Ragazzi sono nella M...A,penso di avere nel mio pc un virus bastardo..ieri ho lanciato un fantomatico ''Loader.exe''..lanciato e scomaprso e non è successo niente(ahia)...mio pc ha Win xp pro e Norton antivirus 2004 ultraggiornato.
Questa mattina accendo il Pc e mi accorgo che il Norton non va piu!!!!...o perlomeno l'autoprotezione è disattivata e non si riece piu a riattivare e quando provo a scansire qualsiasi unita il processo viene chiuso automaticamente......ho propio paura di aver beccato uno di quei virus che ti Piantano l'antivirus come prima cosa.
Non ho rilevato ALCUN processo in esecuzione anomalo ne ho visto ALCUNA voce sospetta aggiunta nel registro di configurazione in tutte le ''famosi'' voci ''Run''.
ORA che fare???? ho a disposizione diverse soluzioni.

1-Provare a reinstalalre il Norton aggiornarlo e scandire L'hd con la speranza che il virus non me lo intacchi ancora(non dovrebbe se non spengo e riaccendo il PC)
2-USare programmi di scansione online(lo sto facendo,poi vi dico)
3-Far partire WINxp in modalità provvisoria o esclusiva sperando che cosi facendo il processo del virus non si attivi cosi da poterlo beccare e toglierlo col norton ''sbloccato''...ma non so se funziona
3-Dato che ho una rete di 2 Pc con router(ma senza alcun firewall,solo NAT)vorrei usare il mio secondo Pc dove ho installato anche li Norton iperaggiornato per scansire il mio HD..........ma non vorrei che tale virus si ''spammi'' anche in rete....è una cosa DA EVITARE dato che il secondo pc lo usa mio padre per lavoro unicamente!

..Cosa ne pensate di codeste soluzion????..avete qualcos'altro di piu efficace da consiglarmi al di fuori della formattazione(CEH VORREI EVITARE)....vi ringrazio:)

Scusate ma come posso rendere condivisa la cartella WINDOWS????

Nel mio sito nella sezione tool antivirus prova i tool della trend micro e stinger. Usali in modalità provvisoria e disabilita il system restore se presente.

Ciao

Ho paura che sia propio uno di quei virus maledetti infatti ho provato ad installare altri antivirus e presenta gli stessi sintomi su tutti quanti..........qualcuno sa qualcosa riguardo ad un nuovo virus del genere?

Ho usato i tuoi 2 tool m anon hanno trovato niente HEEELP PLSE:(

posta un log con il programma HiJackThis :)

Ehm non ho capito dovrei mostrare il log file finale dei 2 remove tools?

questo è il log del tool della microtrend eseguito in modalità provvisoria:

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2004-03-03, 19:25:35, Auto-clean mode specified.
2004-03-03, 19:25:35, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN"...
2004-03-03, 19:26:18, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN" has finished running.
2004-03-03, 19:26:18, TSC Log:

Damage Cleanup Engine (DCE) 3.5(Build 1119)
Windows XP(Build 2600: Service Pack 1)

Start time : Wed Mar 03 19:25:36 2004


Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\tsc.ptn" (version 278) [success]

Complete time : Wed Mar 03 19:26:18 2004

Execute pattern count(686), Virus found count(0), Virus clean count(0), Clean failed count(0)

2004-03-03, 19:28:31, Operation was aborted.


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2004-03-03, 19:46:36, Auto-clean mode specified.
2004-03-03, 19:46:36, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN"...
2004-03-03, 19:47:17, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN" has finished running.
2004-03-03, 19:47:17, TSC Log:

Damage Cleanup Engine (DCE) 3.5(Build 1119)
Windows XP(Build 2600: Service Pack 1)

Start time : Wed Mar 03 19:46:36 2004


Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\tsc.ptn" (version 278) [success]

Complete time : Wed Mar 03 19:47:17 2004

Execute pattern count(686), Virus found count(0), Virus clean count(0), Clean failed count(0)

2004-03-03, 19:47:43, An error occurred while scanning file "C:\Documents and Settings\Fabio\ntuser.dat": Accesso negato.
2004-03-03, 19:47:43, An error occurred while scanning file "C:\Documents and Settings\Fabio\ntuser.dat.LOG": Accesso negato.
2004-03-03, 19:48:48, An error occurred while scanning file "C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat": Accesso negato.
2004-03-03, 19:48:48, An error occurred while scanning file "C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG": Accesso negato.
2004-03-03, 20:09:36, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-3323E31B.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1B4AFC20.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ALCOHOL.EXE-3958FA47.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-10D4E07C.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOPLAY.EXE-39EB1D3F.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-1E4966FC.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-3684E09A.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOUPDATE.EXE-0260B5D7.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\A~NSISU_.TMP-34E1F33C.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\BITTORRENT-3.3.EXE-282CDADF.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\BTDOWNLOADGUI.EXE-02B1453F.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-22E68F52.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCD-UNINST.EXE-0E2E0452.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCEVTMGR.EXE-195B806F.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLGVIEW.EXE-27F03A3D.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETMGR.EXE-095D4F08.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CDEATH.EXE-088F1ADE.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CDSTART.EXE-18AC8F36.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CFGWIZ.EXE-0FA4333A.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CHNGEVER.EXE-0607C91C.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CLONECD.EXE-17DA42D2.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-08B78622.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\D2L_INSTALL.EXE-2C5BD9A3.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-146A3ACD.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DIABLO II.EXE-0C17EE3C.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DMCPL.EXE-399A67DC.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\EXTERNALS.EXE-2CB22068.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\FROZEN THRONE.EXE-090C966D.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\GAME.EXE-14A05F7A.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HL.EXE-356391DC.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC04.EXE-1001DF4D.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQ.EXE-2CE15631.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQSRP.EXE-09FBD9E5.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-1BA17782.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAGEDRIVE.EXE-0954933A.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\INFOTOOL.EXE-31135A88.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\IRALRSHL.EXE-145256CF.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LRSETUP.EXE-1A2C0F32.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LSETUP.EXE-023E1A1D.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LSETUP.EXE-087F75E7.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-10CD3462.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LUSETUP.EXE-232BE295.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MOBSYNC.EXE-173EDCEF.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MOHAA.EXE-0C248E5A.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCUGH.COM-0877FE97.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIB2C0.TMP-1991D329.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIB2C1.TMP-356D0A89.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIB2F3.TMP-1550E8F5.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-0C000A90.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-37E20AE9.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-09AF9BF4.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVAPSVC.EXE-39CF6FCC.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVSETUP.EXE-079A821B.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-2F9B64D1.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-1C426B47.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NERO.EXE-39AB114D.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-11FD097B.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NFSU_EUROPE_PATCH_4.EXE-20C5D738.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-2838231B.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\QCONSOLE.EXE-3436800F.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Accesso negato.
2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RESCCHK.EXE-2D9578D5.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-11BAF206.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12BC1BDF.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1356058F.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1505A3F6.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1CF36708.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-228B22F6.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-23FEF0C4.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26FC70F9.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-283CDCFA.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CE15922.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-32240B45.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B684387.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3DAAFF5D.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FA7EA68.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-42F8574B.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B6D7F5C.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B6EBA32.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNGAME.EXE-3B41E126.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVSCAN.EXE-119C3407.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-2DDD07AA.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-310A209C.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SEVINST.EXE-04507A3D.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SMNLNCH.EXE-0F9CF2C5.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SPA.EXE-1072DC4D.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SPEED.EXE-2B9F661C.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\STEAM.EXE-10C892B9.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\TRACERT.EXE-0E419688.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINS000.EXE-323470E0.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\UPSWPLUG.EXE-3217840A.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\VCSETUP.EXE-109DA36E.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WAR3.EXE-0F71C8A5.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WAR3_INSTALL.EXE-302E9340.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9A4.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9AA.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9AB.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9AD.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WOLFMP.EXE-25823945.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WORDPAD.EXE-20E16A4D.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WORLD EDITOR.EXE-3332A20A.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WORLDEDIT.EXE-0B007BAE.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\_IU14D2N.TMP-3A7CB323.pf": Accesso negato.
2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\{C6F5B6CF-609C-428E-876F-CA83-1CD2B1F3.pf": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Accesso negato.
2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Accesso negato.
2004-03-03, 20:25:36, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN"...
2004-03-03, 20:44:29, Files Detected:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 3/3/2004 20:25:37
VSAPI Engine Version : 6.810-1005
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 799 (59668 Patterns) (2004/03/03) (179900)
Command Line: C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Fabio\Desktop\Nuova cartella

23410 files have been read.
23410 files have been checked.
17623 files have been scanned.
23448 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/3/2004 20:44:28
---------*---------*---------*---------*---------*---------*---------*---------*
2004-03-03, 20:44:29, Files Clean:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 3/3/2004 20:25:37
VSAPI Engine Version : 6.810-1005
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 799 (59668 Patterns) (2004/03/03) (179900)
Command Line: C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Fabio\Desktop\Nuova cartella

23410 files have been read.
23410 files have been checked.
17623 files have been scanned.
23448 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/3/2004 20:44:28 18 minutes 48 seconds (1128.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2004-03-03, 20:44:29, Clean Fail:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 3/3/2004 20:25:37
VSAPI Engine Version : 6.810-1005
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 799 (59668 Patterns) (2004/03/03) (179900)
Command Line: C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Fabio\Desktop\Nuova cartella

23410 files have been read.
23410 files have been checked.
17623 files have been scanned.
23448 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/3/2004 20:44:28 18 minutes 48 seconds (1128.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2004-03-03, 20:44:29, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN" has finished running.


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2004-03-03, 21:05:16, Auto-clean mode specified.
2004-03-03, 21:05:16, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN"...
2004-03-03, 21:05:57, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN" has finished running.
2004-03-03, 21:05:57, TSC Log:

Damage Cleanup Engine (DCE) 3.5(Build 1119)
Windows XP(Build 2600: Service Pack 1)

Start time : Wed Mar 03 21:05:16 2004


Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\tsc.ptn" (version 278) [success]

Complete time : Wed Mar 03 21:05:57 2004

Execute pattern count(686), Virus found count(0), Virus clean count(0), Clean failed count(0)

2004-03-03, 21:16:54, Operation was aborted.

Originariamente inviato da Pancaro
Ehm non ho capito dovrei mostrare il log file finale dei 2 remove tools?



No....

dovresti scaricarti il prog "Hijackthis" ke ho in sign; chiudere la connessione internet e il broswer, fare 1 scan, salvare il log e fare 1 copia-incolla qui.

Ciao.

Ok ma quale dei tanti? l'antivirus o altro?

Ecco il LOG


Logfile of HijackThis v1.97.7
Scan saved at 0.06.23, on 04/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\Programmi\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Executive Software\DiskeeperWorkstation\DKService.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fabio\Desktop\Nuova cartella (2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trib3.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programmi\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37870.6624537037
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553560000} - http://active.macromedia.com/flash/cabs/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://active.macromedia.com/flash/cabs/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw3fd.law3.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{880F244B-D3CB-4AB5-B82E-C2EF802758FF}: NameServer = 212.216.172.62,212.216.112.112

Originariamente inviato da Pancaro
Ok ma quale dei tanti? l'antivirus o altro?

Scarica questo http://www.zerosrealm.com/downloads/hjt.zip

... e nn sbagliarti ;)

Originariamente inviato da MrOZ
Scarica questo http://www.zerosrealm.com/downloads/hjt.zip

... e nn sbagliarti ;)

Ok... come nn detto... mi hai anticipato.

Cavoli dal log NOn ho notato niente di strano cavoli che posso fare d'altro?

Allora mi sono letto accuratamente le descrizioni sul sito Symantec degli ultimi virus scoperti in questi 3 giorni(dal 2 marzo)......in quanto dovrebbe esser euno di questi poichè il mio norton era aggiornato dfino al primo di marzo.
Il Netsky non dovrebbe essere in quanto ho lanciato i tool di rimozione e non hanno trovato nulla.
Ho il dubbio che possa essere il W32".MYDoom@H(ultimissimo) od il W32".MYDoom@G
Entrambi i virus dalla descrizione funzionano in maniera analoga.
Leggete qui:http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Ebbene la cosa STRANA è che tutti i nuovi virus comunque dovrebbero aggiungere una voce nel registro di configurazione alle voci run mentre io nono ho aSSOLUTAMENTE NULLA DI ANOMALO(come potete vedere dal log precedente).
Non è per caso ceh tale virus è stato modificato solo aggiungendo la .dll????
Mi sono accorto in effetti di avere in Windows/system32 una .dll alquanto sospetta corrispondente alla descrizione symantec.
Si chiama dxdgns.dll ed è stata creata PROPIO al sera del 2 marzo data nell aquale avrei lanciato l'eseguibile del virus.Inoltre tale directory dalla descrizione sembra non appartenere a windows e fa riferimento ad una applicazione sconosciuta.
Ho provato ad eliminarla ma il sistema dice che è in uso e non si puo.In modalità provvisoria,invece,è possibile eliminarla.Rischio qulacosa a farlo?????
Non so piu cosa fare...:(
Per la cronaca ho installato pure il programma active ports ed in effetti anche li noto che mi si aprono spesso porte 80 ad indirizzi casuali.....

BINGOOOO TROVATO!!!! E RIMOSSO

PEr vostra informazione ho trovato il virus che poi virus non era ma semplicemente un Trojan horse(Beast 2.06)...l'ho trovato col mitico programma Trojan remover e si annidiava in un file mscugh.com in c:\windows\msagent ed avevo RAGIONE riguardo alla dll in effetti trojan remover mi ha rilevato che tale Dll era referenziata propio da questo file......li ha rinominati entrambi ed ora funziona tutto compreso Antivirus.......una cosa soltanto:la dll ed il file posso eliminarli o sono file di sistema?

Ora mi spiegate una cosa mi spiegate come mai il trojan remover lo ha trovato sto Beast.206 mentre il rinomatissimo norton no????.....ho fatto delle prove ho scaricato altro file infetto da un trojan,un certo I-worm 95 ecc. ebbene ACNHE IN QUESTO caso il norton non ha RILEVATO NULLA!!!!MA è POSSIBILE????....e meno male che dovrebbe funzionare bene!!!!

Avevi la bestia allora :D ...strano nn gira facilmente :D

Infatti il tuo log sembrava pulito... nn si notava niente allo startup in quanto prog simili si camuffano all'interno dei file di sistema.

Cmq prog specifici x rimuovere i trojan fanno 1 controllo + accurato dei processi e della memoria... inoltre trojan simili sono in grado di disattivare i processi dei + comuni AV.

Il norton non trova un caz... porva kaspersky;)