SOS urgente rsvchost.exe

[gigia]

Ciao a tutti!
Spybot ha rilevato il virus rsvchost.exe in WINDOWS
NON RIESCO A DEBELLARLO
ne con symantec, ne con spybot, ne con stinger

AIUTOOOOOO!!!!!
come posso fare?? si continuano ad aprire explorer

[BravoGT83]

presumo che hai XP con SP2 come SO?

prima devi disabilitare il ripristino di sistema....nel 3d ufficiale di Hijacthis trovi tutto....dopo posta il log di Hijackthis e proviamo toglierlo...

cmq che antivirus usi?

[MrOZ]

di che malware si tratta???

mi puoi mandare il file rsvchost.exe al mio indirizzo [email protected]???


ciao

[gigia]

Quote:

Originariamente inviato da BravoGT83

presumo che hai XP con SP2 come SO?

prima devi disabilitare il ripristino di sistema....nel 3d ufficiale di Hijacthis trovi tutto....dopo posta il log di Hijackthis e proviamo toglierlo...

cmq che antivirus usi?

OK fatto
allora ho un XP SP1

ecco il log di Hijackthis:

Logfile of HijackThis v1.99.0
Scan saved at 21.37.10, on 01/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\rsvchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programmi\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
C:\WINDOWS\System32\csrssv.exe
C:\WINDOWS\System32\taskmnegr.exe
C:\windows\mrjj.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\internetexplorer64.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.562\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\\IC Card Reader Driver v1.8e4\Disk_Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service] mssmsgs.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [NIW\] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [rgor] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [internetexplorer64] C:\WINDOWS\System32\internetexplorer64.exe
O4 - HKLM\..\RunServices: [Service] mssmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1168352.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C10A521-C655-4333-B675-8FDBE4B347E8}: NameServer = 85.37.17.44 151.99.125.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

AIUTO...

[andorra24]

Fixa:
C:\WINDOWS\rsvchost.exe
C:\WINDOWS\System32\csrssv.exe
C:\WINDOWS\System32\taskmnegr.exe
C:\windows\mrjj.exe
C:\WINDOWS\System32\internetexplorer64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Service] mssmsgs.exe
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [NIW\] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [rgor] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [internetexplorer64] C:\WINDOWS\System32\internetexplorer64.exe
O4 - HKLM\..\RunServices: [Service] mssmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1168352.exe

Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe

[gigia]

Quote:

Originariamente inviato da andorra24

Fixa:
C:\WINDOWS\rsvchost.exe
C:\WINDOWS\System32\csrssv.exe
C:\WINDOWS\System32\taskmnegr.exe
C:\windows\mrjj.exe
C:\WINDOWS\System32\internetexplorer64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [NIW\] c:\windows\mrjj.exe
O4 - HKLM\..\Run: [rgor] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [internetexplorer64] C:\WINDOWS\System32\internetexplorer64.exe
O4 - HKLM\..\RunServices: [Service] mssmsgs.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1168352.exe

Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe

scusami andorra24 devo segnalarti che hai a che fare con una alle prime armi con il PC...
cosa devo fare?

[andorra24]

Metti la spunta nella casellina accanto a tutte le voci che ti ho indicato di eliminare e dopo aver chiuso tutte le finestre aperte, tra cui il browser, premi ''fix checked''. Fai anche la scansione con ewido come ti ho consigliato nel post precedente.

[gigia]

fatto...però mi sa che ci sono ancora problemi
sto facendo la scansione con ewido
devo eliminare tutti i file segnalati?

[andorra24]

Quote:

Originariamente inviato da gigia

fatto...però mi sa che ci sono ancora problemi
sto facendo la scansione con ewido
devo eliminare tutti i file segnalati?

Si eliminali, tanto ewido ti fa il backup di ogni cosa che elimina.