PDA

Visualizza la versione completa : SMSS.EXE in C:\WINDOWS\SYSTEM


fmortara
27-08-2005, 13:54
Salve,
ho questo file che si carica in avvio come l'omonimo in system32 (questo il gestore delle sessioni di Windows) e manda decine di mail che pubblicizzano il VIAGRA O IL CIALIS....

NORTON (2004 e 2005), AD-AWARE, SPY-SWEEPER non lo riconoscono, sapete come fare per segnalarlo a symantec ed affini?

Grazie mille!

PS. Attenzione SMSS.exe un file di WinXP corretto in C:\WINDOWS System32\ mentre quello in C:\Windows\system un virus.

saluti
Francesco

Habanero
27-08-2005, 15:53
qui una procedura generale. solo se non risolvi posta un log di Hijackthis (per favore segui bene le istruzioni per il suo utilizzo).

Amido
20-06-2007, 09:33
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8.29.22, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
C:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\oraclexe\app\oracle\product\10.2.0\server\bin\O RACLE.EXE
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
D:\Oraclexe\app\oracle\product\10.2.0\server\BIN\t nslsnr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\MultiRes\MultiRes.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\AME\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=203.144.144.164:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MultiRes] C:\Programmi\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Anti-Blaxx Manager] G:\Programmi\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Virtual PDF Printer] D:\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FlashMute] d:\Programmi\FlashMute\FlashMute.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C853FA-9F2B-4E7A-813B-C4832C98F537}: NameServer = 62.101.81.80
O20 - Winlogon Notify: h618 - C:\WINDOWS\g5551796.dll (file missing)
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Windowz Updater - {259BA022-2005-45E9-A965-10EDB9C00618} - C:\WINDOWS\g5551796.dll (file missing)
O22 - SharedTaskScheduler: g322 - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\Programmi\Apache Group\Apache2\bin\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\Oraclexe\app\oracle\product\10.2.0\server\BIN\o mtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - d:\oraclexe\app\oracle\product\10.2.0\server\bin\O RACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - D:\Oraclexe\app\oracle\product\10.2.0\server\bin\O raClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - D:\Oraclexe\app\oracle\product\10.2.0\server\BIN\t nslsnr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8135 bytes



Ho provato a rimuoverlo come consigliato l ma non viene riconosciuto purtroppo, mi sapete dare una mano?
Ho utilizzato Avast, AVG antispyware (vecchio Ewido), Ad-Aware, CCcleaner, ATF-Cleaner, e bestemmie varie :) Scansione con Kaspersky online, e con Panda antivirus

tecnico24
20-06-2007, 12:44
Proviamo a vedere intanto un log di questo programma
http://noahdfear.geekstogo.com/FindAWF.exe

amvinfe
20-06-2007, 13:00
Originariamente inviato da Amido

Ho provato a rimuoverlo come consigliato l ma non viene riconosciuto purtroppo, mi sapete dare una mano?
Ho utilizzato Avast, AVG antispyware (vecchio Ewido), Ad-Aware, CCcleaner, ATF-Cleaner, e bestemmie varie :) Scansione con Kaspersky online, e con Panda antivirus Ciao Amido,
hai ripreso una discussione vecchia di 2 anni.

Hai provato a rimuovere cosa?!?

Se intendevi il file smss.exe allora verifica che la directory dove presente sia (su sistema XP) C:\Windows\System32\ in questo caso un file legittimo, come del resto gi spiegato all'interno di questo 3d.


NB
Per cortesia non riprendete discussioni vecchie di 2 anni ma apritene una nuova spiegando nei dettagli problemi ed eventuali procedure gi attuate.

Se ritieni di non aver risolto, apri una nuova discussione.

Grazie

Loading