Rilevato TROJ_ESEPOR.Y con il webscan di trendmicro...

[Drakan]

da ieri quando faccio una ricerca su google qualsiasi parola scriva, anche se metto nelle opzioni "solo pagine italiane" mi trova risultati, per lo + link ad altri motori di ricerca, in lingua inglese! ho pensato fosse uno di quei fastidiosi spyware e ho eseguito adaware se aggiornato, che si ha trovato degli spyware, ma si vede nn quello legato al mio problema, in quanto esso persisteva! allora vado sul forum di hw e seguendo il link faccio lo scan della trade micro che con mia sorpresa trova il TROJ_ESEPOR.Y!!!
il file che il trademicro mi rileva come infettato è
c:\windows\system32\tmksrvu.exe
però nello "scan results" mi dice "Non cleanable!" come faccio a toglierlo?
ecco link all'iimmagine della scansione

http://album.foto.virgilio.it/drakan/858313/foto.php

[Drakan]

la facevo fin troppo semplice!
magari avessi solo un trojan... ecco il logo del web scan della bit defender...

C:\Documents and Settings\{diablo}\Impostazioni locali\Temporary Internet Files\Content.IE5\4DIVCXEF\454543403[1].zip: infected with Win32.Netsky.C@mm
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\WINDOWS\system32\javexulm.vxd: infected with Adware.BBuddy.A
C:\WINDOWS\system32\netut80ex.vxd=>C:/WINDOWS/System32/exul.exe: infected with Adware.BBuddy.A
C:\WINDOWS\system32\netut80ex.vxd=>C:/WINDOWS/System32/javexulm.vxd: infected with Adware.BBuddy.A
C:\WINDOWS\system32\tksrv99.exe=>(Upx): infected with Trojan.Downloader.Esepor.Y
C:\WINDOWS\system32\tmksrvu.exe: infected with Trojan.Downloader.Esepor.Y
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>arrow1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>arrow2.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bck1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bck2.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt11.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt12.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt13.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt21.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt22.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt23.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt31.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt32.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt33.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt41.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt42.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt43.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt51.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt52.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt53.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt61.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>bt62.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>checkbox1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>checkbox2.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>checkbox3.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>checkbox4.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>default.skn: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>defbtn1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>defbtn2.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>defbtn3.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph2.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph3.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph4.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph5.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph6.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>glyph7.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>main.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>preview.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>sprite1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>tab1.bmp: password protected
D:\download\adaware personal 1.5\aawsepersonal.exe=>wise0023=>tab2.bmp: password protected

ed ecco l'immagine dello scan (è la foto 2!)
http://album.foto.virgilio.it/drakan/858313/foto.php