|
|||||||
|
|
|
 |
|
|
Strumenti |
27-04-2005, 12:58
|
#1 |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
trojan bas***do torna sempre ma nel registro non vedo nulla...
Da 5 giorni il Norton mi rileva dei trojan e me li cancella. Il sistema non ha particolari problemi ma la cosa cmq non mi piace. Ho win2000 con service pack4. Questi sono i file infettati che il norton ha cancellato:
Origine: E:\CRSS.EXE Origine: E:\CRSS.EXE Origine: E:\srv32.exe Origine: E:\ip.exe Origine: E:\CRSS.EXE Origine: E:\srv32.exe Origine: E:\srv32.exe Origine: E:\updater.exe Origine: E:\srv32.exe Origine: E:\sysfirewall.exe -->W32.spybot.worm Origine: E:\CRSS.EXE Origine: E:\CRSS.EXE Origine: E:\stone.exe Origine: E:\stone.exe Origine: E:\pb.exe -->W32.gaobot.gen!poly Origine: E:\prcview.exe Origine: E:\CRSS.EXE In tutti questi file il trojan "debellato" è W32.HLLW.Gaobot ad eccezione dei 2 casi che ho specificato. NB: Sul disco E non c'è il sistema operativo. Le chiavi di registro mi sembrano pulite ma non me ne intendo piu di tanto. Ho letto su questo forum che un utente ha avuto un problema simile (c:\stone.exe) e l'ha risolto cancellando i file autorun.inf , arun.exe che gli erano spuntati in c:\. Ho cercato questi file sui miei hd ma non ne ho trovato traccia. Ho provato a fare la scansione on-line con panda ma non ha trovato nulla. Non so piu che fare. Posto qui di seguito il log file di HijackThis Logfile of HijackThis v1.99.1 Scan saved at 12.03.50, on 27/04/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\lexbces.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\ATKKBService.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Programmi\RealVNC\VNC4\WinVNC4.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe C:\WINNT\system32\internat.exe C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE C:\WINNT\System32\svchost.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Startup: ubisoft register.lnk = C:\Programmi\Ubi Soft\Register\schedule.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\lexbces.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) Ultima modifica di flinio : 27-04-2005 alle 13:00. |
|
|
|
27-04-2005, 14:20
|
#2 |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
ho fatto una passata anche con il sysclean. vi posto il log finale:
2005-04-27, 13:16:50, Auto-clean mode specified. 2005-04-27, 13:16:50, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\TSC.BIN"... 2005-04-27, 13:16:54, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\TSC.BIN" has finished running. 2005-04-27, 13:16:54, TSC Log: Damage Cleanup Engine (DCE) 3.9(Build 1020) Windows 2000(Build 2195: Service Pack 4) Start time : mer apr 27 2005 13:16:51 Load Damage Cleanup Template (DCT) "F:\Utility\Sicurezza antivirus, firewall\Sysclean\tsc.ptn" (version 586) [success] Complete time : mer apr 27 2005 13:16:54 Execute pattern count(3659), Virus found count(0), Virus clean count(0), Clean failed count(0) 2005-04-27, 13:16:54, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Accesso negato. 2005-04-27, 13:16:54, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Accesso negato. 2005-04-27, 13:17:35, An error occurred while scanning file "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat": Accesso negato. 2005-04-27, 13:17:35, An error occurred while scanning file "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG": Accesso negato. 2005-04-27, 13:22:51, An error was detected on "C:\System Volume Information\*.*": Accesso negato. 2005-04-27, 13:24:10, An error occurred while scanning file "C:\WINNT\system32\config\default": Accesso negato. 2005-04-27, 13:24:10, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\software": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\system": Accesso negato. 2005-04-27, 13:24:11, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Accesso negato. 2005-04-27, 13:24:36, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"... 2005-04-27, 13:30:50, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:24:37 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 37879 files have been read. 37879 files have been checked. 25927 files have been scanned. 46799 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 13:30:50 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 13:30:50, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:24:37 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 37879 files have been read. 37879 files have been checked. 25927 files have been scanned. 46799 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 13:30:50 6 minutes 13 seconds (373.06 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 13:30:50, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:24:37 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 37879 files have been read. 37879 files have been checked. 25927 files have been scanned. 46799 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 13:30:50 6 minutes 13 seconds (373.06 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 13:30:50, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running. 2005-04-27, 13:30:50, An error was detected on "E:\System Volume Information\*.*": Accesso negato. 2005-04-27, 13:30:50, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"... 2005-04-27, 13:30:51, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:30:50 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 3 files have been read. 3 files have been checked. 3 files have been scanned. 3 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 13:30:51 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 13:30:51, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:30:50 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 3 files have been read. 3 files have been checked. 3 files have been scanned. 3 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 13:30:51 0.00 seconds has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 13:30:51, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:30:50 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 3 files have been read. 3 files have been checked. 3 files have been scanned. 3 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 13:30:51 0.00 seconds has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 13:30:51, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running. 2005-04-27, 13:45:28, An error was detected on "F:\System Volume Information\*.*": Accesso negato. 2005-04-27, 13:58:15, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"... 2005-04-27, 14:11:08, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:58:15 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 75648 files have been read. 75648 files have been checked. 34943 files have been scanned. 39236 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 14:11:08 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 14:11:08, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:58:15 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 75648 files have been read. 75648 files have been checked. 34943 files have been scanned. 39236 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 14:11:08 12 minutes 53 seconds (772.30 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 14:11:08, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 13:58:15 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 75648 files have been read. 75648 files have been checked. 34943 files have been scanned. 39236 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 14:11:08 12 minutes 53 seconds (772.30 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 14:11:08, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running. 2005-04-27, 14:11:38, Running scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN"... 2005-04-27, 14:11:44, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 14:11:38 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 1220 files have been read. 1220 files have been checked. 408 files have been scanned. 408 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 14:11:44 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 14:11:44, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 14:11:38 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 1220 files have been read. 1220 files have been checked. 408 files have been scanned. 408 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 14:11:44 6 seconds (5.95 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 14:11:44, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 4/27/2005 14:11:38 VSAPI Engine Version : 7.000-1004 VSCANTM Version : 1.1-1001 Virus Pattern Version : 602 (100819 Patterns) (2005/04/26) (260200) Command Line: F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=F:\Utility\Sicurezza antivirus, firewall\Sysclean 1220 files have been read. 1220 files have been checked. 408 files have been scanned. 408 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 4/27/2005 14:11:44 6 seconds (5.95 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-04-27, 14:11:44, Scanner "F:\Utility\Sicurezza antivirus, firewall\Sysclean\VSCANTM.BIN" has finished running. |
|
|
|
|
27-04-2005, 14:51
|
#3 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Anche a me il log sembra tutto ok.
Hai applicato tutte le Patches di Sicurezza di Microsoft? |
|
|
|
|
27-04-2005, 15:50
|
#4 |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
Si le ho applicate tutte.
2 minuti fa un'altra apparizione: E:\sysfirewall.exe -->W32.Spybot.Worm Help 
|
|
|
|
|
27-04-2005, 16:17
|
#5 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Eccolo il bastardo che ci aveva messo in crisi ad inizio anno.
Allora non avevamo trovato la soluzione e abbiamo raffazzonato un po' le cose. Termina il processo sysfirewall.exe. Cancella tutti i riferimenti di sysfirewall.exe che trovi nel registro. Crea un file di testo qualsiasi e chiamalo sysfirewall.exe copialo nelle seguenti destinazioni: C:\ F:\ c:\winnt c:\winnt\system32 dichiara questi file read-only a questo punto non dobrebbe più farsi vedere se lo trovo ti posto il vecchio post |
|
|
|
|
27-04-2005, 16:22
|
#6 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno...  Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
|
27-04-2005, 16:28
|
#7 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
|
|
|
|
|
27-04-2005, 17:58
|
#8 |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
nuova comparsa
E:\msc32.exe Il problema è che non si ripresenta sempre sysfirewall.exe ma continua a cambiare. Inoltre il norton lo rileva e lo cancella e nel task manager non vedo i suddetti processi attivi. Ke devo fare? x dsst: ho già fatto la scansione on-line di panda. bitdefender free mi sembra che sia una cosa simile vero? |
|
|
|
|
27-04-2005, 18:08
|
#9 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
devi installare le seguenti patch Microsoft:
KB835732 KB823980 KB885835 KB885836 KB873339 KB841356 KB840987 nel mio caso avevano risolto |
|
|
|
|
27-04-2005, 18:26
|
#10 |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
ce le ho già tutte installate
|
|
|
|
|
27-04-2005, 18:31
|
#11 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
disabilita il ripristino del sistema e fatti una scansione con un altro antivirus
lo so puo sembrare banale ma ha volte e l'unica soluzione ci sono diverwsi virus che il norton rileva ma non riesce a pulire e gia capitato ho letto da qualche parte ma adesso non ricordo più dove azz poi lo cerco che il norton non riesce a disinfettare dei virus che attaccano certi tipi di file non è un cavolata se trovo l'articolo poi lo posto
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno... Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
27-04-2005, 18:37
|
#12 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
w2k non ha il ripristino di sistema.
Hai un processo che si chiama: NvCplScan |
|
|
|
|
27-04-2005, 18:43
|
#13 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno... Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
|
27-04-2005, 19:03
|
#14 | |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
Quote:
|
|
|
|
|
|
27-04-2005, 19:27
|
#15 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Sembra una falla di Lsass.exe ........ se hai applicato tutte le patch... sono proprio impotente
|
|
|
|
|
28-04-2005, 09:58
|
#16 |
|
Member
Iscritto dal: Nov 2002
Città: Milano
Messaggi: 41
|
up please
|
|
|
|
|
28-04-2005, 13:03
|
#17 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Prova a ripostare il log aggiornato di Hijackthis.
Hai un firewall? Nel mentre scaricati questo programma: http://www.firewallleaktester.com/wwdc.htm blocca tutte le porte eventualmente aperte e fai il reboot del PC ciao |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 08:58.
