Condividi:        

Problema con Trojan.Downloader

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema con Trojan.Downloader

Postdi albe99 » 05/01/06 07:35

salve a tutti,
ho un problema con alcuni trojan, nonostante le scansioni di BitDefender, AdAware... :cry:

In pratica, BitDef me li riconosce, li blocca ma non li rimuove:

Trojan.Downloader.4412.B
J.S. Trojan.Downloader.IstBar.A.Adware.win
Win32.TrojanDownloader.ConHook


Spero che qualcuno possa aiutarmi... ;)
albe99
Utente Junior
 
Post: 41
Iscritto il: 04/09/05 11:19
Località: Brescia

Sponsor
 

Postdi Maxim_69 » 05/01/06 09:43

Fai un Log di HijackThis e postalo.

Ciao, Max.
Maxim_69
Utente Senior
 
Post: 497
Iscritto il: 15/12/05 12:08

Postdi albe99 » 05/01/06 17:51

Ciao maxim, ecco il log di HijackThis, anche se io non saprei da che parte guardarlo.. :undecided:

Logfile of HijackThis v1.99.1
Scan saved at 15.13.40, on 05/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00
SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender9\vsserv.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Programmi\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe
D:\Babylon\Babylon.exe
C:\Programmi\FinePixViewer\QuickDCF.exe
D:\eMule\emule.exe
D:\HijackThis.
exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\vtsqr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - d:\babylon\4_0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Service] cAp.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Babylon Client] D:\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\RunServices: [Service] cAp.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKCU\..\Run: [oquk] C:\PROGRA~1\FILECO~1\oquk\oqukm.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605690.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{90F02243-6D86-46C2-B1CB-0923C43B0E9F}: NameServer = 85.37.17.7 151.99.125.1
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\q4rqle951h.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\SYSTEM32\vtsqr.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
albe99
Utente Junior
 
Post: 41
Iscritto il: 04/09/05 11:19
Località: Brescia

Postdi Maxim_69 » 05/01/06 19:37

Disattiva ripristino configurazione e dalla modalità provvisoria Fixia le seguenti righe:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm


O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe


O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe


O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe


O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605690.exe


O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)


Vedi se queste righe le riconosci:


O15 - Trusted Zone: *.energy-factor.com

O15 - Trusted Zone: *.hardcorefantasyland.com

O15 - Trusted Zone: *.hardfootballbabes.com


Poi esegui:

Opzioni Internet>Elimina Cookie>Elimina File>Cancella cronologia


Poi sempre in provvisoria lancia AdAware & Spybot, fai una scansione Antivirus

Riavvia e se tutto è a posto riattiva Ripristino configurazione.

Rifai il Log e riposta.


Ciao, Max.
Maxim_69
Utente Senior
 
Post: 497
Iscritto il: 15/12/05 12:08

Postdi Maxim_69 » 05/01/06 19:48

Fixia anche questa:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\vtsqr.dll
Maxim_69
Utente Senior
 
Post: 497
Iscritto il: 15/12/05 12:08

Postdi albe99 » 05/01/06 20:01

eseguiro' quanto prima max.. :D
intanto grazie mille per l'interessamento..
albe99
Utente Junior
 
Post: 41
Iscritto il: 04/09/05 11:19
Località: Brescia

Postdi albe99 » 09/01/06 20:43

..mi vergogno per il ritardo.. :cry:
posto comunque il log di HijackThis nella speranza..

Logfile of HijackThis v1.99.1
Scan saved at 17.42.11, on 09/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00
SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:
\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:
\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:
\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:
\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:
\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:
\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:
\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:
\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender9\vsserv.exe
C:
\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:
\Programmi\Logitech\iTouch\iTouch.exe
C:
\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:
\Programmi\Softwin\BitDefender9\bdoesrv.exe
C:
\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:
\PROGRA~1\softwin\BITDEF~1\bdswitch.exe
D:\Babylon\Babylon.exe
C:
\Programmi\FinePixViewer\QuickDCF.exe
D:\HijackThis.exe

R0 -
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.
virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,
Default_Page_URL = http://gw.aliceadsl.it/home
R1 -
HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer fornito da Alice
R0 -
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-
7C6AB89BC441} - C:\WINDOWS\system32\vtsqr.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-
00B0D094B576} - d:\babylon\4_0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run:
[SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch
USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zBrowser Launcher] C:
\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Service] cAp.
exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 -
HKLM\..\Run: [BDOESRV] "C:\Programmi\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.
exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:
\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Babylon
Client] D:\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\RunServices:
[Service] cAp.exe
O4 - HKCU\..\Run: [oquk] C:
\PROGRA~1\FILECO~1\oquk\oqukm.exe
O4 - Global Startup: Exif Launcher.
lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup:
Microsoft Office.lnk = D:\Office\OSA9.EXE
O14 - IERESET.INF:
START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {205FF73B-CA67-
11D5-99DD-444553540013} (CInstall Class) - http://adserver.
sharewareonline.com/adserver/Install.cab
O20 - Winlogon Notify:
OptimalLayout - C:\WINDOWS\system32\n22u0cf9ef2.dll
O20 - Winlogon
Notify: vtsqr - C:\WINDOWS\SYSTEM32\vtsqr.dll
O23 - Service:
BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File
comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file
missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) -
Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA
Driver Helper Service (NVSvc) - NVIDIA Corporation - C:
\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield
(VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender9\vsserv.
exe" /service (file missing)
O23 - Service: Windows Time Sync
(wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)
O23 -
Service: BitDefender Communicator (XCOMM) - Unknown owner - C:
\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe"
/service (file missing)
albe99
Utente Junior
 
Post: 41
Iscritto il: 04/09/05 11:19
Località: Brescia


Torna a Sicurezza e Privacy


Topic correlati a "Problema con Trojan.Downloader":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 25 ospiti