|
|||||||
|
|
|
 |
|
|
Strumenti |
25-04-2006, 12:03
|
#1 |
|
Senior Member
Iscritto dal: Dec 2005
Messaggi: 310
|
file maligno o falso positivo?
Ciao a tutti!
Alla ricerca di eventuale file maligno, ho effettuato la scansione del PC con i seguenti software: 1) Spybot - Search & Destroy 2) Lavasoft Ad-Aware SE Personal 3) Microsoft AntiSpyware (beta 1) 4) Ewido anti-malware 5) a-squared Mentre i programmi elencati ai punti 1) 2) e 3) non hanno riscontrato alcuna minaccia, "Ewido anti-malware" ed "a-squared" hanno trovato diversi files maligni. Ancora non ho provveduto alla rimozione, in quanto preferisco escludere l'eventualità di falsi positivi! Questi sono i rapporti delle scansioni: --------------------------------------------------------- ewido anti-malware - Rapporto Scansione --------------------------------------------------------- + Creato il: 10.57.15, 25/04/2006 + Report-Checksum: 73AFE46E + Risultati scansione: C:\hp\bin\Terminator.exe -> Trojan.KillApp.30208 : Ignorato ::Fine Rapporto a-squared Report Scan Started: 25/04/2006 11.03.09 Scan Finished: 25/04/2006 11.28.58 Scanning Time: 0h 25min 48sec Scanned Files: 100890 Infected Files: 5 Nome del file Diagnosi Key: HKEY_CURRENT_USER\software\nirsoft Trace.Registry.Tools.Nirsoft C:\Programmi\BackWeb\BackWeb Client\6.1.0.153\Program\runner.exe Adware.BackWeb.a C:\Programmi\hp center\137903\Program\BackWeb-137903.exe Adware.BackWeb.a C:\Programmi\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\runner.exe Adware.BackWeb.a C:\Programmi\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe Adware.BackWeb.a Al fine di fornirvi ulteriori elementi, ecco il log di hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11.35.32, on 25/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\VMware\VMware Player\vmware-authd.exe C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Programmi\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\PeerGuardian2\pg2.exe C:\Programmi\Shareaza\Shareaza.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Logitech\Video\FxSvr2.exe C:\Programmi\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Programmi\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmi\softwin\bitdefender8\bdnagent.exe" O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Programmi\MRU-Blaster\indexcleaner.exe -COOKIES O4 - HKCU\..\RunOnce: [Index Washer] C:\Programmi\Webroot\Washer\WashIdx.exe "Proprietario" O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?11316cf24ea34272a9be50c0dca02059 O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?11316cf24ea34272a9be50c0dca02059 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://C:\Programmi\LeechGet 2005\\Wizard.html O8 - Extra context menu item: Scarica con LeechGet - file://C:\Programmi\LeechGet 2005\\AddUrl.html O8 - Extra context menu item: Scarica pagina con LeechGet - file://C:\Programmi\LeechGet 2005\\Parser.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra button: Alice - {B4EC20D1-AE4A-4FE6-955D-12C3FF1BB0E7} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131205226812 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F143F5B-82F1-4C1A-8CE8-B2A111AAD787}: NameServer = 85.37.17.11 85.38.28.69 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2023EA-F40F-4982-A795-25AA7119C0BF}: NameServer = 217.141.250.206,151.99.125.1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) P.S. La presenza di backweb (riportata dal rapporto di a-squared) è riconducibile alla webcam logitech ed al software "hp center" presente sui computer HP. La traccia nel registro "nirsoft" è dovuta alla presenza dell'eseguibile "currports". Posso stare tranquillo? In realtà quello che mi preoccupa è il file trovato da ewido!!! |
|
|
|
25-04-2006, 12:09
|
#2 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
http://www.bleepingcomputer.com/star...exe-13563.html
ad ogni modo scansionalo anche su www.virustotal.com
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
25-04-2006, 12:16
|
#3 |
|
Senior Member
Iscritto dal: Dec 2005
Messaggi: 310
|
Grazie Stev-O!
Adesso ci provo. Il log di hijackthis è pulito? |
|
|
|
|
25-04-2006, 12:17
|
#4 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
il log è pulito ma se vuoi fixa questo:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k e disattiva la segnalazione errori windows
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
25-04-2006, 12:23
|
#5 |
|
Senior Member
Iscritto dal: Dec 2005
Messaggi: 310
|
come si procede per fixare?
come disattivare la segnalazione errori windows? Grazie. |
|
|
|
|
25-04-2006, 12:38
|
#6 |
|
Senior Member
Iscritto dal: Mar 2006
Città: Saluzzo (Cuneo) - Trattative ok: 51
Messaggi: 3656
|
per fixare spunti la casella accanto a cio che desideri fixare e premi fix
|
|
|
|
|
25-04-2006, 12:47
|
#7 | |
|
Senior Member
Iscritto dal: May 2002
Città: Milano
Messaggi: 5152
|
Quote:
|
|
|
|
|
|
25-04-2006, 12:50
|
#8 | |
|
Senior Member
Iscritto dal: Apr 2006
Città: Milano
Messaggi: 12425
|
Quote:
|
|
|
|
|
|
25-04-2006, 12:57
|
#9 | |
|
Senior Member
Iscritto dal: May 2002
Città: Milano
Messaggi: 5152
|
Quote:
send ? 
|
|
|
|
|
|
25-04-2006, 12:59
|
#10 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28998
|
Quote:
|
|
|
|
|
|
25-04-2006, 13:01
|
#11 | |
|
Senior Member
Iscritto dal: Apr 2006
Città: Milano
Messaggi: 12425
|
Quote:
La casella "sfoglia", possibile che non la vedi? 
|
|
|
|
|
|
25-04-2006, 13:06
|
#12 | |
|
Senior Member
Iscritto dal: May 2002
Città: Milano
Messaggi: 5152
|
Quote:
|
|
|
|
|
|
25-04-2006, 13:11
|
#13 | |
|
Senior Member
Iscritto dal: May 2002
Città: Milano
Messaggi: 5152
|
Quote:
ewino non li becca |
|
|
|
|
|
25-04-2006, 14:09
|
#14 | |
|
Senior Member
Iscritto dal: Apr 2006
Città: Milano
Messaggi: 12425
|
Quote:
|
|
|
|
|
|
25-04-2006, 14:09
|
#15 | |
|
Senior Member
Iscritto dal: Apr 2006
Città: Milano
Messaggi: 12425
|
Quote:
|
|
|
|
|
|
25-04-2006, 15:22
|
#16 |
|
Senior Member
Iscritto dal: Dec 2005
Messaggi: 310
|
Ho effettuato le scansioni on-line per il file "Terminator.exe"; ecco i risultati:
http://virusscan.jotti.org/ AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Killapp.30208.A ClamAV Found nothing Dr.Web Found Trojan.KillApp.30208 F-Prot Antivirus Found nothing Fortinet Found HackerTool/Killapp Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing http://www.virustotal.com/en/indexx.html AntiVir 6.34.0.24 04.20.2006 no virus found Avast 4.6.695.0 04.25.2006 no virus found AVG 386 04.24.2006 no virus found Avira 6.34.1.58 04.25.2006 no virus found BitDefender 7.2 04.25.2006 Trojan.Killapp.30208.A CAT-QuickHeal 8.00 04.25.2006 no virus found ClamAV devel-20060202 04.25.2006 no virus found DrWeb 4.33 04.25.2006 Trojan.KillApp.30208 eTrust-InoculateIT 23.71.138 04.25.2006 no virus found eTrust-Vet 12.4.2177 04.25.2006 no virus found Ewido 3.5 04.25.2006 Trojan.KillApp.30208 Fortinet 2.71.0.0 04.25.2006 HackerTool/Killapp F-Prot 3.16c 04.21.2006 no virus found Ikarus 0.2.59.0 04.25.2006 Trojan.KillApp.30208 Kaspersky 4.0.2.24 04.25.2006 no virus found McAfee 4747 04.24.2006 potentially unwanted program KillApp NOD32v2 1.1506 04.25.2006 no virus found Norman 5.90.16 04.25.2006 no virus found Panda 9.0.0.4 04.24.2006 Application/KillApp.A Sophos 4.05.0 04.25.2006 no virus found Symantec 8.0 04.25.2006 no virus found TheHacker 5.9.7.134 04.24.2006 Aplicacion/Riskware.Tool.KillApp UNA 1.83 04.21.2006 no virus found VBA32 3.11.0 04.24.2006 no virus found Che faccio? A chi devo credere? |
|
|
|
|
26-04-2006, 13:06
|
#17 |
|
Senior Member
Iscritto dal: Dec 2005
Messaggi: 310
|
Come mi devo comportare con il file "Terminator.exe"? Come interpretare, in modo corretto, i risultati delle scansioni on-line?
Aspetto fiducioso i vostri pareri! |
|
|
|
|
26-04-2006, 14:27
|
#18 |
|
Senior Member
Iscritto dal: Jun 2002
Città: Milano
Messaggi: 1438
|
è un backagent del software HP, fidati di Kaspersky
|
|
|
|
|
28-04-2006, 17:56
|
#19 | |
|
Senior Member
Iscritto dal: Dec 2005
Messaggi: 310
|
Quote:
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 12:49.
