Conflitto spywareblaster - pestpatrol [Archivio]

View Full Version : Conflitto spywareblaster - pestpatrol

hurryowl

29-04-2005, 21:56

Ho questi due antispyware che stranamente mi creano il seguente problema, quando lancio una scansione con pestpatrol come risultato ho "websearch toolbar". Fin qui niente di particolare, se non fosse che quando vado a rimuoverla, ho notato che in spywareblaster risulta disabilitata una protezione di explorer che casualmente si chiama "huntbar variant", e se la riattivo naturalmente pestpatrol mi segnala nuovamente websearch..

Dunque è un falso positivo di pestpatrol, o spywareblaster ha qualcosa che non va? Tutto il resto sembra ok, kaspersky, giant e ad-aware pro non segnalano niente del genere e mi pare che anche hijackthis non segnali niente. A chi dare fiducia?

VelenoX79

29-04-2005, 22:36

io lascierei spywareblaster,gia' sei abbastanza coperto!non serve pestpatrol

lord2

29-04-2005, 22:37

hi as you are? I will try to help you :D
your problem is this?
How do I Remove WinTools?

Although there are many different methods across the web to remove this parasite, here is the most reliable way of doing this.

1) While online, download the popular HiJackThis program for Spywareinfo.com. You may want to read through the HiJackThis tutorial as well.

2) Reboot your computer into Safe Mode, you may want to also Turn off System Restore in Windows XP/ME as well to remove any backups of the files you are about to delete.

3) Remove the Startup Entries in the Registry

Click on Start, Run, Type REGEDIT and Click OK

Click the pluses(+) next to the following items
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run

Right-Click on the file WinTools and click DELETE

Click the pluses(+) next to the following items
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
RunServices

Right-Click on the file WinTools and click DELETE

Close REGEDIT
3) Run HiJackThis (while in Safe Mode) and Delete any entries relating to WinTools including

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}- C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL

Although the following entries should have been deleted in Step 2, delete these entries if they still exist.

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe

3) Delete the WinTools folder and all associated files

Open My Computer, Drive C, Program Files, Common Files
Right-click on the WinTools folder (if it exists) and Delete it
4) You should also delete or clean up your hosts file

Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts

juninho85

29-04-2005, 23:38

io lascierei spywareblaster,gia' sei abbastanza coperto!non serve pestpatrol
sono due tipologie diverse di programmi;)

trevi63

30-04-2005, 08:57

hurryowl

02-05-2005, 11:51

Penso anch'io che i due non vadano in conflitto tra loro, il problema è che pest patrol mi segnala della roba e nel momento in cui la elimino, in spywareblaster risulta disabilitata una protezione.. e se la riabilito nuovamente, ancora una volta pest patrol mi dice che ho questa websearch toolbar. Deve essere un problema tra loro due, perché ne kaspersky ne giant segnalano problemi, comunque per sicurezza posto il log di hijackthis, potete aiutarmi?

Logfile of HijackThis v1.99.1
Scan saved at 12.47.23, on 02/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\CtrlVol.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programmi\Palm\HOTSYNC.EXE
C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\DivX\SR241\SmartRipper.exe
C:\WINDOWS\Explorer.EXE
D:\Documenti\Pc\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [gcasServ] C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Manager HotSync.lnk = C:\Programmi\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109598672493
O17 - HKLM\System\CCS\Services\Tcpip\..\{5399A94F-2763-4D61-94B7-DBF2B13867F4}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

juninho85

02-05-2005, 14:44

C:\WINDOWS\AGRSMMSG.exe

:wtf:

hurryowl

02-05-2005, 18:51

C:\WINDOWS\AGRSMMSG.exe

dovrebbe essere il modem

MrOZ

03-05-2005, 19:27

hurryowl

03-05-2005, 19:58

Come antispyware uso solo giant in tempo reale, gli altri li uso per fare dei controlli regolari, ma è la prima volta che mi succede una cosa del genere, ed ho notato che lo stesso problema si è verificato su altri due pc dove li ho installati. Probabilmente è una qualche forma di incompatibilità, ma tutto sommato non mi preoccupa, vorrei però un consiglio, se ignorare in pest patrol quel websearch toolbar, oppure tenere senza protezione quell'oggetto in spywareblaster?

juninho85

03-05-2005, 23:56

non tenere troppi antispyware e antivirus installati su una macchina sola, puoi incappare in vari prob di instabilità e conflitti.

è sufficiente un antivirus, un antispyware, un firewall ed un browser settato a dovere.

ciao
il tuo ragionamento e giusto,pero sugli antispyawre sbagli.....meglio metterne 2-3,in modo ce uno sopperisca alle carenze dell'altro,visto che effettivamente non esiste un programma leader che installato da solo tiene il pc pulito e al sicuro;)