• L
    User

    Virus da eliminare

    Ho fatto una scansione ed ho trovato questo messaggio relativo a un virus
    C:\WINDOWS\Minidump\Mini070907-03.dmp is infected with Backdoor.Sumtax

    come posso eliminarlo?
    Grazie

    0
  • T
    Bannato User

    scarica Hijackthis
    clicca su do a system scan and save logfile,uscira' un file di testo.portalo qua sul forum.

    0
  • L
    User

    @tecnico24 said:

    scarica Hijackthis
    clicca su do a system scan and save logfile,uscira' un file di testo.portalo qua sul forum.

    Penso sia questo...
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18.33.14, on 10/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Programmi\Classic PhoneTools\CapFax.EXE
    C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
    C:\Programmi\OpenOffice.org 2.2\program\soffice.exe
    C:\Programmi\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Programmi\OpenOffice.org 2.2\program\soffice.BIN
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Outlook Express\msimn.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM..\Run: [CARPService] carpserv.exe
    O4 - HKLM..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
    O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM..\Run: [cctray] "C:\Programmi\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM..\Run: [CAVRID] "C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Programmi\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O4 - Global Startup: Watch.lnk = C:\Programmi\Mustek 1200 UB Plus\Driver\WATCH.exe
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
    O17 - HKLM\System\CCS\Services\Tcpip..{928641C9-0EAE-4BCC-9329-83C064A56B9B}: NameServer = 193.12.150.2 212.247.152.2
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programmi\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 6974 bytes

    0
  • T
    Bannato User

    segui queste istruzioni:
    http://translate.google.com/translate?hl=it&sl=en&u=http://www.symantec.com/security_response/print_writeup.jsp%3Fdocid%3D2003-080116-2904-99&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3Drimuovere%2BBackdoor.Sumtax%26hl%3Dit%26sa%3DG
    e dovresti rimuovere la backdoor.

    0
  • L
    User

    @tecnico24 said:

    segui queste istruzioni:
    http://translate.google.com/translate?hl=it&sl=en&u=http://www.symantec.com/security_response/print_writeup.jsp%3Fdocid%3D2003-080116-2904-99&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3Drimuovere%2BBackdoor.Sumtax%26hl%3Dit%26sa%3DG
    e dovresti rimuovere la backdoor.

    Nella run non riesto a trovare i rundll...richiesti nelle istruzioni...

    0
  • wolf.otakar
    Consiglio Direttivo

    Ciao tecnico24,

    ho sostituito il link riguardo hijackthis, postato precedentemente, con quello ufficiale!

    Ti ricordo, di usare sempre e solo link ufficiali! 🙂

    :ciauz:

    0
  • wolf.otakar
    Consiglio Direttivo

    Ciao Lucia24,

    il log di hijackthis è pulito. Ti consiglio di effettuare una scansione in "modalita' provvisoria" con Virit aggiornato, postando poi nel forum, il risultato di scansione!

    :ciauz:

    0
Effettua l'accesso per rispondere