|
|||||||
|
|
|
 |
|
|
Strumenti |
29-10-2003, 19:30
|
#1 |
|
Senior Member
Iscritto dal: Nov 2002
Messaggi: 2737
|
aiuto mi ha beccato un virus mi sa!!! è rasautou.exe!!
salve ragazzi non so se è un virus o meno ma a me puzza di virus a ogni avvio del mio computer il sudetto file rasautou.exe si conette automaticamente a internet usando la mia conessione predefinita perche dice lui sono state chieste informazioni da 66.139.77.145. io sto rasautou.exe lo cancello sempre ma all riavvio è di nuovo li com'e possibile???
c'e anche un file rasauto.dll ma quello non si puo cancellare!! forse è un file di sistema boh!!! insomma come faccio a eliminare sto fastidioso problema una volta per tutte!!! a voi sto rasautou.exe è capitato??? a me ha preso nonostante avessi sempre la firewall attiva porca zozza!!!!
__________________
|
|
|
|
29-10-2003, 21:21
|
#2 |
|
Senior Member
Iscritto dal: Nov 2002
Messaggi: 2737
|
help please nessuno mi puo aiutare?????
__________________
|
|
|
|
|
29-10-2003, 22:17
|
#3 |
|
Senior Member
Iscritto dal: Feb 2002
Città: Monza(come tanti qui)
Messaggi: 1126
|
|
|
|
|
|
29-10-2003, 22:22
|
#4 | |
|
Senior Member
Iscritto dal: May 2002
Messaggi: 3126
|
Quote:
ciao(http://www.ilsoftware.it/forum/topic...67&whichpage=9) leggi il post di arnaldo e capirai sempre che abbia ragione
|
|
|
|
|
|
29-10-2003, 22:58
|
#5 |
|
Senior Member
Iscritto dal: Nov 2002
Messaggi: 2737
|
forse ho trovato la soluzione potrebbe essere sta cosa qui le cose che avete postato voi le avevo gia lette ma grazie comunque se beccate qualcosa di nuovo postatelo!!!!
questo è preso dal sito della trend micro!!! QUICK LINKS Solution -------------------------------------------------------------------------------- Virus type: Backdoor Destructive: No Pattern file needed: 643 Scan engine needed: 6.100 Overall risk rating: Low -------------------------------------------------------------------------------- Reported infections: Low Damage Potential: Medium Distribution Potential: Low -------------------------------------------------------------------------------- Description: This backdoor listens to a random port on infected systems. It waits for remote commands to execute locally. This malicious routine allows remote users to access and manipulate infected systems. This backdoor program is known to be dropped into visiting systems from malicious Web pages by the Visual Basic Script Malware detected as VBS_LARSLP.A. The malicious Web pages contain an exploit to the Object Data Remote Execution Vulnerability. The vulnerability allows executable code to be executed automatically on visiting systems from Web pages. It affects systems running: Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0 Internet Explorer 6.0 for Windows Server 2003 This backdoor program runs on Windows 95, 98, ME, NT, 2000, and XP. Solution: Terminating the Malware Program This procedure terminates the running malware process from memory. Open Windows Task Manager. On Windows 9x/ME systems, press CTRL+ALT+DELETE On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, and click the Processes tab. In the list of running programs*, locate the process: LLASS.EXE Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system. To check if the malware process has been terminated, close Task Manager, and then open it again. Close Task Manager. *NOTE: On systems running Windows 9x/ME, Windows Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions. Removing Autostart Entries from the Registry Removing autostart entries from the registry prevents the malware from executing during startup. Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry: lar = “\llass.exe” In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>RunServices In the right panel, locate and delete the entry: lar = “\llass.exe” Close Registry Editor. NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system. Removing Other Malware Entries from the Registry Use this procedure to remove additional malware entries on systems running Windows NT, 2000, and XP. Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control In the right panel, locate and delete the entry: SLP Close Registry Editor. Additional Windows ME/XP Cleaning Instructions Running Trend Micro Antivirus Scan your system with Trend Micro antivirus and delete all files detected as BKDR_LARSLP.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner. Applying Patches This malware can arrive on systems vulnerable to the Object Data Remote Execution Vulnerability, which affects systems running: Internet Explorer 5.01 Internet Explorer 5.5 Internet Explorer 6.0 Internet Explorer 6.0 for Windows Server 2003 A cumulative Internet Explorer patch in Microsoft Security Bulletin MS03-032 addresses this vulnerability. Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC. For additional information about this threat, see Technical Details. spero possa risolvere!!!!!!!! dopo vi dico.
__________________
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:06.
