Trojan horse agent.IQ su Filecomuni\system\zTT.exe...COME SI ELIMINA?

[facundo80]

AVG mi riporta la presenza di un trojan con questa dicitura:
Trojan horse agent.IQ su C:\Programmi\Filecomuni\system\zTT.exe ma non mi permette di fare nessuna operazione...come posso eliminarlo?Devo formattare il pc?
Grazie

[facundo80]

mmmm...quante risposte...come farò a sceglierne una?

[amvinfe]

scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Vai su http://www.freefilehosting.net carica il file con estensione .zip e scrivi, nella tua prossima replica l'URL per poterlo scaricare.

Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

NB
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così

SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.

--

NB
se non dovessi riuscire a scaricare il programma, portati su http://securityresponse.symantec.com...FixLinkopt.exe
riavvia in modalità provvisoria (tasto F8 al boot) ed avvia il tool.
Riavvia e scarica il primo programma indicato seguendo le altre indicazioni.

[facundo80]

grazie per la risposta, allora non mi fa spuntare "hijackthis log"...ho fatto cmq la scansione e nella cartella suspectfile c'è solo un documento di testo "report"...come mi comporto?

[amvinfe]

se è di testo zippalo e procedi come ho spiegato nel primo post. Le istruzioni sono lì, da leggere.

[facundo80]

Caricato.

http://freefilehosting.net/download/42771
report_1227255119110_2959.zip
report_1227255119110_2959.zip

[facundo80]

e mo'?

[amvinfe]

Originariamente inviato da facundo80
e mo'?

e mo' mi dai il tempo di controllarlo

[amvinfe]

Apri SystemScan>Clicca su "Removal Script".
Allinterno del box bianco copia ed incolla i valori riportati qui sotto

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry values to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t | HFntHT

registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset002\services\S rvBrc
HKLM\system\currentcontrolset\services\SrvBrc

Files to delete:
C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\ucreiogl.exe
C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\up.exe
C:\WINDOWS\system32:c_100wx.nls
C:\WINDOWS\wyemg1.dll
C:\Programmi\File comuni\System\alX.exe
C:\Programmi\File comuni\System\chu.exe
C:\Programmi\File comuni\System\CKFLQV.exe
C:\Programmi\File comuni\System\eDr.exe
C:\Programmi\File comuni\System\EtmsGl.exe
C:\Programmi\File comuni\System\Evb.exe
C:\Programmi\File comuni\System\eWdKe.exe
C:\Programmi\File comuni\System\EWP.exe
C:\Programmi\File comuni\System\Fai.exe
C:\Programmi\File comuni\System\GOCP.exe
C:\Programmi\File comuni\System\gOn.exe
C:\Programmi\File comuni\System\gQq.exe
C:\Programmi\File comuni\System\gVsFq.exe
C:\Programmi\File comuni\System\heS.exe
C:\Programmi\File comuni\System\JjWg.exe
C:\Programmi\File comuni\System\LEo.exe
C:\Programmi\File comuni\System\lNTtS.exe
C:\Programmi\File comuni\System\Mqz.exe
C:\Programmi\File comuni\System\NDa.exe
C:\Programmi\File comuni\System\QdNugW.exe
C:\Programmi\File comuni\System\qjO.exe
C:\Programmi\File comuni\System\RQo.exe
C:\Programmi\File comuni\System\rSg.exe
C:\Programmi\File comuni\System\TFf.exe
C:\Programmi\File comuni\System\wbMoOO.exe
C:\Programmi\File comuni\System\WCk.exe
C:\Programmi\File comuni\System\ZJC.exe
C:\Programmi\File comuni\System\zTT.exe
C:\Programmi\File comuni\System\zZnb.exe

ora clicca su "Proceed with removal" e poi su OK.

Il pc dovrebbe riavviarsi da solo, diversamente riavvialo manualmente

Ora riavvia in modalità provvisoria ed esegui il fix della Symantec visto che sei infetto da LinkOptimizer.
Da alcuni giorni, come mi confermava Deifobe, questo malware è tornato alla ribalta. Speriamo solo non mieta vittime come 2 anni fa.

Portati in C:\ postami il contenuto del log generato da Avenger (avenger.txt), quello del fix Symantec ed un nuovo e questa volta completo SystemScan

[facundo80]

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

C:\WINDOWS\system32:c_100wx.nls: (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 48208
The number of deleted threat files: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 0

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\uusxtowm

*******************

Script file located at: \??\C:\Documents and Settings\ijmtaegv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKEY_LOCAL_MACHINE\system\controlset002\services\S rvBrc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\system\controlset002\services\S rvBrc failed!

Could not process line:
HKEY_LOCAL_MACHINE\system\controlset002\services\S rvBrc
Status: 0xc0000034



Registry key HKLM\system\currentcontrolset\services\SrvBrc not found!
Deletion of registry key HKLM\system\currentcontrolset\services\SrvBrc failed!

Could not process line:
HKLM\system\currentcontrolset\services\SrvBrc
Status: 0xc0000034



File C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\ucreiogl.exe not found!
Deletion of file C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\ucreiogl.exe failed!

Could not process line:
C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\ucreiogl.exe
Status: 0xc0000034



File C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\up.exe not found!
Deletion of file C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\up.exe failed!

Could not process line:
C:\documents and settings\marcello\Menu Avvio\Programmi\Esecuzione automatica\up.exe
Status: 0xc0000034



Could not delete file C:\WINDOWS\system32:c_100wx.nls
Deletion of file C:\WINDOWS\system32:c_100wx.nls failed!

Could not process line:
C:\WINDOWS\system32:c_100wx.nls
Status: 0xc0000033



File C:\WINDOWS\wyemg1.dll not found!
Deletion of file C:\WINDOWS\wyemg1.dll failed!

Could not process line:
C:\WINDOWS\wyemg1.dll
Status: 0xc0000034



File C:\Programmi\File comuni\System\alX.exe not found!
Deletion of file C:\Programmi\File comuni\System\alX.exe failed!

Could not process line:
C:\Programmi\File comuni\System\alX.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\chu.exe not found!
Deletion of file C:\Programmi\File comuni\System\chu.exe failed!

Could not process line:
C:\Programmi\File comuni\System\chu.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\CKFLQV.exe not found!
Deletion of file C:\Programmi\File comuni\System\CKFLQV.exe failed!

Could not process line:
C:\Programmi\File comuni\System\CKFLQV.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\eDr.exe not found!
Deletion of file C:\Programmi\File comuni\System\eDr.exe failed!

Could not process line:
C:\Programmi\File comuni\System\eDr.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\EtmsGl.exe not found!
Deletion of file C:\Programmi\File comuni\System\EtmsGl.exe failed!

Could not process line:
C:\Programmi\File comuni\System\EtmsGl.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\Evb.exe not found!
Deletion of file C:\Programmi\File comuni\System\Evb.exe failed!

Could not process line:
C:\Programmi\File comuni\System\Evb.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\eWdKe.exe not found!
Deletion of file C:\Programmi\File comuni\System\eWdKe.exe failed!

Could not process line:
C:\Programmi\File comuni\System\eWdKe.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\EWP.exe not found!
Deletion of file C:\Programmi\File comuni\System\EWP.exe failed!

Could not process line:
C:\Programmi\File comuni\System\EWP.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\Fai.exe not found!
Deletion of file C:\Programmi\File comuni\System\Fai.exe failed!

Could not process line:
C:\Programmi\File comuni\System\Fai.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\GOCP.exe not found!
Deletion of file C:\Programmi\File comuni\System\GOCP.exe failed!

Could not process line:
C:\Programmi\File comuni\System\GOCP.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\gOn.exe not found!
Deletion of file C:\Programmi\File comuni\System\gOn.exe failed!

Could not process line:
C:\Programmi\File comuni\System\gOn.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\gQq.exe not found!
Deletion of file C:\Programmi\File comuni\System\gQq.exe failed!

Could not process line:
C:\Programmi\File comuni\System\gQq.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\gVsFq.exe not found!
Deletion of file C:\Programmi\File comuni\System\gVsFq.exe failed!

Could not process line:
C:\Programmi\File comuni\System\gVsFq.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\heS.exe not found!
Deletion of file C:\Programmi\File comuni\System\heS.exe failed!

Could not process line:
C:\Programmi\File comuni\System\heS.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\JjWg.exe not found!
Deletion of file C:\Programmi\File comuni\System\JjWg.exe failed!

Could not process line:
C:\Programmi\File comuni\System\JjWg.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\LEo.exe not found!
Deletion of file C:\Programmi\File comuni\System\LEo.exe failed!

Could not process line:
C:\Programmi\File comuni\System\LEo.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\lNTtS.exe not found!
Deletion of file C:\Programmi\File comuni\System\lNTtS.exe failed!

Could not process line:
C:\Programmi\File comuni\System\lNTtS.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\Mqz.exe not found!
Deletion of file C:\Programmi\File comuni\System\Mqz.exe failed!

Could not process line:
C:\Programmi\File comuni\System\Mqz.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\NDa.exe not found!
Deletion of file C:\Programmi\File comuni\System\NDa.exe failed!

Could not process line:
C:\Programmi\File comuni\System\NDa.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\QdNugW.exe not found!
Deletion of file C:\Programmi\File comuni\System\QdNugW.exe failed!

Could not process line:
C:\Programmi\File comuni\System\QdNugW.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\qjO.exe not found!
Deletion of file C:\Programmi\File comuni\System\qjO.exe failed!

Could not process line:
C:\Programmi\File comuni\System\qjO.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\RQo.exe not found!
Deletion of file C:\Programmi\File comuni\System\RQo.exe failed!

Could not process line:
C:\Programmi\File comuni\System\RQo.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\rSg.exe not found!
Deletion of file C:\Programmi\File comuni\System\rSg.exe failed!

Could not process line:
C:\Programmi\File comuni\System\rSg.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\TFf.exe not found!
Deletion of file C:\Programmi\File comuni\System\TFf.exe failed!

Could not process line:
C:\Programmi\File comuni\System\TFf.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\wbMoOO.exe not found!
Deletion of file C:\Programmi\File comuni\System\wbMoOO.exe failed!

Could not process line:
C:\Programmi\File comuni\System\wbMoOO.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\WCk.exe not found!
Deletion of file C:\Programmi\File comuni\System\WCk.exe failed!

Could not process line:
C:\Programmi\File comuni\System\WCk.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\ZJC.exe not found!
Deletion of file C:\Programmi\File comuni\System\ZJC.exe failed!

Could not process line:
C:\Programmi\File comuni\System\ZJC.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\zTT.exe not found!
Deletion of file C:\Programmi\File comuni\System\zTT.exe failed!

Could not process line:
C:\Programmi\File comuni\System\zTT.exe
Status: 0xc0000034



File C:\Programmi\File comuni\System\zZnb.exe not found!
Deletion of file C:\Programmi\File comuni\System\zZnb.exe failed!

Could not process line:
C:\Programmi\File comuni\System\zZnb.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t|HFntHT
Deletion of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t|HFntHT failed!
Status: 0xc0000034

Program C:\Documents and Settings\marcello\Desktop\sys54747.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.