mi aiutate con questi warning ? [Archivio]

View Full Version : mi aiutate con questi warning ?

TuLKaS85

28-10-2006, 20:44

ciao, mi sapete dire se questi warning rilevati da antivir sono da preoccuparsi o normali.....

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\_cleaned.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Temp\PXR5.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Temporary Internet Files\Content.IE5\E4N3B9FA\d[2].gif
[DETECTION] Is the Trojan horse TR/Drop.Agent.NL.7
[INFO] The file was deleted!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\aJaCy.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\aMo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AmzomW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\bJZZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BnYa.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\bpSl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dhO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\doWKY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dpv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\DxYN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dYP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Eap.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eSFW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ezQm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FDyitG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\flrf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FmF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Gan.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\gaV.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\gML.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Gqjb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GTug.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\HeX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Ipk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jJtb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JYM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\kyL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LdY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mgo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ngq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Now.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\obdL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ocHiw.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PPk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rBDs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\sKrm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TTh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ugo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VeiuAr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vRhx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vTzvOu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\wEnwd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WOJ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WQr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xAl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xdi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XxNs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YXs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZMW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZVk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zZZ.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\okaa.dll
[DETECTION] Is the Trojan horse TR/Drop.Agent.NL.7
[INFO] The file was moved to '45a48900.qua'!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened

Grazie mille !!

GmG

28-10-2006, 21:03

Sei infetto da LinkOptimizer.
Leggi -> http://www.hwupgrade.it/forum/showthread.php?t=1271721

Se il tool non dovesse funzionare prova a rinominarlo.

TuLKaS85

28-10-2006, 21:13

Sei infetto da LinkOptimizer.
Leggi -> http://www.hwupgrade.it/forum/showthread.php?t=1271721

Se il tool non dovesse funzionare prova a rinominarlo.

gromozon non è il tool che rimuove quel malware che impedisce di entrare nel forum ???

GmG

28-10-2006, 21:17

Si, ma non tutte le varianti bloccano il sito.

TuLKaS85

28-10-2006, 21:18

cmq quando lancio PrevxFixGrom mi dice che il trojan non lo trova....
quindi penso sia inutile installare il tool

GmG

28-10-2006, 21:26

Prova ad usare il tool Symantec
http://securityresponse.symantec.com/avcenter/FixLinkopt.exe

Prova ad usare anche VirIT (installalo e aggiornalo)
http://www.tgsoft.it/files/vnlt6128.exe

TuLKaS85

28-10-2006, 21:50

Prova ad usare il tool Symantec
http://securityresponse.symantec.com/avcenter/FixLinkopt.exe

Prova ad usare anche VirIT (installalo e aggiornalo)
http://www.tgsoft.it/files/vnlt6128.exe

ke file hai visto dal log che ero infetto ???

cmq risultato di Fixlinkopt di symantec in modalità provvisoria

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: WebWnf (logon as: .\rab, passed filters)
service: WebWnf (file path: C:\Programmi\Windows NT\dygAgQ.exe - infected)
file: C:\Programmi\Windows NT\dygAgQ.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\WebWnf\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\WebWnf\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\WebWnf (key deleted)
reg: ...\SpecialAccounts\UserList\rab (value deleted)
folder: \\?\C:\Documents and Settings\rab (deleted)
user: rab (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 67564
The number of deleted threat files: 1
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)

TuLKaS85

28-10-2006, 22:19

riprovato a lanciare antivir questa volta non in safe mode, mi da dei warnings in quanto non riesce ad aprire certi file.... :confused: :confused:

Starting the file scan:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\_cleaned.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Temp\Perflib_Perfdata_7b0.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Temp\PXR5.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\aJaCy.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\aMo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\AmzomW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\bJZZ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\BnYa.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\bpSl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dhO.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\doWKY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dpv.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\DxYN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dYP.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Eap.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\eSFW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ezQm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FDyitG.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\flrf.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FmF.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Gan.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\gaV.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\gML.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Gqjb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GTug.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\HeX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Ipk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\jJtb.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JYM.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\kyL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LdY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mgo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ngq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Now.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\obdL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ocHiw.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\PPk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\rBDs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\sKrm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\TTh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ugo.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\VeiuAr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vRhx.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\vTzvOu.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\wEnwd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WOJ.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\WQr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xAl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xdi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\XxNs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\YXs.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZMW.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZVk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\zZZ.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\ZLT074a9.TMP
[WARNING] The file could not be opened!

End of the scan: sabato 28 ottobre 2006 23:17
Used time: 21:56 min

The scan has been done completely.

2204 Scanning directories
226848 Files were scanned
0 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1375 Archives were scanned
79 Warnings
0 Notes

juninho85

28-10-2006, 23:59

devi eliminare la cartella "windows NT" presente in c:/programmi.
per farlo ti conviene andare in modalità provvisoria,sicuramente avrai i file incriminati in esecuzione.
puliti anche i file temporanei di internet

TuLKaS85

29-10-2006, 09:35

come ci è andata a finire windows nt in programmi ?? erano tutti file infetti ?

cmq ora ho qualche warning in meno kissà se sono normali....

Starting the file scan:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\_cleaned.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Fabio\Impostazioni locali\Temp\PXR5.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!

juninho85

29-10-2006, 09:55

come ci è andata a finire windows nt in programmi ?? erano tutti file infetti ?

non è una DLL...falla analizzare qui (http://www.virustotal.com/flash/virustotal_en.html
)

TuLKaS85

29-10-2006, 10:22

non è una DLL...falla analizzare qui (http://www.virustotal.com/flash/virustotal_en.html
)

il link non funziona.... cmq la cartella windows nt l'avevo eliminata...xò sono rimasti altri warning :(

forse legati alla situazione che ho postato qui (http://www.hwupgrade.it/forum/showthread.php?p=14457634#post14457634) (log hijackthis)

juninho85

29-10-2006, 10:29

il link non funziona.... cmq la cartella windows nt l'avevo eliminata...xò sono rimasti altri warning :(

forse legati alla situazione che ho postato qui (http://www.hwupgrade.it/forum/showthread.php?p=14457634#post14457634) (log hijackthis)
il link giusto è questo (http://www.virustotal.com/flash/virustotal_en.html)

edit:mi sà che è down

prova questo (http://virusscan.jotti.org/)

TuLKaS85

29-10-2006, 21:28

uhm mi sà che non sò usarlo ...dove si fa partire la scansione ??

juninho85

29-10-2006, 22:03

uhm mi sà che non sò usarlo ...dove si fa partire la scansione ??
clicchi su sfoglia,selezioni il file poi submit....devi avere gli javascript abilitati

TuLKaS85

29-10-2006, 22:18

clicchi su sfoglia,selezioni il file poi submit....devi avere gli javascript abilitati

l'ho fatto solo per un paio di file e non ha trovato nulla....
mi scoccio di fare file x file :muro: