Virus spam....

[Lord87]

Ogni qual volta apro pagine internet..mi apre un'altra pagina,di spam..non so come risolvere il problema..ho spybot,antivir e ogni tanto quando si aprono queste pagine antivir mi avverte di un virus html script..come posso fare?ho utilizzato anke kaspersky online scanner ma niente poca roba..

[Deifobe]

ciao,
scarica SystemScan
disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.

[Lord87]

http://www.savefile.com/files/1925871

eccolo..

[Lord87]

ho provato a seguire la guida per la rimozione di malware ecc..ho provato con avg e ha trovato 6 trojan...mentre ad aware si blocca effettuando la scansione..:S

[Deifobe]

ciao, sto guardando il rapporto...
dovessi collegarti, per ora non toccare nulla, appena finisco ti posto la prcedura

[Deifobe]

Scarica Avenger

In un file di testo copia/incolla:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"rundtl32"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

[-HKEY_CLASSES_ROOT\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]

[-HKEY_CLASSES_ROOT\CLSID\{2fd24415-ac26-4594-820a-23004af875f5}]
;

nome: fix.reg
tipo di file: file di testo
chiudi il file


Esegui avenger e nella finestra che si apre copia/incolla:

files to delete:
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winsHEsBewN.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winefPBnqCl.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winMAIzKAkWTOdQ .exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winbnshb.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winnP0NzYdKiI.e xe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\wingPNnqr.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winl2Ye60B.exe
C:\WINDOWS\system32\pejoyawa
C:\WINDOWS\system32\anifiwil.ini
C:\WINDOWS\system32\liwifina.dll
C:\WINDOWS\system32\ligutafo.dll
C:\WINDOWS\system32\obarezes.ini
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\sezerabo.dll
C:\WINDOWS\system32\miwajiho.dll
C:\WINDOWS\system32\eyotahif.ini
C:\WINDOWS\system32\jejowada.dll
C:\WINDOWS\system32\fihatoye.dll
C:\WINDOWS\system32\oserepov.ini
C:\WINDOWS\system32\vopereso.dll
C:\WINDOWS\system32\kenahozi.dll
C:\WINDOWS\system32\okariroz.ini
C:\WINDOWS\system32\jutepeso.dll
C:\WINDOWS\system32\zorirako.dll
C:\WINDOWS\system32\TDSSvvbj.log
C:\WINDOWS\system32\TDSSnmxh.dll
C:\WINDOWS\system32\TDSShrxr.dat
C:\WINDOWS\system32\TDSSlxcp.dll
C:\WINDOWS\system32\TDSSmtvd.dat
C:\WINDOWS\system32\rokeyuki.dll
c:\windows\system32\miwajiho.dll
C:\WINDOWS\rundtl32.exe
c:\windows\system32\miwajiho.dll
C:\WINDOWS\system32\yetuheke.dll
C:\WINDOWS\system32\gavapufa.dll

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | CPMfbeb6465
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hujidiveja
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler | {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\Browser Helper Objects\{2fd24415-ac26-4594-820a-23004af875f5}

registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato in c:\avenger

Esegui Hijackthis, clicca sul tasto "Do a system scan only", spunta le seguenti voci (se ancora presenti) e clicca su "fix Checked"

O2 - BHO: (no name) - {2fd24415-ac26-4594-820a-23004af875f5} - C:\WINDOWS\system32\gavapufa.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CPMfbeb6465] Rundll32.exe "c:\windows\system32\miwajiho.dll",a
O4 - HKLM\..\Run: [hujidiveja] Rundll32.exe "C:\WINDOWS\system32\rokeyuki.dll",s
O4 - HKCU\..\Run: [rundtl32] C:\WINDOWS\rundtl32.exe /after
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O20 - AppInit_DLLs: karna.dat c:\windows\system32\miwajiho.dll,C:\WINDOWS\system 32\yetuheke.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\miwajiho.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\miwajiho.dll


posta un nuovo systemscan

ciao

[Lord87]

eccomi..accidenti stasera ho fatto l'update con spybot e mi ha eliminato varie voci..una decina di trojan..mentre cn avg ne ha eliminato 6..ora vediamo sto provando a navigare ma nn mi sembra ci siano pagine spam...che faccio eseguo lo stesso la procedura?attendo risposta..grazie molto gentile ..cmq tra le voci del secondo file che hai postato riconosco alcuni file con estensione dll che spybot ha riconosciuto come virus ed ha eliminato..

[Deifobe]

tu che dici?

io direi di eseguirla, eccetto tu non sia certo che li abbia eliminati tutti

(....oppure... eccetto tu non ne voglia conservare qualcuno nel pc... non si sa mai )

[Lord87]

Certo ora eseguo Agli ordini

[Lord87]

Ho eseguito tutto..Ecco il report di avenger..

"Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winsHEsBewN.ex e" not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winsHEsBewN.ex e" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winefPBnqCl.ex e" not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winefPBnqCl.ex e" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winMAIzKAkWTOd Q.exe" not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winMAIzKAkWTOd Q.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winbnshb.e xe" not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winbnshb.e xe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winnP0NzYdKiI. exe" not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winnP0NzYdKiI. exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\wingPNnqr. exe" not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\wingPNnqr. exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winl2Ye60B.exe " not found!
Deletion of file "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\winl2Ye60B.exe " failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\pejoyawa" deleted successfully.

Error: file "C:\WINDOWS\system32\anifiwil.ini" not found!
Deletion of file "C:\WINDOWS\system32\anifiwil.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\liwifina.dll" deleted successfully.
File "C:\WINDOWS\system32\ligutafo.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\obarezes.ini" not found!
Deletion of file "C:\WINDOWS\system32\obarezes.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\~.exe" not found!
Deletion of file "C:\WINDOWS\system32\~.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\sezerabo.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\miwajiho.dll" not found!
Deletion of file "C:\WINDOWS\system32\miwajiho.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\eyotahif.ini" not found!
Deletion of file "C:\WINDOWS\system32\eyotahif.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\jejowada.dll" not found!
Deletion of file "C:\WINDOWS\system32\jejowada.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\fihatoye.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\oserepov.ini" not found!
Deletion of file "C:\WINDOWS\system32\oserepov.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\vopereso.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\kenahozi.dll" not found!
Deletion of file "C:\WINDOWS\system32\kenahozi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\okariroz.ini" not found!
Deletion of file "C:\WINDOWS\system32\okariroz.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\jutepeso.dll" deleted successfully.
File "C:\WINDOWS\system32\zorirako.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\TDSSvvbj.log" not found!
Deletion of file "C:\WINDOWS\system32\TDSSvvbj.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\TDSSnmxh.dll" deleted successfully.
File "C:\WINDOWS\system32\TDSShrxr.dat" deleted successfully.
File "C:\WINDOWS\system32\TDSSlxcp.dll" deleted successfully.
File "C:\WINDOWS\system32\TDSSmtvd.dat" deleted successfully.

Error: file "C:\WINDOWS\system32\rokeyuki.dll" not found!
Deletion of file "C:\WINDOWS\system32\rokeyuki.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\miwajiho.dll" not found!
Deletion of file "c:\windows\system32\miwajiho.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\rundtl32.exe" deleted successfully.

Error: file "c:\windows\system32\miwajiho.dll" not found!
Deletion of file "c:\windows\system32\miwajiho.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\yetuheke.dll" deleted successfully.
File "C:\WINDOWS\system32\gavapufa.dll" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|CPMfbeb6465" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|hujidiveja" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\SharedTaskScheduler|{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" deleted successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\Browser Helper Objects\{2fd24415-ac26-4594-820a-23004af875f5}" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\Browser Helper Objects\{2fd24415-ac26-4594-820a-23004af875f5}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
"