Trojan horse generic GM

Ernst · 01-10-2005, 15:13

Il computer di un mio amico, regalatogli dal padre della sua ragazza, è infestato da schifezze varie.Sono, spero, riuscito a toglierli quasi tutto con Ewido e scansioni antivirus, a parte "trojan horse generic GM" relativo al seguente percorso: C:WINDOWS\system32\rdriv.sys l'antivirus che ho installato "AVG" lo segnala ma non riesce a metterlo in quarantena.
Come sistema operativo ha "Windows 2000 professional".
Potete darmi una mano?
Grazie e ciao.

andorra24 · 01-10-2005, 15:19

Posta un log di hijackthis

Ernst · 01-10-2005, 15:42

Gli ho inviato per posta HijackThis, per poi farmi inviare il log, appena arriva ci risentiamo. Per il momento grazie.

Ernst · 02-10-2005, 18:30

Finalmente me l'ha inviato!Sappimi dire. Ciao
Logfile of HijackThis v1.99.1
Scan saved at 16.57.35, on 02/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNetFolder.Exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\CHEBOZU7\HijackThis[1].exe
C:\WINNT\ntsys32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] windows.exe
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] windows.exe
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] windows.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] windows.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: NTsystem (System) - Unknown owner - C:\WINNT\ntsys32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe (file missing)
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

andorra24 · 02-10-2005, 18:50

Fixa:
C:\WINNT\ntsys32.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] windows.exe
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] windows.exe
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] windows.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] windows.exe
O23 - Service: NTsystem (System) - Unknown owner - C:\WINNT\ntsys32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe (file missing)

Ernst · 02-10-2005, 19:40

Quote:

Originariamente inviato da andorra24

Fixa:
C:\WINNT\ntsys32.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Micrsoft Internet Explorer] windows.exe
O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] windows.exe
O4 - HKCU\..\Run: [Micrsoft Internet Explorer] windows.exe
O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] windows.exe
O23 - Service: NTsystem (System) - Unknown owner - C:\WINNT\ntsys32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe (file missing)

Grazie per la risposta,ti farò sapere.
Ciao!

Ernst · 16-10-2005, 05:57

X andorra24:
Finalmente l'ho visto e si è risolto, salvo che nel frattempo non si sia beccato altro!

Ciao e grazie ancora tesoro!

andorra24 · 16-10-2005, 08:24

Quote:

Originariamente inviato da Ernst

X andorra24:
Finalmente l'ho visto e si è risolto, salvo che nel frattempo non si sia beccato altro!

Ciao e grazie ancora tesoro!

Lieta di esserti stata di aiuto

01-10-2005, 15:13	#1
Ernst Member Iscritto dal: Aug 2005 Città: Friuli Messaggi: 99	Trojan horse generic GM Il computer di un mio amico, regalatogli dal padre della sua ragazza, è infestato da schifezze varie.Sono, spero, riuscito a toglierli quasi tutto con Ewido e scansioni antivirus, a parte "trojan horse generic GM" relativo al seguente percorso: C:WINDOWS\system32\rdriv.sys l'antivirus che ho installato "AVG" lo segnala ma non riesce a metterlo in quarantena. Come sistema operativo ha "Windows 2000 professional". Potete darmi una mano? Grazie e ciao.

01-10-2005, 15:19	#2
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Posta un log di hijackthis

01-10-2005, 15:42	#3
Ernst Member Iscritto dal: Aug 2005 Città: Friuli Messaggi: 99	Gli ho inviato per posta HijackThis, per poi farmi inviare il log, appena arriva ci risentiamo. Per il momento grazie.

02-10-2005, 18:30	#4
Ernst Member Iscritto dal: Aug 2005 Città: Friuli Messaggi: 99	Finalmente me l'ha inviato!Sappimi dire. Ciao Logfile of HijackThis v1.99.1 Scan saved at 16.57.35, on 02/10/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\DRIVERS\CDANTSRV.EXE C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\Explorer.EXE C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE C:\WINNT\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\PROGRA~1\Alice\ALICEE~1\app\EnterNetFolder.Exe C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\CHEBOZU7\HijackThis[1].exe C:\WINNT\ntsys32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~2\CHKADMIN.EXE O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Micrsoft Internet Explorer] windows.exe O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] windows.exe O4 - HKCU\..\Run: [Micrsoft Internet Explorer] windows.exe O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] windows.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe O23 - Service: NTsystem (System) - Unknown owner - C:\WINNT\ntsys32.exe O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe (file missing) O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

02-10-2005, 18:50	#5
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: C:\WINNT\ntsys32.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O4 - HKLM\..\Run: [Micrsoft Internet Explorer] windows.exe O4 - HKLM\..\RunServices: [Micrsoft Internet Explorer] windows.exe O4 - HKCU\..\Run: [Micrsoft Internet Explorer] windows.exe O4 - HKCU\..\RunServices: [Micrsoft Internet Explorer] windows.exe O23 - Service: NTsystem (System) - Unknown owner - C:\WINNT\ntsys32.exe O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe (file missing)

16-10-2005, 05:57	#7
Ernst Member Iscritto dal: Aug 2005 Città: Friuli Messaggi: 99	X andorra24: Finalmente l'ho visto e si è risolto, salvo che nel frattempo non si sia beccato altro! Ciao e grazie ancora tesoro!

Strumenti
Mostra una versione stampabile Invia questa pagina per email