Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Trojan TR/hijack.explor.2090

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Trojan TR/hijack.explor.2090

Postdi Imbranata » 20/02/07 00:21

Salve.
Ho formattato da poko ed ho skarikato ed installato antivir e spyware terminator, purtroppo xò,
m'ero già bekkata un sakko di virus :(

ekko quali mi segnala antivir:
-TR/hijack.Explor.2091
-TR/Agent.37888.4
-TR/hijack.Explor.2090
-TR/Dldr.Agent.asu.3
-TR/Proxy.Horst.Gen
-TR/Proxy.Horst.Gen
- + UNA VENTINA DI DERIVATI DAL TR/hijack.Explor.2090


QUESTO era il risultato della skansione:


"Start of the scan: lunedì 19 febbraio 2007 21:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'usnsvc.exe' - '1' Modules have been scanned
Scan process 'Sp_clamsrv.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'dslmon.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'msnmsgr.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'sp_rsser.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
25 processes with 25 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 11 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\mata\Desktop\alleggerire skansione\Nero Burning ROM ver.7.5.7.0 serial cracks.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2091
[INFO] The file was moved to '464c0b66.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\12exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0e26.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\14exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0e44.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\16exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0e4c.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\22exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0e6f.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\23exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0e73.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\27exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0eb3.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\2exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '46520ee5.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\32exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ebd.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\36exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ec4.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\38exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ec9.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\41exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '4756e951.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\44exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0eca.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\45exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ece.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\4exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '46520f02.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\54exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0eeb.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\56exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ef2.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\57exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ef6.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\61exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0ef3.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\63exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0f08.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\65exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0f0e.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\68exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0f13.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\85exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '4756e880.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\95exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0f17.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\97exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '463f0f1b.qua'!
C:\Documents and Settings\mata\Impostazioni locali\Temp\9exhdda.4.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.2090
[INFO] The file was moved to '46520f4c.qua'!"






Ho già provato ad eliminarli mettendoli prima in quarantena e poi kancellandoli kn antivir ma
suppongo nn sia sufficente xkè antivir kontinua a rilevare il trojan hijack.explor.etcetc,
attendo speranziosa il vostro aiuto, grazie

nn so kome allegare il logfile di HijackThis , quindi lo kopio:


Logfile of HijackThis v1.99.1
Scan saved at 21.59.25, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programmi\WinClamAVShield\sp_clamsrv.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\AntiVir PersonalEdition Classic\avscan.exe
C:\Programmi\BurracoWeb\BurracoWebClient.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15263BF-DA24-41D6-8F0C-3BC716E86AB7}: NameServer = 62.94.0.41 62.94.0.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
Imbranata
Newbie
 
Post: 4
Iscritto il: 18/02/07 19:43

Sponsor
 

Postdi andorra24 » 20/02/07 01:15

Ciao, con hijackthis elimina la seguente voce premendo fix checked:

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
estrai l'eseguibile sul desktop
apri KillBox
inserisci all'interno della stringa bianca questo percorso:
C:\WINDOWS\system\smss.exe
metti la spunta alla voce "Delete on Reboot", clicca sul bottone con una X bianca a sfondo rosso.

Scarica ATFCleaner e mettilo sul destop :
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF cleaner ( serve a eliminare i file temporanei), clicca sul menu "main" e poi seleziona la casella "Select All". Poi
clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

thx

Postdi Imbranata » 20/02/07 04:50

ehi, grazie mille! Ho fatto tutto, domani ti diko se s'è risolto il problema
Imbranata
Newbie
 
Post: 4
Iscritto il: 18/02/07 19:43

Postdi andorra24 » 20/02/07 20:22

Imbranata ha scritto:Kome immaginavo il tutto s'è risolto ed il maledetto è stato annientato.
Grazie x la disponibilità, la prontezza e la kompetenza dimostratami/ci.
Saluti :-)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi andorra24 » 20/02/07 20:23

Bene, mi fa piacere ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "Trojan TR/hijack.explor.2090":

controllo Hijack
Autore: dayfreeman
Forum: Sicurezza e Privacy
Risposte: 1
trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti