trojan bas***do torna sempre ma nel registro non vedo nulla... [Archivio]

View Full Version : trojan bas***do torna sempre ma nel registro non vedo nulla...

flinio

27-04-2005, 12:58

Da 5 giorni il Norton mi rileva dei trojan e me li cancella. Il sistema non ha particolari problemi ma la cosa cmq non mi piace. Ho win2000 con service pack4. Questi sono i file infettati che il norton ha cancellato:

Origine: E:\CRSS.EXE
Origine: E:\CRSS.EXE
Origine: E:\srv32.exe
Origine: E:\ip.exe
Origine: E:\CRSS.EXE
Origine: E:\srv32.exe
Origine: E:\srv32.exe
Origine: E:\updater.exe
Origine: E:\srv32.exe
Origine: E:\sysfirewall.exe -->W32.spybot.worm
Origine: E:\CRSS.EXE
Origine: E:\CRSS.EXE
Origine: E:\stone.exe
Origine: E:\stone.exe
Origine: E:\pb.exe -->W32.gaobot.gen!poly
Origine: E:\prcview.exe
Origine: E:\CRSS.EXE

In tutti questi file il trojan "debellato" è W32.HLLW.Gaobot ad eccezione dei 2 casi che ho specificato.

NB: Sul disco E non c'è il sistema operativo.

Le chiavi di registro mi sembrano pulite ma non me ne intendo piu di tanto. Ho letto su questo forum che un utente ha avuto un problema simile (c:\stone.exe) e l'ha risolto cancellando i file autorun.inf , arun.exe che gli erano spuntati in c:\. Ho cercato questi file sui miei hd ma non ne ho trovato traccia. Ho provato a fare la scansione on-line con panda ma non ha trovato nulla. Non so piu che fare. Posto qui di seguito il log file di HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 12.03.50, on 27/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\lexbces.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\ATKKBService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: ubisoft register.lnk = C:\Programmi\Ubi Soft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\lexbces.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

flinio

27-04-2005, 14:20

ho fatto una passata anche con il sysclean. vi posto il log finale:

2005-04-27, 13:16:50, Auto-clean mode specified.
2005-04-27, 13:16:50, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\TSC.BIN"...
2005-04-27, 13:16:54, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\TSC.BIN" has finished running.
2005-04-27, 13:16:54, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows 2000(Build 2195: Service Pack 4)

Start time : mer apr 27 2005 13:16:51

Load Damage Cleanup Template (DCT) "F:\Utility\Sicurezza antivirus, firewall\Sysclean\tsc.ptn" (version 586) [success]

Complete time : mer apr 27 2005 13:16:54
Execute pattern count(3659), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-04-27, 13:16:54, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Accesso negato.
2005-04-27, 13:16:54, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Accesso negato.
2005-04-27, 13:17:35, An error occurred while scanning file "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat": Accesso negato.
2005-04-27, 13:17:35, An error occurred while scanning file "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG": Accesso negato.
2005-04-27, 13:22:51, An error was detected on "C:\System Volume Information\*.*": Accesso negato.
2005-04-27, 13:24:10, An error occurred while scanning file "C:\WINNT\system32\config\default": Accesso negato.
2005-04-27, 13:24:10, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\software": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\system": Accesso negato.
2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Accesso negato.
2005-04-27, 13:24:36, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"...
2005-04-27, 13:30:50, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:24:37
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

37879 files have been read.
37879 files have been checked.
25927 files have been scanned.
46799 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 13:30:50
---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 13:30:50, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:24:37
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

37879 files have been read.
37879 files have been checked.
25927 files have been scanned.
46799 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 13:30:50 6 minutes 13 seconds (373.06 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 13:30:50, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:24:37
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

37879 files have been read.
37879 files have been checked.
25927 files have been scanned.
46799 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 13:30:50 6 minutes 13 seconds (373.06 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 13:30:50, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running.
2005-04-27, 13:30:50, An error was detected on "E:\System Volume Information\*.*": Accesso negato.
2005-04-27, 13:30:50, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"...
2005-04-27, 13:30:51, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:30:50
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

3 files have been read.
3 files have been checked.
3 files have been scanned.
3 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 13:30:51
---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 13:30:51, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:30:50
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

3 files have been read.
3 files have been checked.
3 files have been scanned.
3 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 13:30:51 0.00 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 13:30:51, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:30:50
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

3 files have been read.
3 files have been checked.
3 files have been scanned.
3 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 13:30:51 0.00 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 13:30:51, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running.
2005-04-27, 13:45:28, An error was detected on "F:\System Volume Information\*.*": Accesso negato.
2005-04-27, 13:58:15, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"...
2005-04-27, 14:11:08, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:58:15
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

75648 files have been read.
75648 files have been checked.
34943 files have been scanned.
39236 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 14:11:08
---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 14:11:08, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:58:15
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

75648 files have been read.
75648 files have been checked.
34943 files have been scanned.
39236 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 14:11:08 12 minutes 53 seconds (772.30 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 14:11:08, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 13:58:15
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

75648 files have been read.
75648 files have been checked.
34943 files have been scanned.
39236 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 14:11:08 12 minutes 53 seconds (772.30 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 14:11:08, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running.
2005-04-27, 14:11:38, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"...
2005-04-27, 14:11:44, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 14:11:38
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

1220 files have been read.
1220 files have been checked.
408 files have been scanned.
408 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 14:11:44
---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 14:11:44, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 14:11:38
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

1220 files have been read.
1220 files have been checked.
408 files have been scanned.
408 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 14:11:44 6 seconds (5.95 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 14:11:44, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 4/27/2005 14:11:38
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200)
Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean

1220 files have been read.
1220 files have been checked.
408 files have been scanned.
408 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 4/27/2005 14:11:44 6 seconds (5.95 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-04-27, 14:11:44, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running.

bluepix

27-04-2005, 14:51

Anche a me il log sembra tutto ok.

Hai applicato tutte le Patches di Sicurezza di Microsoft?

flinio

27-04-2005, 15:50

Si le ho applicate tutte.

2 minuti fa un'altra apparizione:

E:\sysfirewall.exe -->W32.Spybot.Worm

Help :cry:

bluepix

27-04-2005, 16:17

Eccolo il bastardo che ci aveva messo in crisi ad inizio anno.
Allora non avevamo trovato la soluzione e abbiamo raffazzonato un po' le cose.
Termina il processo sysfirewall.exe.
Cancella tutti i riferimenti di sysfirewall.exe che trovi nel registro.
Crea un file di testo qualsiasi e chiamalo sysfirewall.exe
copialo nelle seguenti destinazioni:
C:\
F:\
c:\winnt
c:\winnt\system32

dichiara questi file read-only

a questo punto non dobrebbe più farsi vedere

se lo trovo ti posto il vecchio post

3dsst

27-04-2005, 16:22

Si le ho applicate tutte.

2 minuti fa un'altra apparizione:

E:\sysfirewall.exe -->W32.Spybot.Worm

Help :cry:
fai una bella prova scaricati bitdefender free è solo no scanner indi non va in coflitto con il tuo morton e fai una bella scansione naturalmente dopo averlo aggiornato e vedi se lui te li toglie poi se vuoi un consiglio passa al kaspersky

bluepix

27-04-2005, 16:28

Ho trovato il post

http://forum.hwupgrade.it/showthread.php?t=838579

flinio

27-04-2005, 17:58

nuova comparsa

E:\msc32.exe

Il problema è che non si ripresenta sempre sysfirewall.exe ma continua a cambiare. Inoltre il norton lo rileva e lo cancella e nel task manager non vedo i suddetti processi attivi. Ke devo fare?

x dsst: ho già fatto la scansione on-line di panda. bitdefender free mi sembra che sia una cosa simile vero?

bluepix

27-04-2005, 18:08

devi installare le seguenti patch Microsoft:

KB835732
KB823980
KB885835
KB885836
KB873339
KB841356
KB840987

nel mio caso avevano risolto

flinio

27-04-2005, 18:26

ce le ho già tutte installate

3dsst

27-04-2005, 18:31

disabilita il ripristino del sistema e fatti una scansione con un altro antivirus
lo so puo sembrare banale ma ha volte e l'unica soluzione ci sono diverwsi virus che il norton rileva ma non riesce a pulire e gia capitato ho letto da qualche parte ma adesso non ricordo più dove azz poi lo cerco che il norton non riesce a disinfettare dei virus che attaccano certi tipi di file non è un cavolata se trovo l'articolo poi lo posto

bluepix

27-04-2005, 18:37

w2k non ha il ripristino di sistema.

Hai un processo che si chiama: NvCplScan

3dsst

27-04-2005, 18:43

nuova comparsa

x dsst: ho già fatto la scansione on-line di panda. bitdefender free mi sembra che sia una cosa simile vero?
no e un programma vero e proprio praticamente e l'ìantivirus ma senza scansione in real time ecc ecc e solo lo scanner a tutte le funzioni di disinfettazione eliminazione ecc ecc e free e lo puoi tenere contemporaneamente ad un altro antivirus

flinio

27-04-2005, 19:03

w2k non ha il ripristino di sistema.

Hai un processo che si chiama: NvCplScan

no

bluepix

27-04-2005, 19:27

Sembra una falla di Lsass.exe ........ se hai applicato tutte le patch... sono proprio impotente :(

flinio

28-04-2005, 09:58

up please :cry:

bluepix

28-04-2005, 13:03

Prova a ripostare il log aggiornato di Hijackthis.

Hai un firewall?

Nel mentre scaricati questo programma:

http://www.firewallleaktester.com/wwdc.htm

blocca tutte le porte eventualmente aperte e fai il reboot del PC

ciao