gebyw.exe -Virus

[hammarlund]

Boas pessoal, alguem sabe como eliminar este animal? instala-se no Temp e nao sai com nada.

 

[ebaldo]

Amigo, tenta o ComboFix - AQUI.
________________

1. Fechar qualquer bowser aberto.

2. Fechar / desativar todos os anti vírus e anti malware programas para não interferir com o funcionamento do ComboFix.

* Muito Importante! Desativar temporariamente o anti-vírus, scripts de bloqueio e qualquer anti-malware de protecção em tempo real antes de efetuar uma busca. Eles podem interferir com ComboFix ou remover alguns dos seus arquivos embutido que pode causar "resultados imprevisíveis".
Veja uma lista dos programas que podem interferir na busca:

AVAST
Right click on the avast! icon in system tray (looks like this: ) and choose (Stop On-Access Protection)

AVG
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I’ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )

    * right click it-> untick the option AntiVir Guard enable.
    * You should now see a closed, white umbrella on a red background (looks to this: )

You succesfully disabled the AntiVir Guard.

F-SECURE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a blue sign.

    * right click it-> select Unload.
    * The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )

You succesfully disabled the F-Secure Guard.

KASPERSKY ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

    * right click it-> select Pause Protection.
    * click on -> By User Request
    * a popup will claim that protection is now disabled and a sign like this: will now be shown.

You succesfully disabled the Kaspersky Antivirus Guard.

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

    * right-click it -> chose "Exit."
    * a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

You succesfully disabled the McAfee Guard.

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

    * right-click it -> chose "Disable Auto-Protect."
    * select a duration of 5 hours (this assures no interference with the cleanup of your pc)
    * click "Ok."
    * a popup will warn that protection will now be disabled and the sign will now look like this: 

You succesfully disabled the Norton Antivirus Guard.

ESET NOD32 ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

    * click it -> click on the button.
    * a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

You succesfully disabled the NOD32 Guard.

AntiVir Premium Suite
Please navigate to the system tray on the bottom right hand corner and look for this sign

    * Right click it-> untick the option AntiVir Guard enable.
    * You should now see a closed, white umbrella on a red background (like this: )

You succesfully disabled the AntiVir Premium Suite Guard.

AVG Antivirus Plus Firewall
Please navigate to the system tray on the bottom right hand corner and look for this sign.

    * Right click it-> select Quit Control Center.
    * A warning will pop up, click "Yes"

You succesfully disabled the AVG Antivirus Plus Firewall Guard.

CA Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for the following sign.

    * Right click it-> hover (mouse-over) over CA Personal Firewall menue option. A sub-menu will popup.
    * Please chose "Disable CA Personal Firewall"
    * Unfortunately the system tray icon does not change, so if you want to double-check whether or not you successfully disabled the Firewall, do the above steps again and look for "Enable CA Personal Firewall." If this is the case, then you succesfully disabled the CA Personal Firewall Guard.

Comodo Firewall Pro (free Personal)

    * Right-click the System Tray Icon.
    * Select Exit.
    * On the Pop up window, Click the Yes button.

You succesfully disabled Comodo Firewall.

F-Secure Internet Security Suite
Please navigate to the system tray on the bottom right hand corner and look for a blue sign.

    * Right click it-> select Unload.
    * Select: "Unload and allow all network traffic"
    * Select Unload to confirm deactivation of F-Secure Internet Security
    * You will be asked to enter your Parental Control Password. Please enter it and click "OK."
    * The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )

You succesfully disabled the F-Secure Guard.

Jetico Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for this sign (the arrows could also be filled with green color instead of grey, indicating that the Firewall currently detects traffic).

    * Right click it->click on the option Shutdown Firewall.

You succesfully disabled the Jetico Personal Firewall Guard.

Kaspersky Internet Suite
Please navigate to the system tray on the bottom right hand corner and look for a sign.

    * Right click it-> select Pause Protection.
    * Click on -> By User Request
    * A popup will claim that protection is now disabled and a sign like this: will now be shown.

You succesfully disabled the Kaspersky Internet Suite Guard.

Lavasoft Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for either one of the following three (the sign varies depending on the settings you chose on your PC) / / signs.

    * Right click it-> select Exit.
    * You will be confronted with a popup saying that you are no longer protected and will disable the Firewall. Click on "Yes."

You succesfully disabled the Lavasoft Personal Firewall Guard.

Norton Internet Security

    * Please have a look at this link and follow its instructions.
    * Protection will now be disabled.

You succesfully disabled the Norton Internet Security Guard.

Norton decided to install in German for me, although it never asked. According to the help file, you can also do it the following way (translated into English):

    * Please open Norton Internet Security Center by clicking the system tray icon and chosing the appropriate option.
    * Now click on the tab "Norton Internet Security" and click on "Settings."
    * Click the Internet Usage option "Personal Firewall."
    * Click "deactivate"

After a tortorous and never seeming to end install of this crapware, I would appreciate if you either agree to use the first option, or to double check for me. I am not really fond of tricking Norton to think I am not a silly German and allowing me to download a proper installer....

Agnitum Outpost Firewall Pro
Please navigate to the system tray on the bottom right hand corner and look for either one of the following three (the sign varies depending on the settings you chose on your PC) / / signs.

    * Right click it-> select "Firewall Policy...".
    * Chose "Disable."
    * You will now see a sign like this in the systemtray.

You succesfully disabled the Agnitum Outpost Firewall Pro Guard.

Panda Internet Security Suite
Please navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.

    * Right click it-> select "Close automatic protection.".
    * A message will pop up and warn you about disabling the protection. Chose "Yes."
    * The above sign in the systemtray will now disapear.

You succesfully disabled the Panda Internet Security Guard.

PC Tools Firewall Plus
Please navigate to the system tray on the bottom right hand corner and look for this sign

    * Right click it->click on the option Disable Firewall.
    * You should now see a sign like this: 

You succesfully disabled the PC Tools Firewall Plus Guard.

Radialpoint Security Services
Please navigate to the system tray on the bottom right hand corner and look for the following sign.

    * Right click it-> select "Exit.".
    * A message will pop up and warn you about disabling the protection. Chose "Yes."
    * The above sign in the systemtray will now disapear.

You succesfully disabled the Radialpoint Security Services Guard.

Sygate Personal Firewall
Please navigate to the system tray on the bottom right hand corner and look for the following sign.

    * Right click it-> select "Exit Firewall".
    * A message will pop up and warn you about disabling the protection. Chose "Yes."
    * The above sign in the systemtray will now disapear.

You succesfully disabled the Sygate Personal Firewall Guard. 

AD-AWARE AD-WATCH

    * Right click on the Ad-Watch icon in the system tray.
    * At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
          o Active: This will turn Ad-Watch On\Off without closing it.
          o Automatic: Suspicious activity will be blocked automatically.
    * Uncheck both of those boxes.
    * (When done, you can re-enable it using the same steps but this time check both boxes.)

AVG ANTI-SPYWARE

    * Launch AVG Anti-Spyware.
    * From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    * Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

COMODO BO CLEAN

    * Right-click the System Tray Icon.
    * Select Shut down BO Clean button.
    * Restarts on reboot or open from Program Menu.

COUNTERSPY

    * Right-click the running icon of CounterSpy in the sytem tray and select shutdown.
    * Or with your mouse, hover over Active Protection Status (This should be enabled).
    * A menu will slide out and then you need to right click on "Disable Active Protection".
    * Note: If you don't see the icon down there then press Ctrl+Alt+Delete to bring up Task Manager and go to processes and look for sunasserv and sunasdtserv. End them both then the program will be off.

      (When we are done, re-enable Counterspy by launching the program from Start > Programs, click on the Active Protection. It will either say Active Protection enabled or disabled. On the right side, you can select each of the tasks (scroll down to see all of them) individually, then either enable or disable them on the bottom right, individually. If you have a problem doing that then click on help, choose run setup wizard, click next 2 times, make sure automatic updates is set to yes, click next, make sure enable active protection is set to yes, click next, then click finish, then exit. Then open CounterSpy to make sure that the active protection has been enabled.)

PREVX

    * Right click on the Prevx icon in your system tray and choose Show Management Console.
    * On the Management Console click the Protection Level drop-down menu.
    * You will see three levels:
          o Maximum
          o Off
          o User Defined
    * To disable all protection set the level to Off.
    * You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
    * Click the X on the upper right hand corner to exit the Management console.

PROCESS GUARD

    * Right-click the blue lock ProcessGuard icon located in the system tray.
    * Uncheck 'protection enabled'.
    * Click yes.

REG DEFEND
Right click the icon for RegDefend in the systray and select Exit.

SPYBOT TEATIMER

    * Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    * On the left hand side, click on Tools, then click on the Resident Icon in the list.
    * Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    * Click on the "System Startup" icon in the List
    * Uncheck the "TeaTimer" box and "OK" any prompts.
    * If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    * Exit Spybot S&D when done.
    * (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

SPY SWEEPER

    * Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".
    * On the left click "shields" and then uncheck everything there.
    * Uncheck "home page shield".
    * Uncheck "automatically restore default without notification".
    * Exit the program.
    * (When we are done, you can re-enable it using the same steps but this time reverse them.)

SPYWARE DOCTOR

    * Click the Spyware Doctor icon in the System Tray.
    * Click Settings.
    * Click Startup Settings under Pick a Category.
    * Uncheck "Run at Windows startup".
    * Click Apply and Exit Spyware Doctor.
    * From within Spyware Doctor, click the "OnGuard" button on the left side.
    * Uncheck "Activate OnGuard".
    * (When we are done, you can reenable Spyware Doctor)

SPYWARE GUARD

    * Right click the running icon of Spywareguard in the system tray to open the program.
    * Then go to Menu, File, and choose Exit.

TROJAN HUNTER

    * Go to TrojanHunter Guard in the the system tray. It is a light blue icon with a magnifying glass and red handle.
    * Right click on it and select settings.
    * Uncheck "Load at startup" and "Enabled". Make sure that the program, TrojanHunter itself, is also closed/not running.

WINDOWS DEFENDER

    * Click Start > Programs > Windows Defender or launch from the system tray icon.
    * Click on Tools & Settings > Options.
    * Under Real-time protection options, uncheck the "Real-time protection" check box.
    * Click Save.
    * Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
    * (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)

WINDOWS ONECARE

    * To Disable Antivirus: Open the Windows OneCare user interface.
    * Click View or Change Settings > Antivirus Tab.
    * Click the radio button to turn the anti-virus off.
    * To Disable Firewall: Open the Windows OneCare user interface.
    * Click View or Change Settings > Firewall Tab.
    * Drag down the slider to turn the firewall off.

WINPATROL
Right-click the running icon of Winpatrol in the sytem tray and choose exit.

 

[hammarlund]

Combofix

O download do combofix não executa

 

[helldanger1]

O download do combofix não executa

Executa o combofix em modo de segurança

:espi28:
hell

 

[hammarlund]

combofix

Executa o combofix em modo de segurança

:espi28:
hell

thanks, problema resolvido

 

[hammarlund]

combofix

thanks
problema resolvido
:Espi31:

 

[cRaZyzMaN]

hammarlund

aceita as regras e faz a tua apresentaçao