Hardware Upgrade Forum - View Single Post - infetto

sbondo · 04-11-2007, 15:57

stamane ho avuto la spiacevole sorpresa che il firewall(sygate)non ne voleva sapere di partire,al che ho fatto una scansione con spibot il quale mi ha rivelato le seguenti minacce:
win32.poison.l
fservices
prorat.d
bene,dopo averli corretti al riavvio ricompaiono
stessa cosa fatta invano su KASPERSKY che in compenso rileva qualcosa in +:
C:\WINDOWS\system\sservice.exe Infected: Backdoor.Win32.Prorat.19.i skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\Wingen\LSASS.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\WINDOWS\system32\drivers\Wingen\service.exe Infected: Backdoor.Win32.Iroffer.b skipped
C:\WINDOWS\system32\drivers\Wingen\system.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped
C:\WINDOWS\system32\fservice.exe Infected: Backdoor.Win32.Prorat.19.i skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\reginv.dll Infected: Backdoor.Win32.Prorat.19.i skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winkey.dll Infected: Backdoor.Win32.Prorat.19.ah skipped
Scan process completed.
insomma nemmeno l'antivirus riesce a rimuoverli...
se volete posto il log di hijackthis v.1.99.1
aiutatemo è da stamattina che provo a rimuovere invanamente questi virus.....
tra l'altro nel web(in ita)c'è poco o nulla

edit
il so. è xp
t2250
1gb ram

reedit
dimenticavo che ad ogni riavvio il ripristino config di sistema viene disattivato

04-11-2007, 15:57	#1
sbondo Senior Member Iscritto dal: Jul 2006 Città: messina Messaggi: 665	infetto - Firewall malfunzionante stamane ho avuto la spiacevole sorpresa che il firewall(sygate)non ne voleva sapere di partire,al che ho fatto una scansione con spibot il quale mi ha rivelato le seguenti minacce: win32.poison.l fservices prorat.d bene,dopo averli corretti al riavvio ricompaiono stessa cosa fatta invano su KASPERSKY che in compenso rileva qualcosa in +: C:\WINDOWS\system\sservice.exe Infected: Backdoor.Win32.Prorat.19.i skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\Wingen\LSASS.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\WINDOWS\system32\drivers\Wingen\service.exe Infected: Backdoor.Win32.Iroffer.b skipped C:\WINDOWS\system32\drivers\Wingen\system.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped C:\WINDOWS\system32\fservice.exe Infected: Backdoor.Win32.Prorat.19.i skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\reginv.dll Infected: Backdoor.Win32.Prorat.19.i skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\winkey.dll Infected: Backdoor.Win32.Prorat.19.ah skipped Scan process completed. insomma nemmeno l'antivirus riesce a rimuoverli... se volete posto il log di hijackthis v.1.99.1 aiutatemo è da stamattina che provo a rimuovere invanamente questi virus..... tra l'altro nel web(in ita)c'è poco o nulla edit il so. è xp t2250 1gb ram reedit dimenticavo che ad ogni riavvio il ripristino config di sistema viene disattivato __________________ Ultima modifica di sbondo : 04-11-2007 alle 18:23.