Ciao a tutti. Sto tentando di riportare in vita il pc di un mio amico sul quale era installato il nod32. Dopo mesi di uso "ingenuo" del computer e a seguito di un improvviso spegnimento, mi è stata consegnata una macchina in queste condizioni:
REPORT DI ANTIVIR PERSONAL
Begin scan in 'H:\'
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\10exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\10exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\11exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\17exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\18exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\20exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\23exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\24exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\26exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\2exraoe13.exe
[DETECTION] Is the Trojan horse TR/PSW.AOL.251904
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\31exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\35exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\36exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\37exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\3exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\45exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\48exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\52exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\56exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\57exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\57exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\58exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\64exraoe13.exe
[DETECTION] Is the Trojan horse TR/PSW.AOL.251904
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\66exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\69exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\69exraoe12.exe
[DETECTION] Is the Trojan horse TR/PSW.Agent.251392
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\75exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\75exraoe8.exe
[DETECTION] Is the Trojan horse TR/PSW.AOLPass.I
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\79exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\81exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\82exlc03.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\87exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\89exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\96exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\99exlc02.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.MB.5.A
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\s6974wt.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
[NOTE] The file was deleted!
H:\Documents and Settings\Stefano\Impostazioni locali\Temp\s806wt.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
[NOTE] The file was deleted!
H:\Programmi\7za.exe
[DETECTION] Is the Trojan horse TR/Horse2.JMN
[NOTE] The file was deleted!
!
H:\Programmi\Wingen\conf.dll
[DETECTION] Contains detection pattern of the IRC virus IRC/Wingen
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048443.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048444.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048445.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048448.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048449.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048450.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048529.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP166\A0048530.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.3299
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP196\A0055304.exe
[DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP196\A0055305.exe
[DETECTION] Contains detection pattern of the dropper DR/Prorat.19.I.57
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP196\A0055306.exe
[DETECTION] Contains detection pattern of the dropper DR/Prorat.19.I.57
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP196\A0055307.exe
[DETECTION] Is the Trojan horse TR/Horse2.JMN
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP196\A0055308.exe
[DETECTION] Contains detection pattern of the dropper DR/Drop.Peerad.A.3
[NOTE] The file was deleted!
H:\System Volume Information\_restore{A4772B5A-ECC7-4349-8D24-31BC2D09F254}\RP196\A0055309.dll
[DETECTION] Contains detection pattern of the IRC virus IRC/Wingen
[NOTE] The file was deleted!
(ho messo in evidenza i principali virus in grassetto)
Ho lanciato la scansione con hijackthis che però non ha rilevato particolari voci "a rischio". Il problema è che alcuni di questi virus hanno modificato importanti chiavi di registro. Per esempio tutte le connessioni di rete sono state eliminate. Le periferiche di rete in gestione risorse presentano problemi (con il classico triangolino giallo a indicarne un malfunzionamento). Ho provato ad aggiornare i driver della scheda ethernet o del modem ma il problema persiste e credo che i responsabili siano proprio lo spy.agent e il dr.prorat Tuttavia è difficile farsi un'idea di come questi virus operino a livello di registro perchè anche googlando non ho trovato molte info a riguardo delle suddette infezioni. Sono presenti nel database della definizione virus di Avira ma di più è impossibile sapere. Credete che un aggiornamento al service pack 3 di XP possa ripristinare le voci di registro corrotte e ristabilire il funzionamento delle periferiche di rete?
Rispondi quotando