Condividi:        

finestra insistente su Internet

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

finestra insistente su Internet

Postdi 19debby83 » 08/09/06 13:31

Ciao a tutti,

da qualche giorno qualunque parola che ricerco con Google mi fa aprire una finestra con scritto Looking for...........Click here to enter....

è terribile esce mille volte al giorno e non capisco cosa possa essere....


Grazie per l'aiuto
19debby83
Newbie
 
Post: 3
Iscritto il: 08/09/06 09:59

Sponsor
 

Postdi BilloKenobi » 08/09/06 14:37

ho una mezza idea

scarica hijackthis (che trovi nella mia firma) e posta il log
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi 19debby83 » 08/09/06 14:59

ecco il mio log file:

Logfile of HijackThis v1.99.1
Scan saved at 15.58.07, on 08/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spupdsvc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\spnpinst.exe
C:\Programmi\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fabrizio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {9BA984A3-BD59-87AC-1969-433F22D581D5} - C:\WINDOWS\ntfvq1.dll (file missing)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmi\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{855107F5-27E9-40B1-80EB-54AA11EB326A}: NameServer = 85.37.17.41 85.38.28.83
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programmi\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programmi\Trend Micro\PC-cillin 2002\Tmntsrv.exe
19debby83
Newbie
 
Post: 3
Iscritto il: 08/09/06 09:59

Postdi BilloKenobi » 08/09/06 15:08

infatti....

inizia con questo tool di rimozione

http://www.prevx.com/gromozon.asp
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi Luke57 » 08/09/06 15:08

Ciao, scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 08/09/06 15:25

Ciao, allora fai così:
1) Esegui il too consigliato da billo kenobi, lo esegui con le applicazioni e programmi chiusi, al iavvio del computer sarà effettuato lo scan delle restanti cartelle di windows. Incolla in un post il report dello scan
2) esegui i due log di Gmer

3)Posti il report dello scan del tool + i due log di GMer (così ci rendiamo conto).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi 19debby83 » 09/09/06 09:15

ho fatto la scansione con gromozon removal e vi posto il log

Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINDOWS\com5.uda
\\?\C:\WINDOWS\com5.uda
Resetting file permissions...
Clearing attributes...
Accesso negato - C:\_cleaned.tmp
Removing file...
C:\_cleaned.tmp
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINDOWS
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\39E.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\3B4.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\3B8.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\3DD.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fa.ocx
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FreeAccess.ocx
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\FreeAccess.ocx
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\FreeAccess.ocx
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Downloaded Program Files\fa.ocx
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Downloaded Program Files\FreeAccess.ocx
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\ntfvq1.dll
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\system32\qjaa.dll
Removed!
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\AAZ.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\BhN.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\dez.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\dLP.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Eht.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\esm.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\EYJ.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\fjJ.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\FKCl.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Fpmoeu.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\FVb.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\fZG.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\gFfWT.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\GSa.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\gsv.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\hGp.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\hjC.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\hnnji.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\IiT.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\iSqhrH.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\jCgj.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Joy.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\jSp.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\kcH.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\kEv.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\kKzo.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\kpkPwW.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\mGq.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\MRJwqa.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Mxq.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\mXUytN.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\nlbe.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\nnB.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\oCr.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\oJdIaP.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\oPe.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\orM.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\peZoI.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\pPs.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\pUh.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Qfg.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\ray.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\rCZXmi.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\rJjQeA.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\rmt.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\rOM.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\ROz.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\RpV.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\rsI.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\RtK.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\RVC.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\rVx.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\sLKFFv.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\SLSf.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\sNJLd.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\ThZQvP.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\tyg.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\UAE.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Uey.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\uTg.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\UXsBbJ.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\vxo.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\WNlrn.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\XFpU.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Xktpy.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\YBc.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\YNlakg.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\Zby.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM
Removing protected file: C:\Programmi\File comuni\System\ZcJCEs.exe
Removing directory: C:\Documents and Settings\\iuMpDnxgdM


Trojan.Gromozon Removed!



L'unico problema è che non riesco assolutamente ad aprire gmer.exe pur avendolo decompattato.......
19debby83
Newbie
 
Post: 3
Iscritto il: 08/09/06 09:59

Postdi Luke57 » 09/09/06 09:53

Ciao, prova a rinominare il file gmer.exe, ad esempio extract.exe.
Il tool ha dato una bella ripulita, apri hiajckthis, premi open the misc tools section", "open unistall manager", cerchi le voci Linkoptimizer e Connection services, se ci sono le evidenzi e premi "delete this entry".
Posta un altro log di hiajckthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi BilloKenobi » 09/09/06 11:22

quel tool è eccezionale. con le versioni con lui compatibili toglie tutto, ma proprio tutto
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05


Torna a Sicurezza e Privacy


Topic correlati a "finestra insistente su Internet":


Chi c’è in linea

Visitano il forum: Nessuno e 117 ospiti