Saturday, January 08, 2005 12:18:41 PM
Iscritto dal : 6/17/2004
ogni volta che mi connetto mi appare un messaggio di virus (antivirus avast),
provvedo a cancellare ma mi riappare in continuazione con nomi diversi vedi lista:

Ho provato a fare la scansione anche in modalità provvisoria e sia con l'antivirus che con spyboot e lavasoft, ma il problema persiste.
Potete aiutarmi?
grazie luciano

Saturday, January 08, 2005 2:19:23 PM

Iscritto dal : 10/2/2004
Ciao Luciano, prova a fare una scansione antivirus online, ad esempio qui:

clicca sull'immagine dove c'e scritto PandaActiveScan e poi segui le isrizioni che ti da il sito.


Saturday, January 08, 2005 10:01:37 PM

Iscritto dal : 10/5/2000
Posts: 19,132
Per rimuovere i virus devi disattivare il ripristino di configurazione e fare un controllo in modalità provvisoria, segui i consigli indicati in questo articolo
e mancaci il log di hijack se non riesci a risolvere il probelma.

Collaboratore Aiutamici
Monday, January 10, 2005 3:53:15 PM
Iscritto dal : 6/17/2004
ciao alfonso,
ho provato a eseguire tutti i passi indicati senza risolvere il problema.
Di seguito vi allego il log :
grazie luciano

Logfile of HijackThis v1.99.0
Scan saved at 15.51.57, on 10/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Programmi\Alwil Software\Avast4ANTIVIRUS\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4ANTIVIRUS\ashServ.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Alwil Software\Avast4ANTIVIRUS\ashMaiSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\Office\OUTLOOK.EXE
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Directory temporanea 4 per\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programmi\HighCriteria\TotalRecorder\TotRecSched.exe"
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A3D606A-25DE-4AE8-AFFD-2FBD37781A9A}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A3D606A-25DE-4AE8-AFFD-2FBD37781A9A}: NameServer =
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Programmi\Alwil Software\Avast4ANTIVIRUS\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Programmi\Alwil Software\Avast4ANTIVIRUS\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4ANTIVIRUS\ashMaiSv.exe
O23 - Service: Cryptainer service - Unknown - ssoftsrv.exe (file missing)

Iscritto dal : 10/5/2000
Disattiva il ripristino di configurazione, leggi qui come fare

Riavvia il computer in modalità provvisoria

in modalità provvisoria elimina il file <font color=red>blbvt8ie.exe</font id=red> elimina anche la cartella <font color=red>qmdczn</font id=red> che si trovano a questo percorso

sempre in modalità provvisoria fai una scansione ANTIVIRUS, casomai utilizza pure i due programmi di rimozione che si trovano a questo indirizzo

Collaboratore Aiutamici
Iscritto dal : 6/17/2004
Iscritto dal : 6/17/2004
Iscritto dal : 6/17/2004
Salve alfonso,
ho provato ad eseguire quanto mi hai desritto
ma purtroppo avast continua a darmi, solo quando sono connesso, messaggio di file infetto da virus. ma non riesce ad eliminarlo.
Ti mando il Log di avast per vedere se puoi aiutarmi.
Grazie Luciano


02/01/2005 15.07.33 SYSTEM 1516 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
02/01/2005 15.07.33 SYSTEM 1516 An error has occured while attempting to update. Please check the logs.
02/01/2005 15.26.26 SYSTEM 1516 Sign of "Win32:Netsky-C [Wrm]" has been found in "Posta\Messaggi in arrivo\(Subj: dear)\" file.
03/01/2005 8.46.55 SYSTEM 1832 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
03/01/2005 8.46.55 SYSTEM 1832 An error has occured while attempting to update. Please check the logs.
03/01/2005 15.42.28 SYSTEM 1688 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\SYSTEM32\BFDOJCYNYB.DLL" file.
03/01/2005 15.42.43 SYSTEM 1688 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\SYSTEM32\BFDOJCYNYB.DLL" file.
03/01/2005 15.42.46 SYSTEM 1688 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
03/01/2005 15.42.46 SYSTEM 1688 An error has occured while attempting to update. Please check the logs.
03/01/2005 15.42.52 SYSTEM 1688 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\SYSTEM32\LDPOXQFIFHH.DLL" file.
03/01/2005 15.42.54 SYSTEM 1688 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\SYSTEM32\LDPOXQFIFHH.DLL" file.
03/01/2005 15.44.18 SYSTEM 1688 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\RkBVBgba.dll" file.
03/01/2005 16.13.14 Administrator 2776 Sign of "Win32:Trojano-851 [Trj]" has been found in "c:\windows\system32\rkbvbgba.dll" file.
03/01/2005 16.53.11 SYSTEM 2008 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\vkjtIGlvnc.dll" file.
03/01/2005 18.11.01 SYSTEM 1736 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\PqbEyxGIfV.dll" file.
03/01/2005 18.23.25 SYSTEM 1720 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
03/01/2005 18.23.25 SYSTEM 1720 An error has occured while attempting to update. Please check the logs.
03/01/2005 19.08.38 SYSTEM 1720 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\DnuRXufJ.dll" file.
03/01/2005 19.22.44 SYSTEM 1720 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\16493644015" file.
04/01/2005 8.40.29 SYSTEM 1728 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/01/2005 8.40.30 SYSTEM 1728 An error has occured while attempting to update. Please check the logs.
04/01/2005 8.41.55 SYSTEM 1728 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\ritmvFF.dll" file.
04/01/2005 9.30.04 SYSTEM 1728 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\ritmvFF.dll" file.
04/01/2005 15.31.35 SYSTEM 1636 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
04/01/2005 15.31.35 SYSTEM 1636 An error has occured while attempting to update. Please check the logs.
04/01/2005 16.06.01 SYSTEM 1636 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\fJluJCV.dll" file.
05/01/2005 8.41.12 SYSTEM 1640 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/01/2005 8.41.12 SYSTEM 1640 An error has occured while attempting to update. Please check the logs.
05/01/2005 8.53.48 SYSTEM 1640 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\wTdqOkOY.dll" file.
05/01/2005 12.14.10 SYSTEM 1716 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\SoacvyrD.dll" file.
05/01/2005 15.02.32 SYSTEM 1744 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/01/2005 15.02.32 SYSTEM 1744 An error has occured while attempting to update. Please check the logs.
05/01/2005 15.13.32 SYSTEM 1744 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\eskBpIa.dll" file.
05/01/2005 17.39.54 SYSTEM 1744 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/01/2005 17.39.54 SYSTEM 1744 An error has occured while attempting to update. Please check the logs.
05/01/2005 17.49.29 SYSTEM 1744 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
05/01/2005 17.49.30 SYSTEM 1744 An error has occured while attempting to update. Please check the logs.
05/01/2005 17.56.08 Administrator 920 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
05/01/2005 17.57.09 Administrator 920 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\Documents and Settings\Administrator\Impostazioni locali\Temp\\Belt.exe" file.
05/01/2005 17.57.32 Administrator 920 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Administrator\Impostazioni locali\Temp\\bi.dll" file.
05/01/2005 17.57.32 Administrator 920 Sign of "Win32:BiSpy [Trj]" has been found in "C:\Documents and Settings\Administrator\Impostazioni locali\Temp\\biprep.exe" file.
07/01/2005 9.12.29 SYSTEM 1844 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/01/2005 9.12.30 SYSTEM 1844 An error has occured while attempting to update. Please check the logs.
07/01/2005 9.15.12 SYSTEM 1844 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\MsjPXoxX.dll" file.
07/01/2005 15.41.39 SYSTEM 1744 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/01/2005 15.41.40 SYSTEM 1744 An error has occured while attempting to update. Please check the logs.
07/01/2005 15.51.31 SYSTEM 1744 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\HYGvrRNoVrd.dll" file.
07/01/2005 17.09.40 SYSTEM 1736 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/01/2005 17.09.40 SYSTEM 1736 An error has occured while attempting to update. Please check the logs.
07/01/2005 17.11.44 SYSTEM 1736 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\LOOEwwstUwQ.dll" file.
07/01/2005 17.59.14 SYSTEM 1740 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/01/2005 17.59.14 SYSTEM 1740 An error has occured while attempting to update. Please check the logs.
07/01/2005 18.01.44 SYSTEM 1740 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\SLdETdi.dll" file.
07/01/2005 18.43.15 SYSTEM 1740 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
07/01/2005 18.43.15 SYSTEM 1740 An error has occured while attempting to update. Please check the logs.
07/01/2005 18.51.54 SYSTEM 1740 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\SLdETdi.dll" file.
07/01/2005 18.53.17 SYSTEM 1740 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\cepwhABqTv.dll" file.
08/01/2005 8.48.26 SYSTEM 1804 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/01/2005 8.48.26 SYSTEM 1804 An error has occured while attempting to update. Please check the logs.
08/01/2005 9.56.18 SYSTEM 1804 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\RNhCjRkjW.dll" file.
08/01/2005 10.32.20 SYSTEM 1744 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/01/2005 10.32.21 SYSTEM 1744 An error has occured while attempting to update. Please check the logs.
08/01/2005 12.17.42 SYSTEM 1744 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\MyonmVWUaq.dll" file.
08/01/2005 14.56.28 SYSTEM 1824 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
08/01/2005 14.56.28 SYSTEM 1824 An error has occured while attempting to update. Please check the logs.
08/01/2005 15.00.41 SYSTEM 1824 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\eSKBiAtd.dll" file.
08/01/2005 15.38.14 SYSTEM 1824 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\Programmi\Alwil Software\Avast4ANTIVIRUS\DATA\moved\SLdETdi.dll.vir" file.
08/01/2005 15.48.08 SYSTEM 1824 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\eSKBiAtd.dll" file.
10/01/2005 9.05.07 SYSTEM 1812 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2005 9.05.08 SYSTEM 1812 An error has occured while attempting to update. Please check the logs.
10/01/2005 9.10.55 SYSTEM 1812 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\KsGHnwexgWy.dll" file.
10/01/2005 9.23.05 SYSTEM 1740 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2005 9.23.06 SYSTEM 1740 An error has occured while attempting to update. Please check the logs.
10/01/2005 9.24.46 SYSTEM 1740 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\QEXKugkQ.dll" file.
10/01/2005 10.17.27 SYSTEM 1736 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2005 10.17.27 SYSTEM 1736 An error has occured while attempting to update. Please check the logs.
10/01/2005 10.34.07 SYSTEM 1744 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2005 10.34.08 SYSTEM 1744 An error has occured while attempting to update. Please check the logs.
10/01/2005 10.36.19 SYSTEM 1748 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2005 10.36.20 SYSTEM 1748 An error has occured while attempting to update. Please check the logs.
10/01/2005 11.33.29 SYSTEM 1748 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\FNyBRWLfr.dll" file.
10/01/2005 15.50.13 SYSTEM 1748 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/01/2005 15.50.14 SYSTEM 1748 An error has occured while attempting to update. Please check the logs.
10/01/2005 15.52.02 SYSTEM 1748 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\OebeQPi.dll" file.
11/01/2005 8.47.35 SYSTEM 1840 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
11/01/2005 8.47.35 SYSTEM 1840 An error has occured while attempting to update. Please check the logs.
11/01/2005 8.50.16 SYSTEM 1840 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\XsGkpEDjs.dll" file.
11/01/2005 9.13.06 SYSTEM 1740 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
11/01/2005 9.13.06 SYSTEM 1740 An error has occured while attempting to update. Please check the logs.
11/01/2005 9.15.59 SYSTEM 1740 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\xqJeQmI.dll" file.
11/01/2005 15.07.22 SYSTEM 1736 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
11/01/2005 15.07.22 SYSTEM 1736 An error has occured while attempting to update. Please check the logs.
11/01/2005 15.08.35 SYSTEM 1736 Sign of "Win32:Trojano-851 [Trj]" has been found in "C:\WINDOWS\system32\pdOEfrIIOmy.dll" file.

Iscritto dal : 10/5/2000
Se l'antivirus non riesce a rimuovere il virus dalla modalità provvisoria, non rimane che formattare il computer e procurarti un programma Antivirus completo per non avere più di questi problemi, le versioni gratuite non offrono la massima protezione e se vuoi utilizzarli devi essere pronto anche a formattare per quelli che non riesce a bloccare.

Se un sistema e infetto da virus, non serve a nulla installare un antivirus, il virus caricato in memoria, anche se eliminato si autorigenera, quindi se da un controllo in modalità provvisoria non risulta nulla ma il virus ricompare, non c'é altra soluzione che fare piazza pulita.

Collaboratore Aiutamici
