Condividi:        

MS ASN1 Integer Overflow TCP.. Worm! Che faccio

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

MS ASN1 Integer Overflow TCP.. Worm! Che faccio

Postdi iko75 » 30/03/06 09:25

Norton comunica sta cosa cosa devo fare? Forse ne avete già discusso, ma non ho trovato riferimenti.

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your machine was detected and blocked.
Intruder: 14.242.105.61(2568).
Risk Level: High.
Protocol: TCP.
Attacked IP: PCSMASTER18(14.242.81.55).
Attacked Port: netbios-ssn(139).

Click the address to trace the attacker.

Posto il log di hijack:


Logfile of HijackThis v1.99.1
Scan saved at 10.08.02, on 30/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programmi\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\AdunanzA Fastweb\eMule_AdnzA.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Programmi\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info. ... taller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2408bcdb985 ... 601_it.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

Cosa posso levare senza paura??

ciao grazie a chiunque voglia rispondermi o indirizzarmi.
iko75
Utente Junior
 
Post: 13
Iscritto il: 18/11/05 10:01
Località: Lombardia

Sponsor
 

Postdi iko75 » 30/03/06 09:28

C'è pure sta roba..

Details: Intrusion detected and blocked. All communication with 14.242.105.61 will be blocked for 30 minutes.
Click the address to trace the attacker.

Intrusion: MS ASN1 Integer Overflow TCP.
Intruder: 14.242.105.61(2568).
Risk Level: High.
Protocol: TCP.
Attacked IP: PCSMASTER18(14.242.81.55).
Attacked Port: netbios-ssn(139).
Intrusion detected and blocked. All communication with 14.242.105.61 will be blocked for 30 minutes.
Intrusion detected and blocked. All communication with 14.242.122.165 will be blocked for 30 minutes.
Intrusion: MS ASN1 Integer Overflow TCP.
Intruder: 14.242.122.165(4037).
Risk Level: High.
Protocol: TCP.
Attacked IP: PCSMASTER18(14.242.81.55).
Attacked Port: netbios-ssn(139).
Intrusion detected and blocked. All communication with 14.242.115.17 will be blocked for 30 minutes.
Intrusion: MS ASN1 Integer Overflow TCP.
Intruder: 14.242.115.17(3560).
Risk Level: High.
Protocol: TCP.
Attacked IP: PCSMASTER18(14.242.81.55).
Attacked Port: netbios-ssn(139).
Internet Worm Protection is monitoring 570 signatures.
Internet Worm Protection is monitoring 570 signatures.
Intrusion: MS ASN1 Integer Overflow TCP.
Intruder: 14.242.105.61(4208).
Risk Level: High.
Protocol: TCP.
Attacked IP: PCSMASTER18(14.242.81.55).
Attacked Port: netbios-ssn(139).
Intrusion detected and blocked. All communication with 14.242.105.61 will be blocked for 30 minutes.
Internet Worm Protection has been enabled.
Internet Worm Protection is monitoring 570 signatures.
Internet Worm Protection is monitoring 570 signatures.
Internet Worm Protection Signature File Version: 22/03/2006 Rev. 78. Internet Worm Protection Engine Version: 2.0.0.50707.
Internet Worm Protection has been enabled.
iko75
Utente Junior
 
Post: 13
Iscritto il: 18/11/05 10:01
Località: Lombardia

Postdi fabrizius » 30/03/06 10:30

Ciao,
il log é pulito....dovresti aggiornare IE e sp2...
Comunque prova a fare uno scan online e vedi se viene fuori qualcosa:
BitDefender

Panda

>>>Antispyware<<<

Trend Micro
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi iko75 » 30/03/06 10:57

per sp2 ho un problema il negoziante mi ha fornito un hd con una copia clonata di OS..
iko75
Utente Junior
 
Post: 13
Iscritto il: 18/11/05 10:01
Località: Lombardia

Postdi iko75 » 30/03/06 11:02

ma se non uso ie xè lo devo aggiornare? :-?

uso firefox come browser e thunderbird per le mail..
iko75
Utente Junior
 
Post: 13
Iscritto il: 18/11/05 10:01
Località: Lombardia

Postdi fabrizius » 30/03/06 11:40

Si ma IE devi aggiornarlo anche se non lo usi,e poi per il windows update o per gli scan online si deve usare per forza....comunque se non puoi fare il windows update vai almeno in questa pagina e installa le ultime patch per la sicurezza,altrimenti sarai sempre vulnerabile ad attacchi di vario genere
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55


Torna a Sicurezza e Privacy


Topic correlati a "MS ASN1 Integer Overflow TCP.. Worm! Che faccio":


Chi c’è in linea

Visitano il forum: Nessuno e 50 ospiti