|
|||||||
|
|
|
 |
|
|
Strumenti |
03-03-2004, 18:03
|
#1 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
AIUTO!!!! visrus sconosciuto
Ragazzi sono nella M...A,penso di avere nel mio pc un virus bastardo..ieri ho lanciato un fantomatico ''Loader.exe''..lanciato e scomaprso e non è successo niente(ahia)...mio pc ha Win xp pro e Norton antivirus 2004 ultraggiornato.
Questa mattina accendo il Pc e mi accorgo che il Norton non va piu!!!!...o perlomeno l'autoprotezione è disattivata e non si riece piu a riattivare e quando provo a scansire qualsiasi unita il processo viene chiuso automaticamente......ho propio paura di aver beccato uno di quei virus che ti Piantano l'antivirus come prima cosa. Non ho rilevato ALCUN processo in esecuzione anomalo ne ho visto ALCUNA voce sospetta aggiunta nel registro di configurazione in tutte le ''famosi'' voci ''Run''. ORA che fare???? ho a disposizione diverse soluzioni. 1-Provare a reinstalalre il Norton aggiornarlo e scandire L'hd con la speranza che il virus non me lo intacchi ancora(non dovrebbe se non spengo e riaccendo il PC) 2-USare programmi di scansione online(lo sto facendo,poi vi dico) 3-Far partire WINxp in modalità provvisoria o esclusiva sperando che cosi facendo il processo del virus non si attivi cosi da poterlo beccare e toglierlo col norton ''sbloccato''...ma non so se funziona 3-Dato che ho una rete di 2 Pc con router(ma senza alcun firewall,solo NAT)vorrei usare il mio secondo Pc dove ho installato anche li Norton iperaggiornato per scansire il mio HD..........ma non vorrei che tale virus si ''spammi'' anche in rete....è una cosa DA EVITARE dato che il secondo pc lo usa mio padre per lavoro unicamente! ..Cosa ne pensate di codeste soluzion????..avete qualcos'altro di piu efficace da consiglarmi al di fuori della formattazione(CEH VORREI EVITARE)....vi ringrazio 
|
|
|
|
03-03-2004, 18:45
|
#2 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Scusate ma come posso rendere condivisa la cartella WINDOWS????
|
|
|
|
|
03-03-2004, 18:47
|
#3 |
|
Senior Member
Iscritto dal: Jun 2001
Città: Lazio
Messaggi: 5935
|
Nel mio sito nella sezione tool antivirus prova i tool della trend micro e stinger. Usali in modalità provvisoria e disabilita il system restore se presente.
Ciao
__________________
HP Gaming 16 I7 10750H, nVidia GTX1650TI 4Gbyte DDR6, 16Gbyte di Ram, SSD INTEL 500Gbyte, Amplificatore Denon PMA-510AE, Diffusori Q Acoustics 3020i |
|
|
|
|
03-03-2004, 19:14
|
#4 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Ho paura che sia propio uno di quei virus maledetti infatti ho provato ad installare altri antivirus e presenta gli stessi sintomi su tutti quanti..........qualcuno sa qualcosa riguardo ad un nuovo virus del genere?
|
|
|
|
|
03-03-2004, 21:38
|
#5 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Ho usato i tuoi 2 tool m anon hanno trovato niente HEEELP PLSE
|
|
|
|
|
03-03-2004, 22:10
|
#6 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Bastia Umbra (PG)
Messaggi: 6395
|
posta un log con il programma HiJackThis
__________________
:: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio :: |
|
|
|
|
03-03-2004, 23:15
|
#7 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Ehm non ho capito dovrei mostrare il log file finale dei 2 remove tools?
questo è il log del tool della microtrend eseguito in modalità provvisoria: /--------------------------------------------------------------\ | Trend Micro Sysclean Package | | Copyright 2002, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2004-03-03, 19:25:35, Auto-clean mode specified. 2004-03-03, 19:25:35, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN"... 2004-03-03, 19:26:18, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN" has finished running. 2004-03-03, 19:26:18, TSC Log: Damage Cleanup Engine (DCE) 3.5(Build 1119) Windows XP(Build 2600: Service Pack 1) Start time : Wed Mar 03 19:25:36 2004 Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\tsc.ptn" (version 278) [success] Complete time : Wed Mar 03 19:26:18 2004 Execute pattern count(686), Virus found count(0), Virus clean count(0), Clean failed count(0) 2004-03-03, 19:28:31, Operation was aborted. /--------------------------------------------------------------\ | Trend Micro Sysclean Package | | Copyright 2002, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2004-03-03, 19:46:36, Auto-clean mode specified. 2004-03-03, 19:46:36, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN"... 2004-03-03, 19:47:17, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN" has finished running. 2004-03-03, 19:47:17, TSC Log: Damage Cleanup Engine (DCE) 3.5(Build 1119) Windows XP(Build 2600: Service Pack 1) Start time : Wed Mar 03 19:46:36 2004 Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\tsc.ptn" (version 278) [success] Complete time : Wed Mar 03 19:47:17 2004 Execute pattern count(686), Virus found count(0), Virus clean count(0), Clean failed count(0) 2004-03-03, 19:47:43, An error occurred while scanning file "C:\Documents and Settings\Fabio\ntuser.dat": Accesso negato. 2004-03-03, 19:47:43, An error occurred while scanning file "C:\Documents and Settings\Fabio\ntuser.dat.LOG": Accesso negato. 2004-03-03, 19:48:48, An error occurred while scanning file "C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat": Accesso negato. 2004-03-03, 19:48:48, An error occurred while scanning file "C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG": Accesso negato. 2004-03-03, 20:09:36, An error was detected on "C:\System Volume Information\*.*": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-3323E31B.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1B4AFC20.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ALCOHOL.EXE-3958FA47.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-10D4E07C.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOPLAY.EXE-39EB1D3F.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-1E4966FC.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-3684E09A.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOUPDATE.EXE-0260B5D7.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\A~NSISU_.TMP-34E1F33C.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\BITTORRENT-3.3.EXE-282CDADF.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\BTDOWNLOADGUI.EXE-02B1453F.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-22E68F52.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCD-UNINST.EXE-0E2E0452.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCEVTMGR.EXE-195B806F.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLGVIEW.EXE-27F03A3D.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETMGR.EXE-095D4F08.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CDEATH.EXE-088F1ADE.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CDSTART.EXE-18AC8F36.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CFGWIZ.EXE-0FA4333A.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CHNGEVER.EXE-0607C91C.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CLONECD.EXE-17DA42D2.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-08B78622.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\D2L_INSTALL.EXE-2C5BD9A3.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-146A3ACD.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DIABLO II.EXE-0C17EE3C.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DMCPL.EXE-399A67DC.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\EXTERNALS.EXE-2CB22068.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\FROZEN THRONE.EXE-090C966D.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\GAME.EXE-14A05F7A.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HL.EXE-356391DC.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC04.EXE-1001DF4D.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQ.EXE-2CE15631.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQSRP.EXE-09FBD9E5.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-1BA17782.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAGEDRIVE.EXE-0954933A.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\INFOTOOL.EXE-31135A88.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\IRALRSHL.EXE-145256CF.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LRSETUP.EXE-1A2C0F32.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LSETUP.EXE-023E1A1D.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LSETUP.EXE-087F75E7.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-10CD3462.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\LUSETUP.EXE-232BE295.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MOBSYNC.EXE-173EDCEF.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MOHAA.EXE-0C248E5A.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCUGH.COM-0877FE97.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIB2C0.TMP-1991D329.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIB2C1.TMP-356D0A89.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIB2F3.TMP-1550E8F5.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-0C000A90.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-37E20AE9.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-09AF9BF4.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVAPSVC.EXE-39CF6FCC.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVSETUP.EXE-079A821B.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-2F9B64D1.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-1C426B47.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NERO.EXE-39AB114D.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-11FD097B.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NFSU_EUROPE_PATCH_4.EXE-20C5D738.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-2838231B.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\QCONSOLE.EXE-3436800F.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Accesso negato. 2004-03-03, 20:19:13, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RESCCHK.EXE-2D9578D5.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-11BAF206.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12BC1BDF.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1356058F.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1505A3F6.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1CF36708.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-228B22F6.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-23FEF0C4.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26FC70F9.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-283CDCFA.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CE15922.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-32240B45.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B684387.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3DAAFF5D.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FA7EA68.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-42F8574B.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B6D7F5C.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B6EBA32.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNGAME.EXE-3B41E126.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVSCAN.EXE-119C3407.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-2DDD07AA.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-310A209C.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SEVINST.EXE-04507A3D.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SMNLNCH.EXE-0F9CF2C5.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SPA.EXE-1072DC4D.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\SPEED.EXE-2B9F661C.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\STEAM.EXE-10C892B9.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\TRACERT.EXE-0E419688.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINS000.EXE-323470E0.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\UPSWPLUG.EXE-3217840A.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\VCSETUP.EXE-109DA36E.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WAR3.EXE-0F71C8A5.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WAR3_INSTALL.EXE-302E9340.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9A4.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9AA.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9AB.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-3717B9AD.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WOLFMP.EXE-25823945.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WORDPAD.EXE-20E16A4D.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WORLD EDITOR.EXE-3332A20A.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\WORLDEDIT.EXE-0B007BAE.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\_IU14D2N.TMP-3A7CB323.pf": Accesso negato. 2004-03-03, 20:19:14, Could not set file for reading on "C:\WINDOWS\Prefetch\{C6F5B6CF-609C-428E-876F-CA83-1CD2B1F3.pf": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Accesso negato. 2004-03-03, 20:22:47, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Accesso negato. 2004-03-03, 20:25:36, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN"... 2004-03-03, 20:44:29, Files Detected: Copyright (c) 1990 - 2002 Trend Micro Inc. Report Date : 3/3/2004 20:25:37 VSAPI Engine Version : 6.810-1005 VSCANTM Version : 1.0-11111728 Virus Pattern Version : 799 (59668 Patterns) (2004/03/03) (179900) Command Line: C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Fabio\Desktop\Nuova cartella 23410 files have been read. 23410 files have been checked. 17623 files have been scanned. 23448 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 3/3/2004 20:44:28 ---------*---------*---------*---------*---------*---------*---------*---------* 2004-03-03, 20:44:29, Files Clean: Copyright (c) 1990 - 2002 Trend Micro Inc. Report Date : 3/3/2004 20:25:37 VSAPI Engine Version : 6.810-1005 VSCANTM Version : 1.0-11111728 Virus Pattern Version : 799 (59668 Patterns) (2004/03/03) (179900) Command Line: C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Fabio\Desktop\Nuova cartella 23410 files have been read. 23410 files have been checked. 17623 files have been scanned. 23448 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 3/3/2004 20:44:28 18 minutes 48 seconds (1128.17 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2004-03-03, 20:44:29, Clean Fail: Copyright (c) 1990 - 2002 Trend Micro Inc. Report Date : 3/3/2004 20:25:37 VSAPI Engine Version : 6.810-1005 VSCANTM Version : 1.0-11111728 Virus Pattern Version : 799 (59668 Patterns) (2004/03/03) (179900) Command Line: C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Fabio\Desktop\Nuova cartella 23410 files have been read. 23410 files have been checked. 17623 files have been scanned. 23448 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 3/3/2004 20:44:28 18 minutes 48 seconds (1128.17 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2004-03-03, 20:44:29, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\VSCANTM.BIN" has finished running. /--------------------------------------------------------------\ | Trend Micro Sysclean Package | | Copyright 2002, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2004-03-03, 21:05:16, Auto-clean mode specified. 2004-03-03, 21:05:16, Running scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN"... 2004-03-03, 21:05:57, Scanner "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\TSC.BIN" has finished running. 2004-03-03, 21:05:57, TSC Log: Damage Cleanup Engine (DCE) 3.5(Build 1119) Windows XP(Build 2600: Service Pack 1) Start time : Wed Mar 03 21:05:16 2004 Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Fabio\Desktop\Nuova cartella\tsc.ptn" (version 278) [success] Complete time : Wed Mar 03 21:05:57 2004 Execute pattern count(686), Virus found count(0), Virus clean count(0), Clean failed count(0) 2004-03-03, 21:16:54, Operation was aborted. |
|
|
|
|
03-03-2004, 23:30
|
#8 | |
|
Senior Member
Iscritto dal: Jun 2003
Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002
Messaggi: 4426
|
Quote:
dovresti scaricarti il prog "Hijackthis" ke ho in sign; chiudere la connessione internet e il broswer, fare 1 scan, salvare il log e fare 1 copia-incolla qui. Ciao. |
|
|
|
|
|
04-03-2004, 00:02
|
#9 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Ok ma quale dei tanti? l'antivirus o altro?
|
|
|
|
|
04-03-2004, 00:07
|
#10 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Ecco il LOG
Logfile of HijackThis v1.97.7 Scan saved at 0.06.23, on 04/03/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Microsoft Hardware\Mouse\point32.exe C:\Programmi\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\System32\CTHELPER.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Executive Software\DiskeeperWorkstation\DKService.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Fabio\Desktop\Nuova cartella (2)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trib3.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IntelliType] "C:\Programmi\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: PowerReg Scheduler V3.exe O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...870.6624537037 O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553560000} - http://active.macromedia.com/flash/cabs/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://active.macromedia.com/flash/cabs/swflash.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw3fd.law3.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{880F244B-D3CB-4AB5-B82E-C2EF802758FF}: NameServer = 212.216.172.62,212.216.112.112 |
|
|
|
|
04-03-2004, 00:11
|
#11 | |
|
Senior Member
Iscritto dal: Jun 2003
Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002
Messaggi: 4426
|
Quote:
... e nn sbagliarti 
|
|
|
|
|
|
04-03-2004, 00:12
|
#12 | |
|
Senior Member
Iscritto dal: Jun 2003
Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002
Messaggi: 4426
|
Quote:
|
|
|
|
|
|
04-03-2004, 00:16
|
#13 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Cavoli dal log NOn ho notato niente di strano cavoli che posso fare d'altro?
|
|
|
|
|
04-03-2004, 09:07
|
#14 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Allora mi sono letto accuratamente le descrizioni sul sito Symantec degli ultimi virus scoperti in questi 3 giorni(dal 2 marzo)......in quanto dovrebbe esser euno di questi poichè il mio norton era aggiornato dfino al primo di marzo.
Il Netsky non dovrebbe essere in quanto ho lanciato i tool di rimozione e non hanno trovato nulla. Ho il dubbio che possa essere il W32".MYDoom@H(ultimissimo) od il W32".MYDoom@G Entrambi i virus dalla descrizione funzionano in maniera analoga. Leggete qui:http://[email protected] Ebbene la cosa STRANA è che tutti i nuovi virus comunque dovrebbero aggiungere una voce nel registro di configurazione alle voci run mentre io nono ho aSSOLUTAMENTE NULLA DI ANOMALO(come potete vedere dal log precedente). Non è per caso ceh tale virus è stato modificato solo aggiungendo la .dll???? Mi sono accorto in effetti di avere in Windows/system32 una .dll alquanto sospetta corrispondente alla descrizione symantec. Si chiama dxdgns.dll ed è stata creata PROPIO al sera del 2 marzo data nell aquale avrei lanciato l'eseguibile del virus.Inoltre tale directory dalla descrizione sembra non appartenere a windows e fa riferimento ad una applicazione sconosciuta. Ho provato ad eliminarla ma il sistema dice che è in uso e non si puo.In modalità provvisoria,invece,è possibile eliminarla.Rischio qulacosa a farlo????? Non so piu cosa fare... Per la cronaca ho installato pure il programma active ports ed in effetti anche li noto che mi si aprono spesso porte 80 ad indirizzi casuali..... |
|
|
|
|
04-03-2004, 09:59
|
#15 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
BINGOOOO TROVATO!!!! E RIMOSSO
PEr vostra informazione ho trovato il virus che poi virus non era ma semplicemente un Trojan horse(Beast 2.06)...l'ho trovato col mitico programma Trojan remover e si annidiava in un file mscugh.com in c:\windows\msagent ed avevo RAGIONE riguardo alla dll in effetti trojan remover mi ha rilevato che tale Dll era referenziata propio da questo file......li ha rinominati entrambi ed ora funziona tutto compreso Antivirus.......una cosa soltanto:la dll ed il file posso eliminarli o sono file di sistema? Ultima modifica di Pancaro : 04-03-2004 alle 10:53. |
|
|
|
|
04-03-2004, 10:52
|
#16 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 567
|
Ora mi spiegate una cosa mi spiegate come mai il trojan remover lo ha trovato sto Beast.206 mentre il rinomatissimo norton no????.....ho fatto delle prove ho scaricato altro file infetto da un trojan,un certo I-worm 95 ecc. ebbene ACNHE IN QUESTO caso il norton non ha RILEVATO NULLA!!!!MA è POSSIBILE????....e meno male che dovrebbe funzionare bene!!!!
|
|
|
|
|
04-03-2004, 11:28
|
#17 |
|
Senior Member
Iscritto dal: Jun 2003
Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002
Messaggi: 4426
|
Avevi la bestia allora
 ...strano nn gira facilmente Infatti il tuo log sembrava pulito... nn si notava niente allo startup in quanto prog simili si camuffano all'interno dei file di sistema. Cmq prog specifici x rimuovere i trojan fanno 1 controllo + accurato dei processi e della memoria... inoltre trojan simili sono in grado di disattivare i processi dei + comuni AV. |
|
|
|
|
05-03-2004, 00:49
|
#18 |
|
Senior Member
Iscritto dal: May 2002
Messaggi: 4697
|
Il norton non trova un caz... porva kaspersky
__________________
- SONY KDL-50W809C - - Pixel 6a - Xiaomi Air 12 Laptop - |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 15:47.
