Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

'Your computer is infected'

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

'Your computer is infected'

Postdi Snoopy85 » 07/07/06 23:32

Ciao ragazzi, ho un problema: sulla barra degli strumenti mi è comparsa una 'X' rossa ('Your computer is infected' - il pop up recita: Your computer is in danger: Windows Securuty Center has detected spyware/adware infection!...). Posto il log hijackthis sperando che qualcuno possa aiutarmi.

Logfile of HijackThis v1.99.1
Scan saved at 0.26.35, on 08/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\WINXP\System32\rundll32.exe
C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINXP\TEMP\vrbj1.exe
C:\WINXP\System32\testtestt.exe
C:\WINXP\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Windows\xpupdate.exe
C:\WINXP\System32\taskdir.exe
C:\TinMessenger\C6 Client\c6Messenger.exe
C:\WINXP\System32\CTsvcCDA.EXE
C:\WINXP\System32\devldr32.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metallica.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vrbj1.exe] C:\WINXP\TEMP\vrbj1.exe
O4 - HKLM\..\Run: [System] C:\WINXP\System32\testtestt.exe
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINXP\System32\testtestt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [taskdir] C:\WINXP\System32\taskdir.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - Startup: C6 Messenger.lnk = C:\TinMessenger\C6 Client\c6Messenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10258-23.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... 31d43d35df
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/10258-23.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE
O23 - Service: LogGfd - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt5.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Sponsor
 

Postdi andorra24 » 07/07/06 23:52

Scarica SmitFraudfix e decomprimilo in una cartella a tua scelta estraendo tutti i file:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Riavvia in modalità provvisoria

Apri la cartella che contiene SmitfraudFix avvia smitfraudfix.cmd
Seleziona opzione #2 - Clean cliccando sul 2 e premi Invio.
Riceverai questo messaggio: Registry cleaning - Do you want to clean the registry ?
Rispondi Sì cliccando Y e premi invio.
Rispondi Sì (Y) ad eventuali altre domande

eseguita tutta la scansione dopo il riavvio del pc posta sul forum il rapporto del programma.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Snoopy85 » 08/07/06 07:49

Innanzitutto grazie. Ho seguito i tuoi consigli; ora riporto il rapporto del programma (l'avviso/la 'X' rossa è scomparsa, ma il pc è lentissimo):

SmitFraudFix v2.68b

Scan done at 8.32.11,78, 08/07/2006
Run from C:\Documents and Settings\Argentieri Donato\Desktop\Smitf
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINXP\system32\dlh9jkdq?.exe Deleted
C:\WINXP\system32\kernels8.exe Deleted
C:\WINXP\system32\taskdir.exe Deleted
C:\WINXP\system32\taskdir~.exe Deleted
C:\WINXP\system32\TheMatrixHasYou.exe Deleted
C:\WINXP\system32\vxgame?.exe Deleted
C:\WINXP\system32\vxgamet?.exe Deleted
C:\WINXP\system32\zlbw.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi andorra24 » 08/07/06 08:00

Bene,adesso posta un nuovo log di hijackthis per vedere se ci sono altre cose da eliminare.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Snoopy85 » 08/07/06 14:35

Ok, ecco il nuovo log hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15.33.23, on 08/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\WINXP\System32\rundll32.exe
C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINXP\TEMP\vrbj1.exe
C:\WINXP\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\TinMessenger\C6 Client\c6Messenger.exe
C:\WINXP\System32\CTsvcCDA.EXE
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINXP\System32\devldr32.exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINXP\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paolobenvegnu.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vrbj1.exe] C:\WINXP\TEMP\vrbj1.exe
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - Startup: C6 Messenger.lnk = C:\TinMessenger\C6 Client\c6Messenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10258-23.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... 31d43d35df
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/10258-23.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE
O23 - Service: LogGfd - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt5.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe

Grazie ancora.
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi andorra24 » 08/07/06 15:09

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto e premi ''kill process'':

C:\WINXP\TEMP\vrbj1.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - HKLM\..\Run: [vrbj1.exe] C:\WINXP\TEMP\vrbj1.exe
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10258-23.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/i ... 31d43d35df
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/10258-23.exe
O23 - Service: LogGfd - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt5.exe (file missing)

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php

con killbox assicurati di eliminare i seguenti files:

con killbox assicurati di eliminare i seguenti files:
C:\WINXP\TEMP\vrbj1.exe
C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe

Aggiorna il sistema operativo.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Snoopy85 » 15/07/06 18:26

Ancora un grazie, problema risolto.
Già che ci sono colgo l'occasione per chiederti/chiedere come poter rendere più sicuro il mio pc. Ho installato Avast (prima avevo Norton), e una volta installato ho dovuto disinstallare ZoneAlarm (perchè entravano in "conflitto").

Consigli? Naturalmente cerco qualcosa di gratuito. :)
Snoopy85
Utente Junior
 
Post: 10
Iscritto il: 07/07/06 23:20

Postdi andorra24 » 15/07/06 19:03

Snoopy85 ha scritto: Ho installato Avast (prima avevo Norton), e una volta installato ho dovuto disinstallare ZoneAlarm (perchè entravano in "conflitto").

Consigli? Naturalmente cerco qualcosa di gratuito. :)

Consigli per un firewall gratuito? In giro per i forum leggo commenti molto positivi su Comodo firewall: http://www.comodogroup.com/products/per ... ewall.html
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "'Your computer is infected'":


Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite