- Home
- Categorie
- Gaming, Hardware e Software
- Sicurezza Informatica & Privacy
- [Risolto] Virus potente WIN32
-
wolf scusa se ti rompo, in un tuo precedente topic ti ho sentito parlare di alcuni HKLM file, ne ho 5! e 12 HKCU compresi alcuni malicious script scanner........come mi comporto?
grazie
-
@8enrico4 said:
wolf scusa se ti rompo, in un tuo precedente topic ti ho sentito parlare di alcuni HKLM file, ne ho 5! e 12 HKCU compresi alcuni malicious script scanner........come mi comporto?
grazieRiesci ad allegare qui sul forum, il log di hijackthis?
Comunque, effettua una scansione con virit antivirus e una ripulita con ATFcleaner!
-
ho provato a spostare il file ma sul mac me lo salva come .log questa estensione non sembra essere accettata da GT
-
@8enrico4 said:
ho provato a spostare il file ma sul mac me lo salva come .log questa estensione non sembra essere accettata da GT
Effettua un copia/incolla del contenuto!
-
GT non accetta i file .log
-
@8enrico4 said:
GT non accetta i file .log
Apri il file log, seleziona tutto --> copia/incolla qui nel forum!
-
non me lo fa fare, ci sono molti link e come membro "novello" non posso mettere link......Diamine!
-
@8enrico4 said:
non me lo fa fare, ci sono molti link e come membro "novello" non posso mettere link......Diamine!
Ok, tranquillo!
Prova a farmi un pvt!
-
Log Hijack!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:24 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
O4 - HKLM..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvsif.dll,startup
O4 - HKLM..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvwoz.dll,startup
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU..\Run: [msiconf.exe] msiconf.exe
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Iorio\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: winssl32 - C:\WINDOWS\SYSTEM32\winssl32.dll
O21 - SSODL: CheckRunOnce - {c8cb6581-b0f0-489a-b0b6-75f94235af98} - C:\WINDOWS\Installer{c8cb6581-b0f0-489a-b0b6-75f94235af98}\CheckRunOnce.dll (file missing)
O21 - SSODL: ChkSrv - {61659d43-ac7a-42e3-9498-064caab81586} - C:\WINDOWS\Installer{61659d43-ac7a-42e3-9498-064caab81586}\ChkSrv.dll (file missing)
O21 - SSODL: SrvRam - {393ae5d0-3c10-4273-a583-b8ab30ca01c0} - C:\WINDOWS\Installer{393ae5d0-3c10-4273-a583-b8ab30ca01c0}\SrvRam.dll (file missing)
O21 - SSODL: MonBoot - {820a8456-7813-417f-89d6-d200fa621336} - C:\WINDOWS\Installer{820a8456-7813-417f-89d6-d200fa621336}\MonBoot.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.nausicaa.napoli.it/files/materiali/Porto di Napoli.jpg
O24 - Desktop Component 1: (no name) - http://www.rssc.com/rss/ships/PAU/PAU Destinations DL/Bora-Bora lagoon.jpg
-
ciao wolf, hai tutto sul messaggio [privato, muchas gracias!
-
Fixa con hijackthis queste chiavi:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvsif.dll,startup
O4 - HKLM..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvwoz.dll,startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU..\Run: [msiconf.exe] msiconf.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Iorio\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O20 - Winlogon Notify: winssl32 - C:\WINDOWS\SYSTEM32\winssl32.dllOra, scarica avenger:
effettua un copia/incolla di questo script, nel riquadro bianco "input script here":
Files to delete:
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\drivers\hldrrr.exe- elimina la spunta su: scan for rootkit "in basso a sinistra"
- premi su execute
- rispondi SI alle richieste- ora il pc, dovrebbe riavviarsi;
- allega qui nel forum, il log di avenger!
Al riavvio:
-
ripulisci il pc con** ATF Cleaner**;
-
scarica panda anti-rootkit e questo Removal Tool ed avvio una scan!
-
Logfile of The Avenger Version 2.0, (c) by Swandogswandog46.geekstog
Platform: Windows XP
Script file opened successfully.
Script file read successfully.Backups directory opened successfully at C:\Avenger
Beginning to process script file:
File "C:\Program Files\DNA\btdna.exe" deleted successfully.
Error: file "C:\WINDOWS\system32\winupdate.exe" not found!
Deletion of file "C:\WINDOWS\system32\winupdate.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not existError: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not existCompleted script processing.
Finished! Terminate.
-
Eccolo! al momento il problema sembrerebbe essere sparito!
grazie wolf
-
@Wolf Otakar said:
Al riavvio:
-
ripulisci il pc con** ATF Cleaner**;
-
scarica panda anti-rootkit e questo Removal Tool ed avvio una scan!
Hai effettuato le scansioni con questi tools?
-
-
faccio ora, infatti cantavo vittoria troppo presto, il problema pop-up e' sparito ma non appena connetto l'antenna wireless, tempo 2 minuti e mi si spenge
-
@8enrico4 said:
faccio ora, infatti cantavo vittoria troppo presto, il problema pop-up e' sparito ma non appena connetto l'antenna wireless, tempo 2 minuti e mi si spenge
Dopo aver ripulito con **ATF Cleaner **e scansionato con panda anti-rootkit e il tool di rimozione, riavvia il pc e posta un nuovo log con hijackthis!
-
Ciao wolf, i programmi che mi hai consigliato "panda e rootkit simantec" non hanno trovato risultati, adesso provo a cancellare la chiave che mi hai consigliato, se il problema si risolve, ti devo un weekend qui ad amsterdam!
-
Effettua anche un controllo antispyware con: SuperAntiSpyware "aggiornato"!
Ripulito con ATF Cleaner ??
-
fatto, atf cleaner, cancellata la kiave che mi dicevi
Il problema si presenta solamente quando avvio un qualsiasi browser o programma web-based
insomma, appena viene interpellata la rete, si spegne, mi va tipo in reboot.
-
sai cosa, se vuoi posso darti la Error Signature di Windows, perche mi esce una finestrina che mi avverte che e§ necessario restartare il pc perche si e§ verificato un problema serio