• User Newbie

    Virus System Alert

    Ciao AIUTATEMI .......
    mi è comparso al riavvio del pc un triangolino giallo con un punto esclamativo, che mi da i seguenti messaggi a fumetto ........ System Alert: Malware threats oppure, Security alert: [EMAIL="[email protected]"][email protected][/EMAIL] oppure, System performance monitor: Warning, ecc
    In più mi è comparsa in internet explorer la security toolbar e quando mi collego apre una serie di pagine e avvisi ke portano a scaricare programmi di protezione.

    ho provato a rimuovere tutto utilizzando SmitfraudFix.exe e HijackThis ma al riavvio mi è ricomparso lo stesso triangolino con i vari avvisi..... Vi prego Aiutatemi..
    GRAZIE.

    posto i log di SmitfraudFix.exe e HijackThis

    SmitFraudFix v2.252
    Scan done at 13.49.14,04, 11/11/2007
    Run from C:\Documents and Settings\Salvatore\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Logfile of HijackThis v1.99.1
    Scan saved at 14.15.10, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winmds.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis\HijackThis.exe
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\smvqquyw.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


  • Consiglio Direttivo

    Ciao totokamen2000 e benvenuto nel forum GT! 🙂

    Effettua una scansione in modalita' provvisoria con Virit e SuperAntiSpyware aggiornati!

    Con hijackthis fixa questa chiave:

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\smvqquyw.dll

    Fatto questo, riavvia di nuovo hijackthis dalla voce:

    Open the misc tools section ---> Open process manager ---> Seleziona il file **winmds.exe **e premi su Kill process!

    Vai poi in C:\WINDOWS\system32\ ed elimina winmds.exe!!!

    :ciauz: