View Full Version : Forse virus, help: "BitTorrent-4.0.4.exe"
Matrixbob
07-11-2005, 13:26
Volevo installare il simpatico bit torrent, ma dopo 1 msg che aveva a che fare col 16bit/32bit di Winzoz, non riesco + a rimuoverlo:
http://img493.imageshack.us/img493/1799/virus6ia.gif
Kaspersky non dice nulla .... :rolleyes:
http://img493.imageshack.us/img493/9881/virus28lt.gif
juninho85
07-11-2005, 13:32
a guardare l'icona del programma sembrerebbe o un download corrotto,oppure un virus come hai detto te...sicuro che il file non sia ancora in esecuzion?:)
andorra24
07-11-2005, 13:36
Volevo installare il simpatico bit torrent, ma dopo 1 msg che aveva a che fare col 16bit/32bit di Winzoz, non riesco + a rimuoverlo:
http://img493.imageshack.us/img493/1799/virus6ia.gif
Kaspersky non dice nulla .... :rolleyes:
[/IMG]
Se vuoi rimuovere quel file prova con killbox:http://www.bleepingcomputer.com/files/killbox.php
Matrixbob
07-11-2005, 13:36
a guardare l'icona del programma sembrerebbe o un download corrotto,oppure un virus come hai detto te...sicuro che il file non sia ancora in esecuzion?:)
http://img380.imageshack.us/img380/6606/virus32cz.gif
Download corrotto, puņ esserlo, ma come lo elimino allora?!
juninho85
07-11-2005, 13:40
http://img380.imageshack.us/img380/6606/virus32cz.gif
Download corrotto, puņ esserlo, ma come lo elimino allora?!
se si tratta veramente di un download corrotto dovresti rimuoverlo senza troppi grattacapi
Matrixbob
07-11-2005, 13:46
Azz e questo?! :mbe: :mc:
http://img243.imageshack.us/img243/7615/dadan6re.gif
juninho85
07-11-2005, 13:48
Azz e questo?! :mbe: :mc:
http://img243.imageshack.us/img243/7615/dadan6re.gif
ahia.....scan con ewido aggiornato e log di hijackthis :D
Matrixbob
07-11-2005, 15:08
ahia.....scan con ewido aggiornato e log di hijackthis :D
Allora ho passato "Kaspersky" e qualcosa mi ha rimosso, dopo di che "a-squared" ed infine "hijackthis_199" sembra non trovare nulla di sospetto:
Logfile of HijackThis v1.99.1
Scan saved at 15.06.30, on 07/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
c:\programmi\internet explorer\iexplore.exe
C:\Programmi\FlashGet\flashget.exe
C:\Documents and Settings\bob\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130763009411
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD6C5D2E-2714-4A65-AC32-3773C21E1D55}: NameServer = 212.216.112.112 212.216.172.62
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Dovrei essere pulito cosa dite?!
Matrixbob
07-11-2005, 15:11
Naturalmente avevo provato a passare "Spybot S&D" e "Adaware di Lavasoft" senza che mi dicessero nulla di anomalo.
Stereogab
07-11-2005, 15:14
infatti il log č ok
questa puoi fixarla
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
juninho85
07-11-2005, 15:23
il log č ok :D
vBulletin® v3.6.4, Copyright ©2000-2026, Jelsoft Enterprises Ltd.