Aristocrat74
04-08-2004, 11:40
ieri pomeriggio...stavo installando un programma (originale) su win2000
ad un certo punto ...tadannnn cominciano ad aprirsi finestre di sitipornazzi in auomatico nortoncac comincia a rilevarmi virus....uno dietro l altro..... sulla barra degli strumenti di internet explorer in automatico mi si sono aggiunte delle icone nuove...
(una adirittura indicava la scritta uninnstall adware :eek: )
tolgo le icone dalla barra degli strumenti ma puntualmente
quando riapro explorer sono li &%/£/%%
:muro: passato il panico stacco il pc dalla rete..... comincio la pulizia......
adware nn rileva un tubo (sembra non funzionare piu)
nortoncac idem ....
------------------------------------------------------------------------------------
fortuna che in una partizione ho win98
installo awast(home edition)
e comincia a trovarmi i virus troian 2 -3 diversi -- l unico di cui ricordo il nome è w32trojano_092
pulisco tutto ritorno a win2000
reistallo adware e comincia a tovarmi i dialer e chi piu ne ha piu ne metta
rifaccio la scansione col norton e cominica a trovare anche lui file infetti.....
dopo scansioni su scansioni .... e smanettamenti vari sembra finalmente tutto apposto..... sembra.....:mad:
ogni 5-6 minuti c e un tentativo di collegamento al sito:
http://searchfind.info/
che puntualmente blocco con il firewall (norton)
oramai non so piu cheffare :muro: .....
sto meditando il formattone :cry:
prima pero chiedo consiglio ai sommi esperti.:cool:
questo è il log fatto con HijackThis:
(veramente lungo confrontato con quelli che ho visto sul forumme :oink: )
HELP ME !!!!
Logfile of HijackThis v1.98.0
Scan saved at 12.42.41, on 04/08/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\Programmi\File comuni\Symantec Shared\ccProxy.exe
D:\WINNT\System32\svchost.exe
D:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\WINNT\system32\MSTask.exe
D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\SOUNDMAN.EXE
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\QuickTime\qttask.exe
D:\WINNT\system32\internat.exe
D:\Programmi\Access\Office\OSA.EXE
D:\Programmi\Nikon\NkView5\NkvMon.exe
D:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
D:\Programmi\File comuni\Symantec Shared\cfgwiz.exe
D:\Programmi\File comuni\Symantec Shared\NMain.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\WINNT\system32\notepad.exe
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saletti.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,
O2 - BHO: IEHelper - {9081691d-fd21-4901-93c6-af6de3bfc30e} - D:\WINNT\system32\Q5167765.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F0311CF2-4BD1-4282-B8B5-C25B2C4E47E8} - D:\WINNT\system32\ioed.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Avvio Office.lnk = D:\Programmi\Access\Office\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Programmi\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = D:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O12 - Plugin for .pdf: D:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQrc.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kOth.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://cbi.tecmarket.it/ibbj/it/TlqJ2kImg.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQDt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E18E8F-ADC9-47AF-AB96-C203681FF8F3}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E18E8F-ADC9-47AF-AB96-C203681FF8F3}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{04E18E8F-ADC9-47AF-AB96-C203681FF8F3}: NameServer = 151.99.125.2,151.99.125.3
HELP ME !!!!
ad un certo punto ...tadannnn cominciano ad aprirsi finestre di sitipornazzi in auomatico nortoncac comincia a rilevarmi virus....uno dietro l altro..... sulla barra degli strumenti di internet explorer in automatico mi si sono aggiunte delle icone nuove...
(una adirittura indicava la scritta uninnstall adware :eek: )
tolgo le icone dalla barra degli strumenti ma puntualmente
quando riapro explorer sono li &%/£/%%
:muro: passato il panico stacco il pc dalla rete..... comincio la pulizia......
adware nn rileva un tubo (sembra non funzionare piu)
nortoncac idem ....
------------------------------------------------------------------------------------
fortuna che in una partizione ho win98
installo awast(home edition)
e comincia a trovarmi i virus troian 2 -3 diversi -- l unico di cui ricordo il nome è w32trojano_092
pulisco tutto ritorno a win2000
reistallo adware e comincia a tovarmi i dialer e chi piu ne ha piu ne metta
rifaccio la scansione col norton e cominica a trovare anche lui file infetti.....
dopo scansioni su scansioni .... e smanettamenti vari sembra finalmente tutto apposto..... sembra.....:mad:
ogni 5-6 minuti c e un tentativo di collegamento al sito:
http://searchfind.info/
che puntualmente blocco con il firewall (norton)
oramai non so piu cheffare :muro: .....
sto meditando il formattone :cry:
prima pero chiedo consiglio ai sommi esperti.:cool:
questo è il log fatto con HijackThis:
(veramente lungo confrontato con quelli che ho visto sul forumme :oink: )
HELP ME !!!!
Logfile of HijackThis v1.98.0
Scan saved at 12.42.41, on 04/08/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\Programmi\File comuni\Symantec Shared\ccProxy.exe
D:\WINNT\System32\svchost.exe
D:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\WINNT\system32\MSTask.exe
D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\SOUNDMAN.EXE
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\QuickTime\qttask.exe
D:\WINNT\system32\internat.exe
D:\Programmi\Access\Office\OSA.EXE
D:\Programmi\Nikon\NkView5\NkvMon.exe
D:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
D:\Programmi\File comuni\Symantec Shared\cfgwiz.exe
D:\Programmi\File comuni\Symantec Shared\NMain.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\WINNT\system32\notepad.exe
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saletti.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=D:\WINNT\system32\userinit.exe,
O2 - BHO: IEHelper - {9081691d-fd21-4901-93c6-af6de3bfc30e} - D:\WINNT\system32\Q5167765.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - D:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F0311CF2-4BD1-4282-B8B5-C25B2C4E47E8} - D:\WINNT\system32\ioed.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Avvio Office.lnk = D:\Programmi\Access\Office\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Programmi\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = D:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O12 - Plugin for .pdf: D:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQrc.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kOth.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://cbi.tecmarket.it/ibbj/it/TlqJ2kImg.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://cbi.tecmarket.it/ibbj/common/TlqJ2kQDt.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E18E8F-ADC9-47AF-AB96-C203681FF8F3}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E18E8F-ADC9-47AF-AB96-C203681FF8F3}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{04E18E8F-ADC9-47AF-AB96-C203681FF8F3}: NameServer = 151.99.125.2,151.99.125.3
HELP ME !!!!