Salve
Ho aperto un file eseguibile di un crack scaricato da emule.
Dopo di che inizia a inviare messaggi ripetutamnte e le finestre di scansione dei messaggi in uscita di norton si aprono ininterrottamente
Cosa devo fare?
Grazie
Salve
Ho aperto un file eseguibile di un crack scaricato da emule.
Dopo di che inizia a inviare messaggi ripetutamnte e le finestre di scansione dei messaggi in uscita di norton si aprono ininterrottamente
Cosa devo fare?
Grazie
Scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus.
carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto
Vai su Kaspersky_virusscanner
clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "next"
clicca su "scan settings"
spunta "extended" e dal l'ok
clicca su "my computer"
clicca su "scan settings"
salva e posta il rapporto di scansione
Ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Ciao
Intanto ringrazio infinitamente per l’interessamento
Ho provato una miriade di antivirus ma niente il problema non si risolve, solo zone alarm riesce a bloccare l’invio di ripetute mail visibili tramite le finestre di scansione di norton che occupano ara di lavoro e prestazioni.
Ho fatto quello che mi hai detto;
Questi sono i link di savefile
[url href="http://savefile.com/projects/808655122"]webcenter - SaveFile.com project[/url]
webcenter - SaveFile.com project
[url href="http://savefile.com"]Savefile.com[/url]
Savefile.com
E questo il risultato della scansione:
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 23, 2008 13:48:15
Records in database: 880580
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 520786
Threat name 32
Infected objects 154
Suspicious objects 1
Duration of the scan 08:54:39
File name Threat name Threats count
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\109D1281 Infected: Worm.SymbOS.Comwar.c 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\133C7975 Infected: Worm.SymbOS.Comwar.e 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1360474D Infected: Worm.SymbOS.Comwar.e 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\1364714A Infected: Worm.SymbOS.Comwar.e 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: P2P-Worm.Win32.Insta.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: Trojan-Dropper.Win32.Agent.se 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: Trojan-Downloader.Win32.IstBar.lq 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: not-a-virus:AdWare.Win32.EZula.bg 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\158A0EC0.par Infected: Trojan.Win32.Pakes 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\42D0178C.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.j 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\4B3B2A89 Infected: Worm.SymbOS.Comwar.c 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: P2P-Worm.Win32.Insta.a 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: not-a-virus:RiskTool.Win32.HideWindows 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: Trojan-Dropper.Win32.Agent.se 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: Trojan-Downloader.Win32.IstBar.lq 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: not-a-virus:AdWare.Win32.EZula.bg 1
C:\Documents and Settings\All Users\Dati applicazioni\Symantec\Norton AntiVirus\Quarantine\67D64B9F.par Infected: Trojan.Win32.Pakes 1
C:\Documents and Settings\Io\Desktop\nuovi anti tutto\SpyHunter Security Suite v3.4.9+Crack-HeartBug\altri\Spy Hunter 4.0 (Pc & Key Logger)\Spy Hunter 4.0 (Pc & Key Logger).exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 1
C:\Documents and Settings\Io\Desktop\nuovi anti tutto\SpyHunter Security Suite v3.4.9+Crack-HeartBug\altri\Spy Hunter 4.0 (Pc & Key Logger)\Spy Hunter 4.0 (Pc & Key Logger).exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 1
C:\Documents and Settings\Io\Desktop\utorrent\pdf2word-v3.0.exe Infected: not-a-virus:AdWare.Win32.BHO.uw 1
C:\Documents and Settings\Io\Desktop\utorrent\SpyHunter Security Suite v3.4.9+Crack-HeartBug\altri\Spy Hunter 4.0 (Pc & Key Logger)\Spy Hunter 4.0 (Pc & Key Logger).exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 1
C:\Documents and Settings\Io\Desktop\utorrent\SpyHunter Security Suite v3.4.9+Crack-HeartBug\altri\Spy Hunter 4.0 (Pc & Key Logger)\Spy Hunter 4.0 (Pc & Key Logger).exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 1
C:\Documents and Settings\Io\Desktop\virus mail\Navilog1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Io\Documenti\prog importanti\pdf2word-v3.0.exe Infected: not-a-virus:AdWare.Win32.BHO.uw 1
C:\Documents and Settings\Io\Documenti\strumenti-pc\eliminare windows validate\Eliminare WGA Windows Genuine Advantage Share Accelerator\ShareAcceleratorMM_SSZ11_-1199883398.exe Infected: not-a-virus:AdWare.Win32.Shopper.r 1
C:\Documents and Settings\Io\Documenti\strumenti-pc\eliminare windows validate\Trova Eliminare WGA Windows Genuine Advantage Utilizzando eMule multimedia toolbar\MultiMediaIT11_SS_-1199883403.exe Infected: not-a-virus:AdWare.Win32.Shopper.r 1
C:\Documents and Settings\Io\Documenti\video e dvd-x\DVX Avi Player.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Io\Documenti\video e dvd-x\DVX Avi Player.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa 1
C:\Documents and Settings\Io\Documenti\video e dvd-x\DVX Avi Player.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
C:\Documents and Settings\Io\Impostazioni locali\Dati applicazioni\Identities\{AA55983A-54AC-4AF7-8DB3-18089F0A1DB0}\Microsoft\Outlook Express\Posta inviata.dbx Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Documents and Settings\Io\Impostazioni locali\Dati applicazioni\Identities\{AA55983A-54AC-4AF7-8DB3-18089F0A1DB0}\Microsoft\Outlook Express\Posta inviata.dbx Infected: not-a-virus:AdWare.Win32.BHO.uw 1
C:\Documents and Settings\Io\sjnxduyz.exe Infected: Trojan.Win32.Dialer.brs 1
C:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\Outlook.pst Infected: Trojan-Downloader.Win32.Agent.aep 1
C:\Programmi\Emule-Morph\Incoming\Pinnacle Studio Plus,Dolby 2Ch Encoding Plugin v9.3 0 Serial Keygen\Pinnacle Studio Plus,Dolby 2CH Encoding Plugin v9.3 0.exe Infected: Trojan.Win32.Agent.bnj 1
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content best quality\23_gui_2.exe Infected: Rootkit.Win32.Agent.ajn 1
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content crack(no cd)\23_gui_2.exe Infected: Rootkit.Win32.Agent.ajn 1
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content crack(no cd).rar Infected: Rootkit.Win32.Agent.ajn 1
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content pop music\sash1.exe Infected: not-a-virus:FraudTool.Win32.AntiSpySpider.av 1
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content sex xxx adult\sash1.exe Infected: not-a-virus:FraudTool.Win32.AntiSpySpider.av 1
C:\Programmi\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
F:\documenti\programmini\appl-adware\Setup\Setup.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.j 1
F:\documenti\programmini\appl-adware\Setup\Setup.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.c 1
F:\documenti\programmini\appl-adware\Setup\Setup.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.50003 3
F:\documenti\programmini\appl-adware\Setup\Setup.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 1
F:\documenti\programmini\appl-adware\Setup\Setup.exe Infected: Trojan.Win32.Pakes 1
F:\documenti\programmini\RosoftMediaPlayerFree.exe Infected: not-a-virus:AdWare.Win32.MyWay.ac 1
F:\documenti\programmini\RosoftMediaPlayerFree.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
F:\documenti\programmini\wav mp3 ecc\2_All to All ( MP3, OGG, WMA 8, WAV) converter.zip Suspicious: Packed.Win32.PePatch.dk 1
F:\documenti\utility flash e video\video e dvd-x\DivXPro511Adware.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 1
F:\documenti\utility flash e video\video e dvd-x\DVX Avi Player.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
F:\documenti\utility flash e video\video e dvd-x\DVX Avi Player.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa 1
F:\documenti\utility flash e video\video e dvd-x\DVX Avi Player.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
The selected area was scanned.
Grazie di nuovo
Marco
per ora elimino i 4 indicati come Rootkit.Win32.Agent, i due FraudTool.Win32.AntiSpySpider e il Trojan.Win32.Dialer
scarica Avenger, eseguilo e nerlla finestra copia/incolla:
Spunta "Automatically disable any rootkits found" e clicca su "execute".files to delete:
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content crack(no cd).rar
C:\Documents and Settings\Io\sjnxduyz.exe
folders to delete:
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content crack(no cd)
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content best quality
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content pop music
C:\Programmi\Emule-Morph\Incoming\pinnacle studio premium content sex xxx adult
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato in c:\avenger
Poi, scarica, installa e aggiorna malwarebytes, esegui una scansione completa, elimina i files infetti trovati e posta il rapporto .
ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Grazie per i consigli ho combinato un casino ma va un po' meglio ma trovo sempre virus tra cui uno strano processo su task manager explore.exe
Di seguito il risultato della scansione:
Malwarebytes' Anti-Malware 1.18
Database version: 895
19.39.20 28/06/2008
mbam-log-6-28-2008 (19-39-20).txt
Scan type: Quick Scan
Objects scanned: 48909
Time elapsed: 7 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\gxvpsafm.bxkn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\pntqkflv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\qegbdmwf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Grazie ancora
Ciao
Marco
ok,
esegui nuovamente avenger ed inserisci questo:
clicca su executefiles to delete:
C:\WINDOWS\system32\JQZGFPY.SYS
C:\WINDOWS\BM0b754f41.xml
C:\WINDOWS\BM0b754f41.txt
C:\WINDOWS\system32\orxxlurn.dll
C:\WINDOWS\index.html
registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\MSConfig\startupreg\BM0b754f41
HKLM\system\currentcontrolset\services\jqzgfpy
HKLM\system\controlset001\services\jqzgfpy
HKLM\system\controlset003\services\jqzgfpy
HKLM\system\currentcontrolset\enum\root\legacy_jqz gfpy
HKLM\system\controlset001\enum\root\legacy_jqzgfpy
HKLM\system\controlset003\enum\root\legacy_jqzgfpy
posta un nuovo systemscan
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Permessi di invio
Rispondi quotando