file xbkmo.exe

[1_1_enrico_1_1]

Ciao,

Chi sa che cosa fa il file xbkmo.exe, l'ho visto nei processi in Task Manager. Il file si trova in impostazioni locali

[darksoullight88]

fai una ricerca nel pc e vedi dove si trova,poi controllalo su virustotal.com.

[1_1_enrico_1_1]

Il risultato ottenuto è 4/41

a-squared 4.5.0.43 2009.12.08 Trojan.Win32.Skintrim!IK
Authentium 5.2.0.5 2009.12.02 W32/Skintrim.1!Generic
F-Prot 4.5.1.85 2009.12.07 W32/Skintrim.1!Generic
Ikarus T3.1.1.74.0 2009.12.08 Trojan.Win32.Skintrim

Ho poi analizzato anche 3 file xbkmo.dat e hanno dato come risultato 0/41. Secodo te lo eliminio?



Ecco il risultato con precisione:

a-squared 4.5.0.43 2009.12.08 Trojan.Win32.Skintrim!IK
AhnLab-V3 5.0.0.2 2009.12.08 -
AntiVir 7.9.1.102 2009.12.08 -
Antiy-AVL 2.0.3.7 2009.12.07 -
Authentium 5.2.0.5 2009.12.02 W32/Skintrim.1!Generic
Avast 4.8.1351.0 2009.12.08 -
AVG 8.5.0.426 2009.12.08 -
BitDefender 7.2 2009.12.08 -
CAT-QuickHeal 10.00 2009.12.08 -
ClamAV 0.94.1 2009.12.08 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.08 -
eSafe 7.0.17.0 2009.12.07 -
eTrust-Vet 35.1.7163 2009.12.07 -
F-Prot 4.5.1.85 2009.12.07 W32/Skintrim.1!Generic
F-Secure 9.0.15370.0 2009.12.07 -
Fortinet 4.0.14.0 2009.12.08 -
GData 19 2009.12.08 -
Ikarus T3.1.1.74.0 2009.12.08 Trojan.Win32.Skintrim
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.913 2009.12.07 -
Kaspersky 7.0.0.125 2009.12.08 -
McAfee 5825 2009.12.07 -
McAfee+Artemis 5825 2009.12.07 -
McAfee-GW-Edition 6.8.5 2009.12.08 -
Microsoft 1.5302 2009.12.08 -
NOD32 4668 2009.12.07 -
Norman 6.03.02 2009.12.07 -
nProtect 2009.1.8.0 2009.12.08 -
Panda 10.0.2.2 2009.12.08 -
PCTools 7.0.3.5 2009.12.08 -
Prevx 3.0 2009.12.08 -
Rising 22.25.01.03 2009.12.08 -
Sophos 4.48.0 2009.12.08 -
Sunbelt 3.2.1858.2 2009.12.08 -
Symantec 1.4.4.12 2009.12.08 -
TheHacker 6.5.0.2.088 2009.12.07 -
TrendMicro 9.100.0.1001 2009.12.08 -
VBA32 3.12.12.0 2009.12.08 -
ViRobot 2009.12.8.2075 2009.12.08 -
VirusBuster 5.0.21.0 2009.12.07 -




Informazioni addizionali
File size: 322560 bytes
MD5...: dd0daa8144effac2c205a1328acf6a15
SHA1..: ebe0822f8566f0adb83bfa2bc154547260c74d86
SHA256: c7df8b0332d58ab0c8d94758e21b66803148760efd01ec461e 55c5f612ab2dd5
ssdeep: 61443FF86aWdvJPPwjdzqxuQOAPfK7XHsf/+hOzEIu6FqinZpHdvKaLhJAdu
0rsSjsnh4IumpQa
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3000
timedatestamp.....: 0x45a1a72a (Mon Jan 08 02:06:34 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x21f6 0x2200 6.02 3ea8f20ff2930de8b1b9597843f1976a
.rdata 0x4000 0x2cec 0x2e00 6.53 a94b1e7cbb336f48707c933009f710fc
.data 0x7000 0x47138 0x47200 7.07 e7a4fc9e309b271926326acd521709ac
.rsrc 0x4f000 0x2498 0x2600 3.37 88b35e0a62a5146a90a791ec5d7aed70

( 7 imports )
> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegDeleteValueA
> OLEAUT32.dll: -, -
> GDI32.dll: BitBlt, DeleteObject, CreateSolidBrush, CreateCompatibleDC, GetStockObject
> USER32.dll: FillRect, MapWindowPoints, BeginPaint, GetSystemMetrics, GetWindowRect, PostMessageA, ReleaseCapture, SetWindowLongA, EndDialog, SetWindowTextA, SetTimer, CreateWindowExA, GetDlgItem, ScreenToClient, LoadCursorA, LoadIconA, SetForegroundWindow, MessageBoxA, GetSysColor, DrawTextA, GetFocus, SetCursor, GetWindowLongA, IsWindowEnabled, RegisterClassA, TranslateMessage, PeekMessageA, EnableWindow, ShowWindow, UpdateWindow, GetParent, GetMessageA, DestroyWindow, GetClientRect, ReleaseDC, GetDC, EndPaint, SetWindowPos, PostQuitMessage, DestroyMenu, CheckMenuItem
> KERNEL32.dll: GetStdHandle, GetConsoleOutputCP, ReleaseMutex, FileTimeToSystemTime, GetFileAttributesA, WaitForSingleObject, GetDriveTypeA, HeapDestroy, GetFileAttributesW, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, LocalAlloc, ExpandEnvironmentStringsA, CreateFileA, SetErrorMode, FreeEnvironmentStringsW, GetLocaleInfoW, GetTempPathA, WideCharToMultiByte, GetStringTypeA, GetSystemTimeAsFileTime, InterlockedExchange, WriteFile, GetTimeZoneInformation, SetStdHandle, HeapReAlloc, GetStringTypeW, SetFileAttributesA, SetEvent, LocalFree, InitializeCriticalSection, LoadResource, FindClose, InterlockedDecrement, FormatMessageA, OutputDebugStringA, SetLastError, TlsGetValue, lstrlenW, GetModuleFileNameW, IsDebuggerPresent, ExitProcess, GetOEMCP, VirtualAlloc, VirtualFree, FindResourceW, HeapCreate, IsValidCodePage, GetModuleHandleW, GetACP, lstrcpynA, CloseHandle, ReadFile, GetModuleHandleA, TlsFree, MapViewOfFile, RaiseException, GetCurrentThread, InterlockedCompareExchange, GetCommandLineA, HeapSize, GetCommandLineW, LockResource, GetCurrentProcessId, GetEnvironmentStrings, Sleep, GlobalAlloc, GlobalUnlock, GetEnvironmentStringsW, GetThreadLocale, LCMapStringA, GetConsoleCP, GlobalFree, lstrlenA, GetSystemInfo, UnmapViewOfFile, LCMapStringW, LoadLibraryExW, GetLastError, InterlockedIncrement, HeapAlloc, TlsSetValue, GetFileType, CreateEventW, GlobalLock, DuplicateHandle, FindFirstFileW, ResetEvent, LoadLibraryW, FindFirstFileA, lstrcmpA, CreateProcessA, GetProcessHeap, GetProcAddress, DeleteFileW, DeleteFileA, CreateDirectoryA, GetStartupInfoA, LoadLibraryA, GetVersionExA, TlsAlloc, GetTickCount, QueryPerformanceCounter, FreeLibrary, lstrcmpiA, SetHandleCount, EnterCriticalSection, HeapFree, LeaveCriticalSection, GetCurrentThreadId, SetEndOfFile, VirtualQuery, GetVersion, TerminateProcess, SetEnvironmentVariableA, GetSystemDirectoryA, SetUnhandledExceptionFilter, CreateThread, SetFilePointer, CreateMutexA, GetLocalTime, MultiByteToWideChar, UnhandledExceptionFilter, GetModuleFileNameA, FlushFileBuffers
> ole32.dll: CoCreateInstance, CoTaskMemFree, CoInitialize, CoUninitialize
> MSVCRT.dll: _strcmpi, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _XcptFilter, exit, _exit, _controlfp, __set_app_type, _except_handler3, __dllonexit, _onexit, __p__fmode

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: preparedly
copyright....: n/a
product......: colmatage
description..: apost_lico
original name: n/a
internal name: acknowledge
file version.: 7, 2, 4, 6
comments.....: s_accoudera
signers......: -
signing date.: -
verified.....: Unsigned

[bootzenn]

ciao
dai un'occhiata qua:

http://www.microsoft.com/security/po...2%2fWintrim.BX

e poi elimina

[1_1_enrico_1_1]

ok fatto...grazie per l'aiuto