aiutooo ragazzi cosa devo far per eliminare quest'incubo di .www.xbeta69.com .... ieri secure 32 oggi questo mi sa tanto che dovrò proteggermi in qualche modo anche se mi sa tanto che un po di colpa è di windows ME... aiutooooooo

Posta un log di hijackthis.

Naviga con firefox e fai l'immunizzazione con SpywareBlaster.

lo so che alla fine non mi aiuterete + ma questi malware sono un incubo ... grazie di nuovo

Logfile of HijackThis v1.99.1
Scan saved at 20.17.27, on 01/04/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWSB\SYSTEM\KERNEL32.DLL
C:\WINDOWSB\SYSTEM\MSGSRV32.EXE
C:\WINDOWSB\SYSTEM\MPREXE.EXE
C:\WINDOWSB\SYSTEM\STIMON.EXE
C:\WINDOWSB\SYSTEM\mmtask.tsk
C:\WINDOWSB\SYSTEM\MSTASK.EXE
C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWSB\EXPLORER.EXE
C:\WINDOWSB\TASKMON.EXE
C:\WINDOWSB\SYSTEM\SYSTRAY.EXE
C:\WINDOWSB\SYSTEM\RMCTRL.EXE
C:\WINDOWSB\SYSTEM\SVCHOST.EXE
C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE
C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE
C:\WINDOWSB\RUNDLL32.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\WINDOWSB\SYSTEM\WMIEXE.EXE
C:\WINDOWSB\SYSTEM\TAPISRV.EXE
C:\ESM2\STMS.EXE
C:\ESM2\EBRR.EXE
C:\WINDOWSB\SYSTEM\PSTORES.EXE
C:\WINDOWSB\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\SKYPE\PHONE\SKYPE.EXE
C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.xbeta69.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWSB\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe
O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWSB\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWSB\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\PROGRAMMI\FCADVICE\FCADVICE.DLL

Fixa:

C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.xbeta69.com
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [lich] lich.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\PROGRAMMI\FCADVICE\FCADVICE.DLL

Per eliminare questo malware sgrunt se ti interessa esiste anche un piccolo tool che sarebbe questo:
http://www.francydelorenzi.it/component/option,com_remository/Itemid,49/func,download/filecatid,105

mi dice che è impossibile fixare le seguenti lines:
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

questo è il nuovo log

Logfile of HijackThis v1.99.1
Scan saved at 21.39.31, on 01/04/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWSB\SYSTEM\KERNEL32.DLL
C:\WINDOWSB\SYSTEM\MSGSRV32.EXE
C:\WINDOWSB\SYSTEM\MPREXE.EXE
C:\WINDOWSB\SYSTEM\mmtask.tsk
C:\WINDOWSB\SYSTEM\MSTASK.EXE
C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWSB\EXPLORER.EXE
C:\WINDOWSB\TASKMON.EXE
C:\WINDOWSB\SYSTEM\SYSTRAY.EXE
C:\WINDOWSB\SYSTEM\RMCTRL.EXE
C:\WINDOWSB\SYSTEM\SVCHOST.EXE
C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE
C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE
C:\WINDOWSB\RUNDLL32.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\WINDOWSB\SYSTEM\WMIEXE.EXE
C:\WINDOWSB\SYSTEM\TAPISRV.EXE
C:\ESM2\STMS.EXE
C:\ESM2\EBRR.EXE
C:\WINDOWSB\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWSB\SYSTEM\STIMON.EXE
C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe
O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWSB\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dai.exe

c'e' ancora tutto...
togli sgrunt col tool indicato da andorra
fallo da modalità provvisoria disattivando prima il ripristino conf di sistema

Usa il tool per sgrunt in modalita' provvisoria e gia' che sei in modalita' provvisoria ripeti il fix con hijackthis.

Le voci da fixare sono queste:

C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dai.exe

... fatto ma continua a non fixare la line 10 ......!!! bhoooo !!!!

... fatto ma continua a non fixare la line 10 ......!!! bhoooo !!!!
Ma hai provato in modalita' provvisoria?