Condividi:        

Virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Virus

Postdi prof2000 » 20/03/08 21:45

Ciao appena ho acceso il pc mi appare la finestra di nod32, mi dice che il pc è infetto, con nod32 non riesco a toglierlo, mi potete aiutare?

file: windows/sistem32/cbxvvtqdll
virus: win32/adware.virtumonde applicazione
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Sponsor
 

Re: Virus

Postdi Luke57 » 20/03/08 23:24

Ciao, di già reinfettato? Riutilizza combofix per come spiegato e posta il suo report. Ovviamente continua qui la discussione.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus

Postdi prof2000 » 21/03/08 14:42

ComboFix 08-03-14.4 - User 2008-03-21 14.29.27.3 - NTFSx86
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7c125f6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bjefrbxt.ini
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ftgufxju.dll
C:\WINDOWS\system32\hnosnpcx.dll
C:\WINDOWS\system32\hsbjxrds.dll
C:\WINDOWS\system32\iwcsatmj.dll
C:\WINDOWS\system32\nrkfwmsv.dll
C:\WINDOWS\system32\pvaquowt.dll
C:\WINDOWS\system32\rolpbtyv.dll
C:\WINDOWS\system32\txbrfejb.dll
C:\WINDOWS\system32\vytbplor.ini
C:\WINDOWS\system32\vytbplor.tmp
C:\WINDOWS\system32\wkmweeiy.dll
C:\WINDOWS\system32\xqjsxpmk.dll
C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-02-21 al 2008-03-21 )))))))))))))))))))))))))))))))))))
.

2008-03-18 21:08 . 2008-03-18 21:08 34,208 --------- C:\WINDOWS\xp4dbyzv.exe
2008-03-18 21:08 . 2008-03-18 21:08 25,984 --a------ C:\WINDOWS\system32\ddcccyw.dll
2008-03-18 20:14 . 2008-03-19 14:54 1,526,422 --ahs---- C:\WINDOWS\system32\pugwrqym.ini
2008-03-17 21:16 . 2008-03-17 21:16 <DIR> d-------- C:\Programmi\CCleaner
2008-03-17 19:21 . 2008-03-18 20:13 1,526,197 --ahs---- C:\WINDOWS\system32\pikgunnb.ini
2008-03-17 19:12 . 2008-03-17 19:12 44,032 --a------ C:\WINDOWS\system32\cbxvvtq.dll
2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-01-21 16:58 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Xi
2008-01-21 16:57 --------- d-----w C:\Programmi\Xi
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91223DE9-F8E6-4FFD-8889-BE6784C18696}]
2008-03-17 19:12 44032 --a------ C:\WINDOWS\system32\cbxvvtq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"= C:\WINDOWS\system32\cbxvvtq.dll [2008-03-17 19:12 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtq]
cbxvvtq.dll 2008-03-17 19:12 44032 C:\WINDOWS\system32\cbxvvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 14:38:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-21 14:41:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 13:41:34
ComboFix2.txt 2008-03-17 11:13:09
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus

Postdi Luke57 » 21/03/08 15:21

Ciao, copi questo codice:

file::
C:\WINDOWS\xp4dbyzv.exe
C:\WINDOWS\system32\ddcccyw.dll
C:\WINDOWS\system32\pugwrqym.ini
C:\WINDOWS\system32\pikgunnb.ini
C:\WINDOWS\system32\cbxvvtq.dll

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91223DE9-F8E6-4FFD-8889-BE6784C18696}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtq]

lo incolli in un file di testo che salvi e chiami obbligatoriamente CFScript.txt, poi lo trscini sull'icona di combofix per una nuova scansione.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus

Postdi prof2000 » 21/03/08 20:49

ComboFix 08-03-14.4 - User 2008-03-21 20.29.38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.59 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-02-21 al 2008-03-21 )))))))))))))))))))))))))))))))))))
.

2008-03-18 21:08 . 2008-03-18 21:08 34,208 --------- C:\WINDOWS\xp4dbyzv.exe
2008-03-18 21:08 . 2008-03-18 21:08 25,984 --a------ C:\WINDOWS\system32\ddcccyw.dll
2008-03-18 20:14 . 2008-03-19 14:54 1,526,422 --ahs---- C:\WINDOWS\system32\pugwrqym.ini
2008-03-17 21:16 . 2008-03-17 21:16 <DIR> d-------- C:\Programmi\CCleaner
2008-03-17 19:21 . 2008-03-18 20:13 1,526,197 --ahs---- C:\WINDOWS\system32\pikgunnb.ini
2008-03-17 19:12 . 2008-03-17 19:12 44,032 --a------ C:\WINDOWS\system32\cbxvvtq.dll
2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-01-21 16:58 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Xi
2008-01-21 16:57 --------- d-----w C:\Programmi\Xi
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91223DE9-F8E6-4FFD-8889-BE6784C18696}]
2008-03-17 19:12 44032 --a------ C:\WINDOWS\system32\cbxvvtq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"= C:\WINDOWS\system32\cbxvvtq.dll [2008-03-17 19:12 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtq]
cbxvvtq.dll 2008-03-17 19:12 44032 C:\WINDOWS\system32\cbxvvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 20:33:57
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbxvvtq.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-03-21 20.36.16
ComboFix-quarantined-files.txt 2008-03-21 19:36:10
ComboFix2.txt 2008-03-21 13:41:45
ComboFix3.txt 2008-03-17 11:13:09
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus

Postdi Luke57 » 22/03/08 00:13

Ciao, scarica VundoFix
http://www.atribune.org/ccount/click.php?id=4

Disconettiti da internet
disattiva l'antivirus
Esegui vundofix
VundoFix si chiuderà e si riaprirà da solo, una volta riaperto, clicca sul pulsante "Scan for Vundo" quando la scansione è finita, clicca sul pulsante "Remove Vundo" a questo punto ti chiederà se vuoi eliminare i files, rispondi Yes una volta cliccato su Yes, non preoccuparti se il desktop scompare, è normale dato che è iniziata la procedura di eliminazione, finito la rimozione ti chiederà se vuoi riavviare, rispondi Yes e si riavvierà il pc.
E' possibile che vundofix non riesca ad eliminare alcuni files, in questo caso, vedrai vundofix apparire al riavvio basta che premi il pulsante Remove vundo per continuare la rimozione.
Finito tutto, riavvia il pc

Avvia nuovamente il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se spariscono le icone dal desktop è normale, la scansione è piuttosto lenta)
Segui le istruzioni e alla fine verrà generato un log.

Riavvia il pc, collegati e posta questi 2 logs (copiandoli e incollandoli in un post)
C:\vundofix.txt
C:\combofix.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus

Postdi prof2000 » 22/03/08 09:13

VundoFix V7.0.3

Scan started at 8.46.30 22/03/2008

Listing files found while scanning....

C:\windows\system32\ssttt.dll
C:\windows\system32\tttss.ini
C:\windows\system32\tttss.ini2



ComboFix 08-03-14.4 - User 2008-03-22 9.00.59.5 - NTFSx86
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7c125f6.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cxejwwmo.dll
C:\WINDOWS\system32\oyycugex.dll
C:\WINDOWS\system32\qkirjahv.ini
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\vhajrikq.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-02-22 al 2008-03-22 )))))))))))))))))))))))))))))))))))
.

2008-03-22 08:46 . 2008-03-22 08:46 <DIR> d-------- C:\VundoFix Backups
2008-03-18 21:08 . 2008-03-18 21:08 34,208 --------- C:\WINDOWS\xp4dbyzv.exe
2008-03-18 21:08 . 2008-03-18 21:08 25,984 --a------ C:\WINDOWS\system32\ddcccyw.dll
2008-03-18 20:14 . 2008-03-19 14:54 1,526,422 --ahs---- C:\WINDOWS\system32\pugwrqym.ini
2008-03-17 21:16 . 2008-03-17 21:16 <DIR> d-------- C:\Programmi\CCleaner
2008-03-17 19:21 . 2008-03-18 20:13 1,526,197 --ahs---- C:\WINDOWS\system32\pikgunnb.ini
2008-03-17 19:12 . 2008-03-17 19:12 44,032 --a------ C:\WINDOWS\system32\cbxvvtq.dll
2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91223DE9-F8E6-4FFD-8889-BE6784C18696}]
2008-03-17 19:12 44032 --a------ C:\WINDOWS\system32\cbxvvtq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"= C:\WINDOWS\system32\cbxvvtq.dll [2008-03-17 19:12 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtq]
cbxvvtq.dll 2008-03-17 19:12 44032 C:\WINDOWS\system32\cbxvvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 09:08:53
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbxvvtq.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-22 9:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 08:12:20
ComboFix2.txt 2008-03-21 13:41:45
ComboFix3.txt 2008-03-17 11:13:09
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus

Postdi Luke57 » 22/03/08 16:05

Ciao, l'operazione è la stessa, l'altra volta non ti deve essere riuscita, ma la tua laconicità non permette altre congetture.

copi questo codice:

file::
C:\WINDOWS\xp4dbyzv.exe
C:\WINDOWS\system32\ddcccyw.dll
C:\WINDOWS\system32\pugwrqym.ini
C:\WINDOWS\system32\pikgunnb.ini
C:\WINDOWS\system32\cbxvvtq.dll

registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91223DE9-F8E6-4FFD-8889-BE6784C18696}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtq]


lo incolli in un file di testo che salvi e chiami obbligatoriamente CFScript.txt, poi lo trascini sull'icona di combofix per una nuova scansione.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus

Postdi prof2000 » 22/03/08 22:08

ComboFix 08-03-14.4 - User 2008-03-22 21.24.38.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.62 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\cbxvvtq.dll
C:\WINDOWS\system32\ddcccyw.dll
C:\WINDOWS\system32\pikgunnb.ini
C:\WINDOWS\system32\pugwrqym.ini
C:\WINDOWS\xp4dbyzv.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\cbxvvtq.dll
C:\WINDOWS\system32\ddcccyw.dll
C:\WINDOWS\system32\hggsoivp.dll
C:\WINDOWS\system32\joxucoad.dll
C:\WINDOWS\system32\pikgunnb.ini
C:\WINDOWS\system32\pugwrqym.ini
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\siqwqypt.dll
C:\WINDOWS\system32\tpyqwqis.ini
C:\WINDOWS\xp4dbyzv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-02-22 al 2008-03-22 )))))))))))))))))))))))))))))))))))
.

2008-03-22 08:46 . 2008-03-22 08:46 <DIR> d-------- C:\VundoFix Backups
2008-03-17 21:16 . 2008-03-17 21:16 <DIR> d-------- C:\Programmi\CCleaner
2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 21:32:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-22 21:34:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 20:34:44
ComboFix2.txt 2008-03-22 08:12:29
ComboFix3.txt 2008-03-21 13:41:45
ComboFix4.txt 2008-03-17 11:13:09
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus

Postdi prof2000 » 23/03/08 15:44

Ciao buona pasqua, ho rifatto la scansione con nod32 mi dice che ho venti virus del tipo:

Il file C:\Documents and Settings\User\Desktop\programmi\Nero 7 Premium Reloaded 7.7.5.1 ITA Completo.zip è infettato da applicazione Win32/Toolbar.AskSBar. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo.


Il file C:\QooBox\Quarantine\catchme2008-03-17_121016.96.zip è infettato da applicazione Win32/Adware.Virtumonde. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo.

Il file C:\QooBox\Quarantine\C\WINDOWS\system32\aidtlpjw.dll.vir è infettato da cavallo di troia Win32/BHO.NCC. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Impossibile disinfettare.
Il file C:\QooBox\Quarantine\C\WINDOWS\system32\efcayvt.dll.vir è infettato da applicazione Win32/Adware.Virtumonde. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Impossibile disinfettare.
Il file C:\RECYCLER\S-1-5-21-1004336348-57989841-725345543-1003\Dc2.zip è infettato da applicazione Win32/Toolbar.AskSBar. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo.
Il file C:\RECYCLER\S-1-5-21-1004336348-57989841-725345543-1003\Dc1\Nero-7.7.5.1 ITA.exe è infettato da applicazione Win32/Toolbar.AskSBar. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo.
Il file C:\System Volume Information\_restore{198C35A8-235A-4533-9021-19BE7345410C}\RP152\A0036436.dll è infettato da applicazione Win32/Adware.Virtumonde. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Impossibile disinfettare.
Il file C:\System Volume Information\_restore{198C35A8-235A-4533-9021-19BE7345410C}\RP153\A0036450.dll è infettato da cavallo di troia Win32/BHO.NCC. Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Impossibile disinfettare.

Come posso fare?
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Virus

Postdi Luke57 » 23/03/08 18:35

Ciao, i file nelle posizione quoobox sono nella quarantena di combofix, basta eliminare la quarantena medesima.
I file nella posizione Ryciclers sono nel cestino, per cui va svuotato, quelli nella cartella system volume information basta disattivare il ripristino configurazione di sistema per eliminarli (click tasto dx su risorse del computer>proprietà>ripristino configurazione di sistema, mettere la spunta a "disattiva ripristino......">OK. Poi riavviare il computer e ritogliere la spunta precedentemente immessa con la stessa procedura.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Virus

Postdi prof2000 » 25/03/08 20:04

Grazie sembra tutto a posto!
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48


Torna a Sicurezza e Privacy


Topic correlati a "Virus":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 75 ospiti