Merhaba
Malwarebytes ile taratabilirsiniz. Bu konularada en iyisidir. Taramadan önce Protection kısmından rootkit taramasını da aktif hale getirerek taramayı başlatırsanız daha etkili sonuç verecektir.
https://www.malwarebytes.com/mwb-download/thankyou/
Malwarebytes ile taratabilirsiniz. Bu konularada en iyisidir. Taramadan önce Protection kısmından rootkit taramasını da aktif hale getirerek taramayı başlatırsanız daha etkili sonuç verecektir.
https://www.malwarebytes.com/mwb-download/thankyou/
allah razı olsun işe yaradı kökünü kuruttu.
şöyle sonuçlarıda paylaşayım işine yarayan çıkar.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/13/18
Scan Time: 9:32 AM
Log File: ee7d11b2-e70d-11e8-830d-00ff3ec9ade3.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7817
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: PC5-Bilgisayar\PC5
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 221200
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 11 min, 52 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 1
Trojan.Agent.LSA, HKU\S-1-5-21-455223614-2614349514-429051497-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|APPLE UPDATER, Quarantined, [6482], [246401],1.0.7817
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 10
Trojan.Agent.LSA, C:\USERS\PC5\APPDATA\ROAMING\APPLE_UPDATER\LSASSS.EXE, Quarantined, [6482], [246401],1.0.7817
Trojan.Agent.LSA, C:\USERS\PC5\APPDATA\ROAMING\APPLE_UPDATER\SAFE, Quarantined, [6482], [246401],1.0.7817
RiskWare.Agent, C:\USERS\PC5\DESKTOP\TNod User & Password Finder.lnk, Quarantined, [3926], [352776],1.0.7817
RiskWare.Agent, C:\PROGRAM FILES\ESET\TNODUP.EXE, Quarantined, [3926], [352776],1.0.7817
HackTool.FilePatch, C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDM.6.X.X.UPDATE.11-PATCH-REIS.EXE, Quarantined, [7854], [281135],1.0.7817
Generic.Malware/Suspicious, C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\PATCH.EXE, Quarantined, [0], [392686],1.0.7817
HackTool.FilePatch, C:\PROGRAM FILES\SUPERHIDEIP\XENOCODER.X.X-PATCH.EXE, Quarantined, [7854], [281135],1.0.7817
RiskWare.Tool.HCK, C:\PROGRAM FILES\WINRAR\KEYGEN.EXE, Quarantined, [7769], [65942],1.0.7817
RiskWare.Tool.HCK, C:\USERS\PC5\DOWNLOADS\WINRAR-5.50-TURKCE-WT.EXE, Quarantined, [7769], [65942],1.0.7817
Generic.Malware/Suspicious, C:\USERS\PC5\DOWNLOADS\SANDBOXIE.5.22.RAR, Quarantined, [0], [392686],1.0.7817
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)benim tahminim LSASSS.EXE adındaki dosya sanırım kaynak ve apple_updater klasöründe bulunan.
https://www.virustotal.com/tr/file/3f97bd398e585c2291758a50c741bf5ada64e32dc1c62e24794fb18c584cc500/analysis/1421204916/