Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Scansione oline con kaspersky!!trovato due file infetti !!un aiuto grazie Opzioni
nudos
Inviato: Saturday, January 12, 2008 11:20:58 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
Ciao rag,come da titolo trovato due sospetti virus come faccio ad eliminarli??

Vi invio rapporto scan completo.

Grazie


Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.ba skipped

C:\Documents and Settings\pasquale\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temp\~DFCAD4.tmp Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temp\~DFCAE0.tmp Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\ntuser.dat Object is locked skipped

C:\Documents and Settings\pasquale\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_520.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




PS:E possibile rimuoverli manualmente???Se e si mi dite come si fa??

1000 grazie
Sponsor
Inviato: Saturday, January 12, 2008 11:20:58 PM

 
monsee
Inviato: Sunday, January 13, 2008 2:23:45 AM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Direi che non sono dei "sospetti": sono davvero virus!
Per farli fuori, usa il tuo antivirus come segue:
1) aggiorna il tuo antivirus a puntino;
2) chiudi la connessione ad Internet;
3) dai una ripulita ai files temporanei di Internet (tramite CCleaner, ad esempio);
4) disabilita il Ripristino configurazione di sistema;
5) riavvia il computer e, al riavvio, vai in Modalità Provvisoria;
6) giunto in Modalità Provvisoria, lancia in scansione del Disco C il tuo antivirus, eliminando tutto quel che di maligno scoverà.
Finito tutto, ritorna in Modalità Normale e riattiva il Ripristino configurazione di sistema (e creati un "punto di ripristini").
nudos
Inviato: Sunday, January 13, 2008 12:31:23 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
monsee ha scritto:
Direi che non sono dei "sospetti": sono davvero virus!
Per farli fuori, usa il tuo antivirus come segue:
1) aggiorna il tuo antivirus a puntino;
2) chiudi la connessione ad Internet;
3) dai una ripulita ai files temporanei di Internet (tramite CCleaner, ad esempio);
4) disabilita il Ripristino configurazione di sistema;
5) riavvia il computer e, al riavvio, vai in Modalità Provvisoria;
6) giunto in Modalità Provvisoria, lancia in scansione del Disco C il tuo antivirus, eliminando tutto quel che di maligno scoverà.
Finito tutto, ritorna in Modalità Normale e riattiva il Ripristino configurazione di sistema (e creati un "punto di ripristini").


Buongiorno monsee,ho fatto tutto quello da te indicato,con scansione antivirus avast risultato,nessun virus!!!

Che faccio??

Ciao e buona domenica
monsee
Inviato: Sunday, January 13, 2008 1:25:56 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Prova a fare, nell'ordine, questi due tentativi:

1) imposta una "scansione all'avvio" del tuo Avast! (ovviamente, che il Ripristino configurazione di sistema sia disabilitato, prima!) e poi riavvia il computer e, al riavvio (Avast! scansionerà il computer senza avviare Windows) guarda un po' se vien rilevato qualcosa. Se vien rilevato, eliminalo senza pietà.
2) se nulla ti vien rilevato nemmeno così, vai a fare una scansione online sul sito di BitDefender oppure su quello di Housecall/TrendMicro (anche qui, potrai eliminare quel che ti verrà rilevato). Se neanche qui ti vien rilevato niente, dovremo prendere in considerazione l'ipotesi che lo scanner online di Kaspersky possa aver sbagliato.
Se invece ti vengono rilevati gli stessi virus, ma non si riesce ugualmente a rimuoverli, allora significa che il tuo Sistema è troppo profondamente infetto e che la sola soluzione è formattare.
nudos
Inviato: Sunday, January 13, 2008 1:38:03 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
monsee ha scritto:
Prova a fare, nell'ordine, questi due tentativi:

1) imposta una "scansione all'avvio" del tuo Avast! (ovviamente, che il Ripristino configurazione di sistema sia disabilitato, prima!) e poi riavvia il computer e, al riavvio (Avast! scansionerà il computer senza avviare Windows) guarda un po' se vien rilevato qualcosa. Se vien rilevato, eliminalo senza pietà.
2) se nulla ti vien rilevato nemmeno così, vai a fare una scansione online sul sito di BitDefender oppure su quello di Housecall/TrendMicro (anche qui, potrai eliminare quel che ti verrà rilevato). Se neanche qui ti vien rilevato niente, dovremo prendere in considerazione l'ipotesi che lo scanner online di Kaspersky possa aver sbagliato.
Se invece ti vengono rilevati gli stessi virus, ma non si riesce ugualmente a rimuoverli, allora significa che il tuo Sistema è troppo profondamente infetto e che la sola soluzione è formattare.



Formattare!!!!Speriamo di no,riprovo a fare tutto quello che mi hai elencato poi ti faro sapere

grazie
nudos
Inviato: Sunday, January 13, 2008 4:10:15 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
Dopo tutti i passaggi da te indicati,risultato di kasperki.

Total number of scanned objects 35528
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:23:25

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\pasquale\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\History\History.IE5\MSHist012008011320080114\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temp\~DF5358.tmp Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temp\~DF5360.tmp Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pasquale\ntuser.dat Object is locked skipped

C:\Documents and Settings\pasquale\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\pasquale\UserData\index.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_528.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


RISULTATO BITDEFEDER.

Statistics

Time
00:14:16

Files
148852

Folders
3307

Boot Sectors
2

Archives
1598

Packed Files
13482




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
889857

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe
Infected with: Trojan.Downloader.Agent.YYA

C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe
Disinfection failed

C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe
Deleted


Cosa devo fare per eliminare questultimo "virus"

Grazie


nudos
Inviato: Sunday, January 13, 2008 4:11:34 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
PS:Con antivirus avast,non a trovato niente!!
nudos
Inviato: Sunday, January 13, 2008 6:01:15 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.ba skipped


Questo tolto con bitdefender,

Con housecal/trendmicro,tolto qualcosa!!!Rifatto scan ed e tok!!!

Con kasperki mi trova solo questo!!!

C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped

PS:Ho trovato la cartella che faccio lo elimino manualmente????

Oppure cosa mi resta da fare??????

Mi rimane solo questo che non saprei cosa e!!
monsee
Inviato: Monday, January 14, 2008 11:15:29 AM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Mi par che BitDefender te l'abbia eliminato, il virus (o meglio: t'ha eliminato tutto il file che conteneva il virus).
La scansione online con Kaspersky, mi pare evidente che serva a poco e niente, dato che non è in grado di rimuovere alcunché. Crea solamente allarme e confusione. Lasciala perdere e basta. Meglio Housecall/TrendMicro e BitDefender. Semmai volessi una "terza opinione", affidati alla scansione online con Nod32 (sul sito di Eset).
Rimuovi pure a mano il file che hai trovato (WinFixer NON fa minimamente parte di Windows: anzi, è un malware).
nudos
Inviato: Monday, January 14, 2008 1:13:38 PM

Rank: AiutAmico

Iscritto dal : 4/2/2006
Posts: 90
Mille grazie monsee,col tuo aiuto risolto alla grande!

Ciao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.