Ciao a tutti, sono un nuovo arrivato. Da qualche mese ho a che fare con qualche problema nel mio pc dopo averlo prestato a mio fratello (non ho idea che siti ha visitato...), vi chiederei gentilmente di aiutarmi.
Ho effettuato una scansione con VirIT eXplorer Lite questo è il file log, purtroppo avendo già usato il programma in passato anche se reinstallato riconosce che il periodo di prova e trascorso e non consente di eliminare i file infetti:
06/11/2006 - 19:44:55

[SCANSIONE DEL REGISTRO]
{f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\SYSTEM\msorcljv.cnt Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\studg.ini Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\ypaa.dll Infetto da BHO.Agent.BM
C:\WINDOWS\SYSTEM\sqlsrdui.txt Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\cp_125z.nls Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\msorclgv.cnt Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\vgafuls.3gr Infetto da Trojan.Win32.RootKit.N
C:\WINDOWS\SYSTEM\tbm53df.tmp Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\SYSTEM\licensk.txt Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\SYSTEM\stdole3l.tlb Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\SYSTEM\stdole3u.tlb Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\Desktop\backups\backup-20061102-183734-787-oomtdpy.exe Infetto da Trojan.Win32.Small.NP
C:\WINDOWS\Desktop\backups\backup-20061102-183756-956-oomtdpy.exe Infetto da Trojan.Win32.Small.NP
C:\WINDOWS\384217362.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\46241234110.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\1799736160.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\5241.TMP Infetto da BHO.Agent.BM
C:\WINDOWS\hostb.sam Infetto da Trojan.Win32.RootKit.P
C:\WINDOWS\163126122171.exe Infetto da Trojan.Win32.Small.NE
C:\WINDOWS\820175.exe Infetto da Trojan.Win32.Small.NE
C:\Programmi\File comuni\SERVICES\wdshFQm.exe Infetto da Trojan.Win32.Agent.AHW
C:\Uninstall.exe Infetto da Trojan.Win32.Small.NE

Chiavi Registro infette: 1.
Files Infetti: 22.
Files Sospetti: 0.
Files Analizzati: 36806.
Files Totali: 36806.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.





ho fatto una scansione HijackThis e vi invio il logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16.08.27, on 07/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRAMMI\FILE COMUNI\{37E21228-0000-1040--0027}\888BAR.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_ansi.cab

Inoltre ho effettuato una scansione online con Kaspersky,ecco il risultato:

martedì 7 novembre 2006 15.43.28
Operating System: Microsoft Windows 98 SE
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/11/2006
Kaspersky Anti-Virus database records: 238846


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\WINDOWS\

Scan Statistics
Total number of scanned objects 40122
Number of viruses found 10
Number of infected objects 74 / 0
Number of suspicious objects 0
Duration of the scan process 01:47:11

Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM\msorcljv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\studg.ini Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\ypaa.dll Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\SYSTEM\sqlsrdui.txt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\cp_125z.nls Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\msorclgv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\vgafuls.3gr Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A242.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\C075.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4125.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\E295.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\40F1.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4112.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A082.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\WIN386.SWP Object is locked skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/web.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip ZIP: infected - 5 skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/web.exe Infected: Trojan.Win32.Agent.rx skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip ZIP: infected - 5 skipped

C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\MSHist012006110720061108\index.dat Object is locked skipped

C:\WINDOWS\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\WINDOWS\40E6.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\IH51E0.TMP Infected: Trojan.Win32.Diamin.cr skipped

C:\WINDOWS\384217362.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\46241234110.exe Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\1799736160.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\5241.TMP Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\E274.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\WINDOWS\~setuptmp0\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\~setuptmp0\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\WINDOWS\SYSTEM\msorcljv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\studg.ini Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\ypaa.dll Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\SYSTEM\sqlsrdui.txt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\cp_125z.nls Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\msorclgv.cnt Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\SYSTEM\vgafuls.3gr Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A242.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\C075.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4125.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\E295.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\40F1.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\4112.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\TEMP\A082.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\WIN386.SWP Object is locked skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip/web.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-6e8ff6ab-64c75916.zip ZIP: infected - 5 skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Counter.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Worker.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/Xeyond.class Infected: Trojan.Java.Femad skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip/web.exe Infected: Trojan.Win32.Agent.rx skipped

C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-65a63229-39f0f723.zip ZIP: infected - 5 skipped

C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Cronologia\History.IE5\MSHist012006110720061108\index.dat Object is locked skipped

C:\WINDOWS\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\WINDOWS\40E6.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\IH51E0.TMP Infected: Trojan.Win32.Diamin.cr skipped

C:\WINDOWS\384217362.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\46241234110.exe Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\1799736160.exe Infected: Packed.Win32.PolyCrypt.a skipped

C:\WINDOWS\5241.TMP Infected: Trojan-Clicker.Win32.Small.mf skipped

C:\WINDOWS\E274.TMP Infected: not-a-virus:AdWare.Win32.LinkOptimizer.a skipped

C:\WINDOWS\~DFBC3A.TMP Object is locked skipped

C:\WINDOWS\~WRD0000.doc Object is locked skipped

C:\WINDOWS\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\WINDOWS\~WRS0002.tmp Object is locked skipped

C:\WINDOWS\~setuptmp0\upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\~setuptmp0\cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

Scan process completed.


grazie a tutti e in particolare chi mi vorrà aiutare

Benvenuto nel forum... :)

x il linkoptimizer c'è già un thread in rilievo poco + su...:

http://www.hwupgrade.it/forum/showthread.php?t=1271721


anche se ti sei già giocato la carta VirIt, prova con il tool di rimozione della prevx.

ciao

Ciao y4mon ti ringrazio per il tuo aiuto e per il tempo che mi stai dedicando.
Purtroppo i tool Prevx non fungono ...Gromozon removal tool mi risponde che non gira su windows 98SE e se provo ad installare InstallPREVX102000337 mi appare il msg d'errore che il PXSETUP.EXE che mi comunica che è collegato all'esportazione mancante KERNEL32.DLL:Process32NextW. come mi è capitato con FixLinkopt che è collegato all'esportazione mancante NETAPI32.DLL:NetUserDel
...non capisco se non girano su 98 o se sto cornuto non mi consente d'installarli!! :doh: ...incomincio a dubbitare di riuscire ad eliminarlo :doh:

grazie a tutti coloro che mi daranno qualche dritta per riuscire a risolvere.Ciccio

Non sono un esperto di Hijack ma senz'altro fixerei:


O2 - BHO: 888Bar

e

O3 - Toolbar

poi puoi provare ad eliminare magari con Avenger se non te lo fa fare in altro modo tutti i files indicati dal log di VirIt.

Purtroppo anch'io ho avuto problemi col pc di un amico che aveva ME, visto che molti tools non funzionavano, alla fine ho risolto proprio con VirIt.

Per adesso prova come ti ho detto e attendi aiuto da qualcuno + esperto.

ciao

Ciao y4mon innanzitutto ti voglio ancora ringraziare per il tuo aiuto e per la tua disponibilità ...credo che il grosso sia risolto infatti,grazie all'aiuto avuto da utenti più esperti in vari forum, ho eliminato un pò di munnizza che avevo dentro al mio pc ed ora sembra che vada bene!!! ...anche se noto ancora qualche anomalia tipo una cartella di nome "Links" che mi si continua a ricreare tra i preferiti anche quando la cancello (...ma potrebbe crearla l'antivirus?? al momento ho installato nod32!!) :help: oppure ogni tanto capita anche che quando spengo il pc senza prima staccare la connessione da internet un msg che mi avverte che 1 o più utenti sono connessi al pc e che spegnendolo questi verranno disconnessi :help: o alcuni programmi tipo XoftSpy che non riesco ad installare perchè mi dice che sono già installati anche se non ci sono!!! :help:

....virit non rileva più nessuna infezione mentre questo è il Logfile of HijackThis v1.99.1
Scan saved at 11.57.20, on 15/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\VEXPLITE\MONLITE.EXE
C:\PROGRAMMI\UNLOCKER\UNLOCKERASSISTANT.EXE
C:\PROGRAMMI\ESET\NOD32KUI.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\PROGRAMMI\UNLOCKER\UNLOCKERASSISTANT.EXE"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Programmi\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...ebscan_ansi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab

Ciao e ancora mille volte grazie!! Ciccio