View Full Version : [NOD:W32.tenga/gen] Il ritorno...
Sajiuuk Kaar
06-12-2007, 15:52
Tempo fa mi avevate detto che, per toglierlo oramai era necessario formattare inquanto nessun mezzo la'veva respinto. Ora: ho formattato ed ho adoperato tutte le possibili precauzioni che mi avevate suggerito. Però è entrato lo stesso. Con firewall. Con antivirus. Con TUTTO.
A quanto pare il format è servito a poco ed installare outpost suite anche.
Come al solito NESSUN PROGRAMMA l'ha rilevato. Quando è entrato? Ieri ho scaricato e-mule, oggi lo ho AVVIATO per la prima volta. Ora, magari è,un'impressione miam ma il file originale che si scarica da emule-project.net secondo me è già infetto... Quando l'ho avviato 5 minuti fa l'HD ha iniziato a ravanare. L'ho ista terminato ma ha corrotto i file in _restore. come al solito ho disattivato il ripristino per evitare infezione mastodontica. Ora ho rifatto la scansione e non ce n'è più traccia. Però la situazione è pesante... Se il file eseguibile di e-mule che danno da scaricare è già infetto si potrebbe diffondere un'infezione colossale...:muro: questa è la conclusione a cui sono giunto. scaricate dal sito l'ultima versione, avviatela, fate una scansione con l'online scanner di kaspersky e fatemi sapere se ho visto giusto plz. :help:
Riverside
06-12-2007, 16:15
Domanda: ma non siete davvero capaci di usare la funzione cerca sul Forum prima di aprire tremila discussioni sullo stesso tema?.
Tra l'altro, proprio in questa sottosezione, è già in corso una discussione sul problema Tenga (ora non mi dire che oltre a non saper fare una ricerca, ti sei dimenticato li di leggere):
http://www.hwupgrade.it/forum/showthread.php?p=19987555#post19987555
Sajiuuk Kaar
06-12-2007, 19:20
Domanda: ma non siete davvero capaci di usare la funzione cerca sul Forum prima di aprire tremila discussioni sullo stesso tema?.
Tra l'altro, proprio in questa sottosezione, è già in corso una discussione sul problema Tenga (ora non mi dire che oltre a non saper fare una ricerca, ti sei dimenticato li di leggere):
http://www.hwupgrade.it/forum/showthread.php?p=19987555#post19987555
No, la so fare ma era abbastanza tanto troppo bumping e va contro la netiquette...
Comunque ecco cos'è riuscito a fare quel merdone di virus in 3 secondi... ripeto: *IN 3 SECONDI*
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 06, 2007 8:08:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/12/2007
Kaspersky Anti-Virus database records: 474005
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 130779
Number of viruses found 3
Number of infected objects 29
Number of suspicious objects 0
Duration of the scan process 02:35:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\cert8.db Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\history.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\key3.db Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\parent.lock Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\search.sqlite Object is locked skipped
C:\Documents and Settings\IceThorn\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Cronologia\History.IE5\MSHist012007120620071207\index.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\pasquake@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\pasquake@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\xdewmlxs.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Temp\Perflib_Perfdata_764.dat Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Temp\~DFE23E.tmp Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Temp\~DFE24C.tmp Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Temp\~DFF47C.tmp Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Temp\~DFF4AB.tmp Object is locked skipped
C:\Documents and Settings\IceThorn\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\IceThorn\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\IceThorn\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{303D1977-6142-4B6B-81D1-0A709DE9255F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\AstroPop Deluxe\AstroPop Deluxe\AstroPop.exe Object is locked skipped
D:\AstroPop Deluxe\AstroPop.exe Object is locked skipped
D:\AstroPop Deluxe\WinAP.exe Object is locked skipped
D:\carma2\carma2.exe Object is locked skipped
D:\carma2\CARMA2_HW.EXE Object is locked skipped
D:\carma2\Carma2_SW.exe Object is locked skipped
D:\carma2\clokspl.exe Object is locked skipped
D:\Dawn of War - Dark Crusade\BugReport\BugReport.exe Object is locked skipped
D:\Dawn of War - Dark Crusade\DarkCrusade.exe Object is locked skipped
D:\Dawn of War - Dark Crusade\GraphicsConfig.exe Object is locked skipped
D:\Dawn of War - Dark Crusade\W40k.exe Object is locked skipped
D:\Dawn of War - Dark Crusade\W40kWA.exe Object is locked skipped
D:\Dethkarz\Dethkarz.exe Object is locked skipped
D:\Dethkarz\Uninstall.exe Object is locked skipped
D:\Dominion\dominion.exe Object is locked skipped
D:\Globulation 2\glob2.exe Object is locked skipped
D:\Globulation 2\glob2win32-uninst.exe Object is locked skipped
D:\Heavy Weapon Deluxe\Heavy Weapon Deluxe.exe Object is locked skipped
D:\Internet Download Manager\IDMan.exe Object is locked skipped
D:\Internet Download Manager\Uninstall.exe Object is locked skipped
D:\IsoBuster\Help\AHlp.exe Object is locked skipped
D:\Magic The Gathering - Battlegrounds\SYSTEM\MTGBattlegrounds.exe Object is locked skipped
D:\Quake III Arena\Check for Quake III Arena Updates.exe Object is locked skipped
D:\Quake III Arena\Extras\cs\sysinfo.exe Object is locked skipped
D:\Quake III Arena\Extras\glsetup.exe Object is locked skipped
D:\Quake III Arena\quake3.exe Object is locked skipped
D:\Quake III Arena\quake3mod.exe.lnk Object is locked skipped
D:\Quake III Arena\Radiant-1.4\bspc.exe Object is locked skipped
D:\Quake III Arena\Radiant-1.4\q3data.exe Object is locked skipped
D:\Sacred\Config.exe Object is locked skipped
D:\Sacred\GameServer.exe Object is locked skipped
D:\Sacred\sacred.exe Object is locked skipped
D:\Sacred\TraFX.exe Object is locked skipped
D:\SpellForce\SpellForce 2 - Shadow Wars\FirewallCfg.exe Object is locked skipped
D:\SpellForce\SpellForce 2 - Shadow Wars\protect.exe Object is locked skipped
D:\SpellForce\SpellForce 2 - Shadow Wars\SF2Editor.exe Object is locked skipped
D:\SpellForce\SpellForce 2 - Shadow Wars\SpellForce2.exe Object is locked skipped
D:\SpellForce\SpellForce 2 - Shadow Wars\UNWISE.EXE Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0001010.EXE Infected: Virus.Win32.Tenga.a skipped
D:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0001062.exe Infected: Virus.Win32.Tenga.a skipped
D:\Tumiki fighters\tf.exe Object is locked skipped
D:\Virtual Midi Keyboard\INSTALL.LOG Object is locked skipped
D:\Virtual Midi Keyboard\Manual\back.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\bullet.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\forward.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\index.htm Object is locked skipped
D:\Virtual Midi Keyboard\Manual\keyboard_commands.htm Object is locked skipped
D:\Virtual Midi Keyboard\Manual\key_assign.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\main_window.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\main_window.htm Object is locked skipped
D:\Virtual Midi Keyboard\Manual\register.htm Object is locked skipped
D:\Virtual Midi Keyboard\Manual\settings.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\settings_dialog.htm Object is locked skipped
D:\Virtual Midi Keyboard\Manual\splash_screen.gif Object is locked skipped
D:\Virtual Midi Keyboard\Manual\warranty.htm Object is locked skipped
D:\Virtual Midi Keyboard\Settings.ini Object is locked skipped
D:\Virtual Midi Keyboard\Uninstall.dat Object is locked skipped
D:\Void\baseq3\fixpak.pk3 Object is locked skipped
D:\Void\cncs232.dll Object is locked skipped
D:\Void\KeyCheckDLL.dll Object is locked skipped
D:\Void\server.cfg Object is locked skipped
D:\Void\servercache.dat Object is locked skipped
D:\Zuma Deluxe\PopUninstall.exe Object is locked skipped
D:\Zuma Deluxe\Zuma.exe Object is locked skipped
E:\preformat\Pstools.rar/Pstools/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.153 skipped
E:\preformat\Pstools.rar RAR: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000765.exe Infected: not-a-virus:RiskTool.Win32.PsExec.153 skipped
E:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000864.exe Infected: Virus.Win32.Tenga.a skipped
E:\System Volume Information\_restore{C055CDBA-8770-4AB4-BA84-4A710F4AEEE1}\RP133\A0032194.exe Infected: not-a-virus:RiskTool.Win32.PsExec.153 skipped
E:\utilita'\directx_9c_redist.exe Infected: Virus.Win32.Tenga.b skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000820.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000946.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000947.EXE Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000948.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000949.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000950.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000951.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000952.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000953.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000954.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000955.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000956.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000957.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000958.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000959.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000960.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000961.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000962.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000963.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000964.exe Infected: Virus.Win32.Tenga.a skipped
F:\System Volume Information\_restore{4BC4513F-5660-4CC7-BFC1-564A6B2CB020}\RP1\A0000968.exe Infected: Virus.Win32.Tenga.a skipped
G:\System Volume Information\MountPointManagerRemoteDatabase
Riverside
06-12-2007, 22:57
No, la so fare .........
:mbe: chiedo venia .... non sapevo che la funzione Cerca ed il verificare se, per caso, sul forum, ci fossero altre discussione aperte sul forum fosse
...... abbastanza tanto troppo bumping e va contro la netiquette...
Comunque ecco cos'è riuscito a fare quel merdone di virus in 3 secondi... ripeto: *IN 3 SECONDI*
Tre secondi??? :mbe: guarda che combinazione: lo stesso tempo che serve a me per segnalare la questione al Moderatore di Sezione.
P.S.: qui non conta se sia troppo bumping e contro la netiquette: conta che sia in linea con quelle che sono le Regole di Sezione.
Segnalato al Moderatore di Sezione, per i provvedimenti di compentenza
xcdegasp
06-12-2007, 23:11
No, la so fare ma era abbastanza tanto troppo bumping e va contro la netiquette...
Comunque ecco cos'è riuscito a fare quel merdone di virus in 3 secondi... ripeto: *IN 3 SECONDI*
La netiquette non impedisce di fare una ricerca ma la incentiva come da regolamento del forum e da regole di sezione...
e bastava solo osservare la sezione prima di aprire un thread doppione per identificare in massima semplicità altri 2 thread appena aperti sulla stessa tematica!
ad ogni modo ti prego di usare il thread: http://www.hwupgrade.it/forum/showthread.php?t=995318
chiudo il thread inquanto doppione :)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.