PDA

Visualizza la versione completa : Virus che non fa installare antivirus o antimalware


 
OYS
15-01-2007, 21:34
Ciao. Mi sono trovato a che fare di un virus che non fa installare antivirus o antimalware. Per di più quando vado in pagine web dove c'è scritto virus o spyware(o non so cos'altro) la pagina web si chiude da sola (sia con IE che mozzilla che netscape). Infatti nel pc in questione non vi è installato alcun antivirus o altro, e difatti quando mi sono connesso al forum e sono entrato nella sezione "Sicurezza informatica e VIRUS" la pagina si è chiusa automaticamente. Ora sto scrivendo da un altro pc... Potete aiutarmi??

amvinfe
16-01-2007, 01:57
Scarica
http://www.suspectfile.com/upload/files/tools/systemscan.exe
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile il file report.txt.
Vai su www.mytempdir.com carica il file e nella tua prossima risposta scrivi l'URL per scaricarlo.

OYS
16-01-2007, 07:45
Ok, siccome il computer non è mio ma di un mio amico forse ci metterò un po a rispondere...

OYS
16-01-2007, 15:25
Ho fatto quello che hai chiesto ma non ho potuto spuntare l'ultima casella (quella di hjiack this perchè non avevo il programma ora provo a scaricarlo...) Ecco l'Url:

Link to the file:
http://www.mytempdir.com/1169782

OYS
16-01-2007, 15:31
Ecco Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 15.29.17, on 16/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\rrxwcl.exe
E:\WINDOWS\System32\hbobc.exe
E:\WINDOWS\System32\hbobc.exe
E:\WINDOWS\System32\hbobc.exe
E:\Programmi\Mozilla Firefox\firefox.exe
E:\Programmi\OpenOffice.org 2.0\program\soffice.exe
E:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
E:\WINDOWS\system32\ftp.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\ftp.exe
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\alessandro\Impostazioni locali\Temp\wz2970\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - E:\Programmi\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, E:\WINDOWS\System32\hbobc.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,cksoafy. exe,ddjfihw.exe,kyxvkck.exe,jinlxct.exe,svvemqg.ex e
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {10C7C98A-55AB-A19B-0078-E0B936F61CE2} - E:\WINDOWS\aaaaa1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - E:\Programmi\MySearch\bar\1.bin\S4BAR.DLL (file missing)
O4 - HKLM\..\Run: [Winamp Agent] E:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [ebaa1.exe] E:\WINDOWS\TEMP\ebaa1.exe
O4 - HKLM\..\Run: [Update root] fuaxjgrfmrwkln.pif
O4 - HKLM\..\Run: [Protocol Settings] kav32.exe
O4 - HKLM\..\Run: [Local Security Authority Service] E:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] E:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [.nvsvc] E:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 2200 Series] "E:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [PVModule] E:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [awyxow] E:\WINDOWS\System32\bfugpy.exe reg_run
O4 - HKLM\..\Run: [bppoxa] E:\WINDOWS\System32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [DeluxeCommunications] E:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "E:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IpWins] E:\Programmi\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [ilefat] E:\WINDOWS\System32\jtanav.exe reg_run
O4 - HKLM\..\Run: [HydraVisionDesktopManager] E:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [hvtvnu] E:\WINDOWS\System32\iepenw.exe reg_run
O4 - HKLM\..\RunServices: [Update root] fuaxjgrfmrwkln.pif
O4 - HKLM\..\RunServices: [Protocol Settings] kav32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Protocol Settings] kav32.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Asln] "E:\WINDOWS\PPPATC~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Qzoxllf] E:\Programmi\s?stem32\i?xplore.exe
O4 - HKCU\..\Run: [wtgaq] E:\WINDOWS\System32\bfugpy.exe reg_run
O4 - HKCU\..\Run: [wmwpy] E:\WINDOWS\System32\bxlwxc.exe reg_run
O4 - HKCU\..\Run: [cprocsvc] E:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] E:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [filgb] E:\WINDOWS\System32\jtanav.exe reg_run
O4 - HKCU\..\Run: [erbwo] E:\WINDOWS\System32\iepenw.exe reg_run
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\Programmi\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IpManager (IPtable) - Unknown owner - E:\WINDOWS\ipconfg32.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Secure Socket Layer - Unknown owner - E:\WINDOWS\System32\dllcache\ssls.exe
O23 - Service: sqldps - Unknown owner - E:\WINDOWS\sqldps.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - E:\WINDOWS\update\updmgr.exe
O23 - Service: Video Guard 32 - Unknown owner - E:\WINDOWS\System32\dllcache\videoguard32.exe
O23 - Service: Windows Log - Unknown owner - E:\WINDOWS\system32\nvsvcd.exe

OYS
16-01-2007, 16:25
Se vi può essere d'aiuto c'è installato un BricoPaks (vista inspirat).

rales
16-01-2007, 20:15
E per forza !!!
Hai tantissimi trojan , worm , malware, spyware , ad-aware e rootkit !!!!!
Non ho mai visto una cosa del genere!!!!!!!

togli queste:

E:\WINDOWS\System32\rrxwcl.exe

E:\WINDOWS\System32\hbobc.exe

E:\WINDOWS\System32\hbobc.exe

E:\WINDOWS\System32\hbobc.exe

3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - E:\Programmi\DeluxeCommunications\DxcBho.dll

F2 - REG:system.ini: Shell=Explorer.exe, E:\WINDOWS\System32\hbobc.exe

F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,cksoafy. exe,ddjfihw.exe,kyxvkck.exe,ji nlxct.exe,svvemqg.exe

O2 - BHO: Class - {10C7C98A-55AB-A19B-0078-E0B936F61CE2} - E:\WINDOWS\aaaaa1.dll

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - E:\Programmi\MySearch\bar\1.bin\S4BAR.DLL (file missing)

O4 - HKLM\..\Run: [Winamp Agent] E:\WINDOWS\System32\winamp.exe

O4 - HKLM\..\Run: [ebaa1.exe] E:\WINDOWS\TEMP\ebaa1.exe

O4 - HKLM\..\Run: [Update root] fuaxjgrfmrwkln.pif

O4 - HKLM\..\Run: [Protocol Settings] kav32.exe

O4 - HKLM\..\Run: [Local Security Authority Service] E:\WINDOWS\System32\Isass.exe

O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] E:\WINDOWS\update\updmgr.exe

O4 - HKLM\..\Run: [.nvsvc] E:\WINDOWS\system\smss.exe /w

O4 - HKLM\..\Run: [Lexmark 2200 Series] "E:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"

O4 - HKLM\..\Run: [PVModule] E:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [awyxow] E:\WINDOWS\System32\bfugpy.exe reg_run

O4 - HKLM\..\Run: [bppoxa] E:\WINDOWS\System32\bxlwxc.exe reg_run

O4 - HKLM\..\Run: [DeluxeCommunications] E:\Programmi\DeluxeCommunications\Dxc.exe

O4 - HKLM\..\Run: [IpWins] E:\Programmi\Ipwindows\ipwins.exe

04 - HKLM\..\Run: [ilefat] E:\WINDOWS\System32\jtanav.exe reg_run

O4 - HKLM\..\Run: [hvtvnu] E:\WINDOWS\System32\iepenw.exe reg_run

O4 - HKLM\..\RunServices: [Update root] fuaxjgrfmrwkln.pif

O4 - HKLM\..\RunServices: [Protocol Settings] kav32.exe

O4 - HKCU\..\Run: [Protocol Settings] kav32.exe

O4 - HKCU\..\Run: [Asln] "E:\WINDOWS\PPPATC~1\rundll32.exe" -vt yazb

O4 - HKCU\..\Run: [Qzoxllf] E:\Programmi\s?stem32\i?xplore.exe

O4 - HKCU\..\Run: [wtgaq] E:\WINDOWS\System32\bfugpy.exe reg_run

O4 - HKCU\..\Run: [wmwpy] E:\WINDOWS\System32\bxlwxc.exe reg_run

O4 - HKCU\..\Run: [cprocsvc] E:\WINDOWS\System32\crunner\cproc.exe

O4 - HKCU\..\Run: [DeluxeCommunications] E:\Programmi\DeluxeCommunications\Dxc.exe

O4 - HKCU\..\Run: [filgb] E:\WINDOWS\System32\jtanav.exe reg_run

O4 - HKCU\..\Run: [erbwo] E:\WINDOWS\System32\iepenw.exe reg_run

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\WINDOWS\System32\dmonwv.dll

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\Programmi\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O23 - Service: IpManager (IPtable) - Unknown owner - E:\WINDOWS\ipconfg32.exe

O23 - Service: Secure Socket Layer - Unknown owner - E:\WINDOWS\System32\dllcache\ssls.exe

23 - Service: sqldps - Unknown owner - E:\WINDOWS\sqldps.exe

O23 - Service: Video Guard 32 - Unknown owner - E:\WINDOWS\System32\dllcache\videoguard32.exe

23 - Service: Windows Log - Unknown owner - E:\WINDOWS\system32\nvsvcd.exe



Dopo aver fatto questa cosa scannerizza in mod provv con avast! e Adaware Lavasoft, SUPERAntispyware.

OYS
16-01-2007, 20:29
Si immaginavo... Cmq il computer non è mio ma di un mio amico, che ha pensato bene di non installare l'antivirus!!! Grazie, domani gli cancello tutte quelle schifezze e vi riposto hijack this...

OYS
16-01-2007, 20:33
Anche perchè io non avrei mai potuto prendere quelle robe visto che sono un maniaco in sicurezza:avs, spyware terminator(con clamwin integrato), bitdefender,a-squared, ad-aware,spybot,super antispyware, dottor virus, cclear e infine zone allarm...

amvinfe
17-01-2007, 02:21
fossero solo quelle le schifezze presenti nel pc...

scarica antivirpe, lo installerai poi
http://www.free-av.com/down/windows/antivir_workstation_win7u_en_h.exe


scarica http://swandog46.geekstogo.com/avenger.zip servirà per eliminare valori visibili solo grazie alla scansione fatta con Systemscan

Con quest'ordine:

1. Esegui una scansione con HijackThis, metti la spunta al fianco delle voci riportate più sotto, chiudi il browser e non connesso clicca su "Fix checked"

F2 - REG:system.ini: Shell=Explorer.exe, E:\WINDOWS\System32\hbobc.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,cksoafy. exe,ddjfihw.exe,kyxvkck.exe,jinlxct.exe,svvemqg.ex e
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - E:\Programmi\DeluxeCommunications\DxcBho.dll
O4 - HKLM\..\Run: [Winamp Agent] E:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [ebaa1.exe] E:\WINDOWS\TEMP\ebaa1.exe
O4 - HKLM\..\Run: [Update root] fuaxjgrfmrwkln.pif
O4 - HKLM\..\Run: [Protocol Settings] kav32.exe
O4 - HKLM\..\Run: [Local Security Authority Service] E:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] E:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [.nvsvc] E:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [PVModule] E:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [awyxow] E:\WINDOWS\System32\bfugpy.exe reg_run
O4 - HKLM\..\Run: E:\WINDOWS\System32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [DeluxeCommunications] E:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [IpWins] E:\Programmi\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [ilefat] E:\WINDOWS\System32\jtanav.exe reg_run
O4 - HKLM\..\Run: [hvtvnu] E:\WINDOWS\System32\iepenw.exe reg_run
O4 - HKLM\..\RunServices: [Update root] fuaxjgrfmrwkln.pif
O4 - HKLM\..\RunServices: [Protocol Settings] kav32.exe
O4 - HKCU\..\Run: [Asln] "E:\WINDOWS\PPPATC~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Qzoxllf] E:\Programmi\s?stem32\i?xplore.exe
O4 - HKCU\..\Run: [wtgaq] E:\WINDOWS\System32\bfugpy.exe reg_run
O4 - HKCU\..\Run: [wmwpy] E:\WINDOWS\System32\bxlwxc.exe reg_run
O4 - HKCU\..\Run: [cprocsvc] E:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] E:\Programmi\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [filgb] E:\WINDOWS\System32\jtanav.exe reg_run
O4 - HKCU\..\Run: [erbwo] E:\WINDOWS\System32\iepenw.exe reg_run
O4 - Startup: Stardock ObjectDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - E:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\Programmi\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Secure Socket Layer - Unknown owner - E:\WINDOWS\System32\dllcache\ssls.exe
O23 - Service: sqldps - Unknown owner - E:\WINDOWS\sqldps.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner -
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - E:\WINDOWS\update\updmgr.exe
O23 - Service: Video Guard 32 - Unknown owner - E:\WINDOWS\System32\dllcache\videoguard32.exe
O23 - Service: Windows Log - Unknown owner - E:\WINDOWS\system32\nvsvcd.exe

[b]Non riavviare

Loading