehehe

    amik ni http://www.avg.com/virus-removal.ndi-67769 or sini http://www.ziddu.com/download/4592701/sality_off.rar.html

    atau memana remover antivirus lain ngan nama sally or sality


    atau leh cuba yang ni punya anti virus http://morphians.wordpress.com/
    indo punya

    Bro..
    Avg tu x detect la bro..
    Morphost tu pulak dia detect, tapi x leh delete virus2 tu..
    So, ada cara lain x?
    • Back to top
    ayoi
    ayoi
    ayoi
    Moderators
    Moderators


    Gender : Male Number of posts : 1090
    Age : 94
    Registration date : 04/03/2009
    • Post n°4

    Keyboard.exe Empty Re: Keyboard.exe

    Post by ayoi Thu Aug 20, 2009 7:27 pm

    apa nama virus tu
    • Back to top
    anakin
    avatar
    anakin
    Ahli Baharu
    Ahli Baharu


    Number of posts : 27
    Registration date : 05/03/2009
    • Post n°5

    Keyboard.exe Empty Re: Keyboard.exe

    Post by anakin Thu Aug 20, 2009 7:47 pm

    ayoi wrote:apa nama virus tu

    Macam macam nama ada..

    Yang pentingnya keyboard.exe tu la..
    Yang lain seperti global.exe, font.exe dan banyak lagi lah..
    • Back to top
    e_sentinel
    avatar
    e_sentinel
    Ahli Baharu
    Ahli Baharu


    Number of posts : 479
    Registration date : 02/03/2009
    • Post n°6

    Keyboard.exe Empty Re: Keyboard.exe

    Post by e_sentinel Thu Aug 20, 2009 8:33 pm

    PC awak dah teruk kena jangkitan, ni antara list dia:

    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
    C:\WINDOWS\Fonts\Fonts.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
    O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
    O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
    O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
    O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: FreshDownload - {D618FA0B-EE57-4759-84EF-BEBA856154AF} - F:\Fresh_Download\FreshDownload\fd.exe (file missing)

    Aku nie x pandai, jadi aku boleh suggest ajer la .. cuba run ComboFix, pastu run Malwarebytes' AntiMalware ... jika kedua-dua tool ni x leh jalan, run dulu Sality_Off, then kasi run 2 2 tool diatas .... jika semua x leh run, buat dulu online scanning guna Kaspersky ke, ESET ke, etc ..
    • Back to top
    test0123
    test0123
    test0123
    Ahli Rajin
    Ahli Rajin


    Gender : Male Number of posts : 1002
    Age : 40
    Location : Bandar Tasek Mutiara, Penang
    Job/hobbies : Executive/ Cari Gondang
    Registration date : 20/02/2009
    • Post n°7

    Keyboard.exe Empty Re: Keyboard.exe

    Post by test0123 Fri Aug 21, 2009 1:06 am

    tak bleh fix..reformat.. Basketball
    • Back to top
    Sponsored content

    Sponsored content


    • Post n°8

    Keyboard.exe Empty Re: Keyboard.exe

    Post by Sponsored content

    • Back to top
      Current date/time is Fri May 17, 2024 11:52 am