Condividi:        

non riesco a eliminare un trojan con avira e avast

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

non riesco a eliminare un trojan con avira e avast

Postdi muffo » 11/08/07 21:42

ciao ragazzi, ho un problemino:
TR/Click.Small.KJ.1666
Avira mi trova sempre questo trojan, non riesce a eliminarlo e si blocca tutto, avast ugualmente...

vi posto il logfile di hijack:
Logfile of HijackThis v1.99.1
Scan saved at 21.39.58, on 11/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
F:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\Programmi\MSN Messenger\MsnMsgr.Exe
F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Programmi\Google\Google Updater\GoogleUpdater.exe
F:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
F:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\AntiVir PersonalEdition Classic\sched.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Programmi\MSN Messenger\usnsvc.exe
F:\Programmi\Internet Explorer\iexplore.exe
F:\Documents and Settings\Nicola Pillai\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - F:\Documents and Settings\Nicola Pillai\811192028.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] F:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "F:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [STICAP] F:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Google Updater.lnk = F:\Programmi\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9562E94C-5B7F-429C-88FE-E023B9472F64}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 18:54

Sponsor
 

Postdi SkunkWorks 68 » 11/08/07 21:57

La stringa incriminata è questa:
"O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - F:\Documents and Settings\Nicola Pillai\811192028.dll"
E' da fixare da provvisoria e con il ripristino configurazione disabilitato.
Cercare se presente ed eliminare(con il cerca di Windows,abilitato anche sui files nascosti e di sistema):"811192028.dll".
Cosa importantissima,aggiornare il sistema al SP 2 e successive patches.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 09:55

Postdi Inox » 12/08/07 15:14

eliminalto in modalità provvisoria.

all'avvio del Pc , premi ripetutamente F8 , e nella schermata delle opzioni , scegli appunto "Modalità Provvisoria".
Una volta dentro , rileva ed elimina il file.
Immagine
#.:Msn Connect Nvidia °Powered
*HD500gb - play.:.:.
Inox
Utente Junior
 
Post: 94
Iscritto il: 12/08/07 14:53
Località: c:\windows\system32

Postdi Mikele46 » 12/08/07 15:31

Avira mi trova sempre questo trojan, non riesce a eliminarlo e si blocca tutto, avast ugualmente..


mica hai 2 antivirus????...è inutile e controproducente...basta averne 1
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 16:16
Località: Napoli

Postdi muffo » 13/08/07 17:23

Ragazzi non ho fatto praticamente niente perchè quella stringa non c'era più e il file non l'ho trovato...
come antivirus ho tenuto avast, avira l'ho disinstallato
ecco il nuovo logfile:

Logfile of HijackThis v1.99.1
Scan saved at 17.21.55, on 13/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Alwil Software\Avast4\setup\avast.setup
F:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\Programmi\MSN Messenger\MsnMsgr.Exe
F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Programmi\Google\Google Updater\GoogleUpdater.exe
F:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
F:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\MSN Messenger\usnsvc.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Nicola Pillai\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] F:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [STICAP] F:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Google Updater.lnk = F:\Programmi\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9562E94C-5B7F-429C-88FE-E023B9472F64}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 18:54

Postdi Mikele46 » 13/08/07 20:40

prima di tutto devi aggiornare Ie alla ersione 7.0 oppure usare FireFox...un browser ottimo

poi scarica l'ultima versione di hijackthis da questo sito


ed elimina questo....

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


poi fai una scansione con s...scaricabile spybot scaricabile sempre da questo sito
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 16:16
Località: Napoli

Postdi Mikele46 » 13/08/07 20:42

comunque per sicurezza dai un'occhiata qui...

http://www.suspectfile.com/forum/viewtopic.php?p=12031
Immagine
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 16:16
Località: Napoli

Postdi muffo » 14/08/07 15:57

come browser uso firefox, fatto tutto ho scaricato l'ultima versione di hijack e cancellata quella stringa, vi posto il nuovo lofile
da dove scarico quel programma che mi hai detto spybot? puoi mandarmi il link? grazie...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.57.10, on 14/08/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\Programmi\MSN Messenger\MsnMsgr.Exe
F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Programmi\Google\Google Updater\GoogleUpdater.exe
F:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
F:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\MSN Messenger\usnsvc.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Nicola Pillai\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] F:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [STICAP] F:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] F:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = F:\Programmi\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9562E94C-5B7F-429C-88FE-E023B9472F64}: NameServer = 213.205.36.70 213.205.32.70
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4064 bytes
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 18:54

Postdi laster » 14/08/07 21:32

L'OTTIMISMO E' IL PROFUMO DELLA VITA!!!
laster
Utente Junior
 
Post: 42
Iscritto il: 10/12/06 23:18
Località: forlì


Torna a Sicurezza e Privacy


Topic correlati a "non riesco a eliminare un trojan con avira e avast":

Un file da eliminare?
Autore: AALL
Forum: Software Windows
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti