Visualizza la versione completa : SMSS.EXE in C:\WINDOWS\SYSTEM
fmortara
27-08-2005, 13:54
Salve,
ho questo file che si carica in avvio come l'omonimo in system32 (questo è il gestore delle sessioni di Windows) e manda decine di mail che pubblicizzano il VIAGRA O IL CIALIS....
NORTON (2004 e 2005), AD-AWARE, SPY-SWEEPER non lo riconoscono, sapete come fare per segnalarlo a symantec ed affini?
Grazie mille!
PS. Attenzione SMSS.exe è un file di WinXP corretto in C:\WINDOWS System32\ mentre quello in C:\Windows\system è un virus.
saluti
Francesco
Habanero
27-08-2005, 15:53
qui una procedura generale. solo se non risolvi posta un log di Hijackthis (per favore segui bene le istruzioni per il suo utilizzo).
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8.29.22, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
C:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\oraclexe\app\oracle\product\10.2.0\server\bin\O RACLE.EXE
C:\Programmi\Apache Group\Apache2\bin\Apache.exe
D:\Oraclexe\app\oracle\product\10.2.0\server\BIN\t nslsnr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\MultiRes\MultiRes.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\AME\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=203.144.144.164:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MultiRes] C:\Programmi\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Anti-Blaxx Manager] G:\Programmi\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Virtual PDF Printer] D:\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FlashMute] d:\Programmi\FlashMute\FlashMute.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C853FA-9F2B-4E7A-813B-C4832C98F537}: NameServer = 62.101.81.80
O20 - Winlogon Notify: h618 - C:\WINDOWS\g5551796.dll (file missing)
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Windowz Updater - {259BA022-2005-45E9-A965-10EDB9C00618} - C:\WINDOWS\g5551796.dll (file missing)
O22 - SharedTaskScheduler: g322 - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\Programmi\Apache Group\Apache2\bin\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\Oraclexe\app\oracle\product\10.2.0\server\BIN\o mtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - d:\oraclexe\app\oracle\product\10.2.0\server\bin\O RACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - D:\Oraclexe\app\oracle\product\10.2.0\server\bin\O raClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - D:\Oraclexe\app\oracle\product\10.2.0\server\BIN\t nslsnr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 8135 bytes
Ho provato a rimuoverlo come consigliato lì ma non viene riconosciuto purtroppo, mi sapete dare una mano?
Ho utilizzato Avast, AVG antispyware (vecchio Ewido), Ad-Aware, CCcleaner, ATF-Cleaner, e bestemmie varie :) Scansione con Kaspersky online, e con Panda antivirus
tecnico24
20-06-2007, 12:44
Proviamo a vedere intanto un log di questo programma
http://noahdfear.geekstogo.com/FindAWF.exe
Originariamente inviato da Amido
Ho provato a rimuoverlo come consigliato lì ma non viene riconosciuto purtroppo, mi sapete dare una mano?
Ho utilizzato Avast, AVG antispyware (vecchio Ewido), Ad-Aware, CCcleaner, ATF-Cleaner, e bestemmie varie :) Scansione con Kaspersky online, e con Panda antivirus Ciao Amido,
hai ripreso una discussione vecchia di 2 anni.
Hai provato a rimuovere cosa?!?
Se intendevi il file smss.exe allora verifica che la directory dove è presente sia (su sistema XP) C:\Windows\System32\ in questo caso è un file legittimo, come del resto già spiegato all'interno di questo 3d.
NB
Per cortesia non riprendete discussioni vecchie di 2 anni ma apritene una nuova spiegando nei dettagli problemi ed eventuali procedure già attuate.
Se ritieni di non aver risolto, apri una nuova discussione.
Grazie
