Maledetto trojan e bastioneantivirus.com!

[shine81]

Ciao a tutti, sono un nuovo iscritto sul sito e vi chiedo una mano per un problema che mi perseguita da qlc gg. In poche parole ho beccato un trojan(o quel che lè) che mi si connette ad un sito chiamato bastioneantivirus.com con 2 iconcine in basso a destra, un triangolo giallo con un punto esclamativo e un cerchio rosso con una croce bianca, dando la scrtitta windows is infected... Ho provato un po con tutto, ovvero spybot, ad-aware, norton(figurati...), panda, kaspersky, spywaredoctor,smitfraudfix, hijackthis, insomma ognuno trova qlc ma niente da fare, nn riesco neanche a trovare la fonte del file che parte subito all'avvio (ne dal task manager o gmer). Sul sito di microsoft ho trovato solo una risposta che dice essere un virus piuttosto "nuovo" e nn si sa ancora molto per toglierlo, cosa devo fare????????aiutatemi
GRAZIE!!!!!!!!

[bootzenn]

Ciao

segui la quida
http://forum.html.it/forum/showthrea...hreadid=811189
e posta i risultati delle scansioni on-line e sopratutto di hijack.
dire che hai usato certi strumenti senza relativo log non serve a niente

[shine81]

ok eccol il log di hijack, ricordo solo che tutti i prog che ho usato hanno + o meno eliminato qlc ma niente da fare (tranne norton online che dice va tutto bene), ora provo con kaspersky e vi dico
grazie per l'aiuto






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.31.56, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Winamp\Winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Programmi\Logitech\Video\InstallHelper.exe " /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvgas.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\audiola\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\audiola\MediaManager\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab50997.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab50997.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...18/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBAEC099-C0D4-4349-8ED5-BD2CB8C846C7}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8714 bytes

[bootzenn]

ciao
nel log di hijack non sembra esserci niente di pericoloso solo un paio di cose che non conosco bene, ma prima di eliminarle posta il report di kasper poi puoi provare nanoscan e prevxcsi entrambi molto veloci nella scansione

[shine81]

ciao!
grazie ancora per l'aiuto, ecco il report di kasper, sembra esserci un po di problemi

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 5:40:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545894
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 83465
Number of viruses found: 11
Number of infected objects: 150
Number of suspicious objects: 0
Duration of the scan process: 04:00:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pc\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\pc\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\pc\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\pc\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Cronologia\History.IE5\MSHist01200802022008 0203\index.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kerus@hotmail.it\ SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kerus@hotmail.it\ SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kerus@hotmail.it\ SharingMetadata\Working\database_1ACC_C453_CCC4_2A B9\dfsr.db Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kerus@hotmail.it\ SharingMetadata\Working\database_1ACC_C453_CCC4_2A B9\fsr.log Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kerus@hotmail.it\ SharingMetadata\Working\database_1ACC_C453_CCC4_2A B9\fsrtmp.log Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\kerus@hotmail.it\ SharingMetadata\Working\database_1ACC_C453_CCC4_2A B9\tmp.edb Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\kerus@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\kerus@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Temp\~DF1C62.tmp Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Temp\~DF1CC2.tmp Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Temp\~DFCFA6.tmp Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Temp\~DFD121.tmp Object is locked skipped
C:\Documents and Settings\pc\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\pc\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\UserData\index.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
1 parte

[shine81]

2 parte
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365041.exe Infected: Backdoor.Win32.Webdor.an skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365042.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365043.exe Infected: Trojan.Win32.Dialer.zp skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365044.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365045.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365046.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365047.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365048.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365049.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365050.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365051.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365052.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365053.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365054.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365055.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365056.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365057.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365058.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365059.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365060.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365061.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365062.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365063.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365064.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365065.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365066.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365067.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365068.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365069.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365070.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365071.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365072.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365073.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365074.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365075.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365076.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365077.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365078.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365079.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365080.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365081.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365082.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365083.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365084.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365085.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365086.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365087.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365088.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365089.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped
C:\System Volume Information\_restore{AF6CEDE4-4D66-4F8C-86F4-749689B45F56}\RP761\A0365090.exe Infected: Trojan-Downloader.Win32.Nurech.bd skipped

[bootzenn]

ciao

visto che kasper trova qualcosa di infetto, puoi scaricare la trial di kasper installare aggiornare e fare una scansione cosi potrai rimuovere gli infetti.
hai molti file infetti nel ripristino di sistema, puoi disabilitarlo prima di fare la scansione.

[shine81]

ciao!!

credo di esserci riuscito!!!!!!!!!!!

ho installato kasper e ha trovato un file infetto che poi con una sua procedura ha eliminato

state attenti se vi capita al file DRVGAS.DLL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!, NELLA CARTELLA SYSTEM 32 il bastardo va eliminato!!!!!!!!!!!

kasper sarà allora davvero il migliore??
grazie per l'aiuto, speriamo che il probl nn si ripeta

ciao!!!