Ciao a tutti,
oggi ho provato a fare un file PDF salvandolo da Word con Adobe Acrobat 5.0. Il file sorgente è in HTML e contiene dei link a delle pagine di un sito.
Nel provare i link mi sono accorto che alcuni link indirizzano al sito "http://www.buginword.com" (non andateci sono i soliti siti di ricerca !!!).
Questo sito è molto simile a quelli che reindirizzano i browser ad un sito di ricerca.
Ho provato a fare una scansione con l'antivirus Pandasoftware, ho provato con Spybot e con le varie utility Cwshredder e HijackThis, ma non ho riscontrato nulla di sospetto.
Vi incollo il LOG di HijackThis:
Logfile of HijackThis v1.98.0
Scan saved at 16.18.20, on 05/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\PDesk\PDesk.exe
E:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\Dit.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
E:\WINDOWS\System32\ctfmon.exe
F:\Programmi\RealPopup\RealPopup.exe
F:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\WINDOWS\System32\inetsrv\inetinfo.exe
E:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
E:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\mgabg.exe
F:\Programmi\WinZip\WZQKPICK.EXE
F:\Programmi\Restore Desktop\Restore Desktop.exe
E:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
E:\Programmi\Messenger\msmsgs.exe
E:\WINDOWS\DitExp.exe
E:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
E:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Programmi\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
E:\Programmi\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
E:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
E:\WINDOWS\System32\svchost.exe
f:\Programmi\RealVNC\WinVNC\WinVNC.exe
E:\Programmi\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
E:\Programmi\Internet Explorer\IEXPLORE.EXE
H:\DEPOSITO\SICUREZZA\Remove Utility\Anti Spyware\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - F:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] E:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [MGA_CD_Install] G:\mgasetup.exe /No_Welcome /Lang:Italiano
O4 - HKLM\..\Run: [WinVNC] "f:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "E:\Programmi\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPopup] "F:\Programmi\RealPopup\RealPopup.exe" BOOT
O4 - Startup: Restore Desktop.lnk = F:\Programmi\Restore Desktop\Restore Desktop.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Gestione servizi.lnk = E:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://e:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - F:\Programmi\Star Downloader\sdie.htm
O8 - Extra context menu item: Si&milar Pages - res://e:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/threatinfo/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DC8398-C38F-4E45-863F-B87BC4AAC865}: NameServer = 192.168.0.1
Qualcuno mi può aiutare ????
Grazie
Rispondi quotando