Ciao a tutti!
Spybot ha rilevato il virus rsvchost.exe in WINDOWS
NON RIESCO A DEBELLARLO :cry: :cry: :cry:
ne con symantec, ne con spybot, ne con stinger

AIUTOOOOOO!!!!!
come posso fare?? si continuano ad aprire explorer :muro:

presumo che hai XP con SP2 come SO?

prima devi disabilitare il ripristino di sistema....nel 3d ufficiale di Hijacthis trovi tutto....dopo posta il log di Hijackthis e proviamo toglierlo...

cmq che antivirus usi?

di che malware si tratta???

mi puoi mandare il file rsvchost.exe al mio indirizzo inviaqui@email.it???


ciao

presumo che hai XP con SP2 come SO?

prima devi disabilitare il ripristino di sistema....nel 3d ufficiale di Hijacthis trovi tutto....dopo posta il log di Hijackthis e proviamo toglierlo...

cmq che antivirus usi?

OK fatto
allora ho un XP SP1

ecco il log di Hijackthis:

Logfile of HijackThis v1.99.0
Scan saved at 21.37.10, on 01/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\rsvchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programmi\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
C:\WINDOWS\System32\csrssv.exe
C:\WINDOWS\System32\taskmnegr.exe
C:\windows\mrjj.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\internetexplorer64.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.562\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service] mssmsgs.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [NIW\] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [rgor] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [internetexplorer64] C:\WINDOWS\System32\internetexplorer64.exe
O4 - HKLM\..\RunServices: [Service] mssmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1168352.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C10A521-C655-4333-B675-8FDBE4B347E8}: NameServer = 85.37.17.44 151.99.125.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

AIUTO...

Fixa:
C:\WINDOWS\rsvchost.exe
C:\WINDOWS\System32\csrssv.exe
C:\WINDOWS\System32\taskmnegr.exe
C:\windows\mrjj.exe
C:\WINDOWS\System32\internetexplorer64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Service] mssmsgs.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [NIW\] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [rgor] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [internetexplorer64] C:\WINDOWS\System32\internetexplorer64.exe
O4 - HKLM\..\RunServices: [Service] mssmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1168352.exe

Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe

Fixa:
C:\WINDOWS\rsvchost.exe
C:\WINDOWS\System32\csrssv.exe
C:\WINDOWS\System32\taskmnegr.exe
C:\windows\mrjj.exe
C:\WINDOWS\System32\internetexplorer64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [NIW\] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [rgor] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [internetexplorer64] C:\WINDOWS\System32\internetexplorer64.exe
O4 - HKLM\..\RunServices: [Service] mssmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1168352.exe

Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe

scusami andorra24 devo segnalarti che hai a che fare con una alle prime armi con il PC... :fagiano:
cosa devo fare? :help:

Metti la spunta nella casellina accanto a tutte le voci che ti ho indicato di eliminare e dopo aver chiuso tutte le finestre aperte, tra cui il browser, premi ''fix checked''. Fai anche la scansione con ewido come ti ho consigliato nel post precedente.

fatto...però mi sa che ci sono ancora problemi
sto facendo la scansione con ewido
devo eliminare tutti i file segnalati? :confused:

fatto...però mi sa che ci sono ancora problemi
sto facendo la scansione con ewido
devo eliminare tutti i file segnalati? :confused:
Si eliminali, tanto ewido ti fa il backup di ogni cosa che elimina.