|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
Ciao rag,come da titolo trovato due sospetti virus come faccio ad eliminarli??
Vi invio rapporto scan completo.
Grazie
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.ba skipped
C:\Documents and Settings\pasquale\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temp\~DFCAD4.tmp Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temp\~DFCAE0.tmp Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\ntuser.dat Object is locked skipped
C:\Documents and Settings\pasquale\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_520.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
PS:E possibile rimuoverli manualmente???Se e si mi dite come si fa??
1000 grazie
|
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Direi che non sono dei "sospetti": sono davvero virus!
Per farli fuori, usa il tuo antivirus come segue:
1) aggiorna il tuo antivirus a puntino;
2) chiudi la connessione ad Internet;
3) dai una ripulita ai files temporanei di Internet (tramite CCleaner, ad esempio);
4) disabilita il Ripristino configurazione di sistema;
5) riavvia il computer e, al riavvio, vai in Modalità Provvisoria;
6) giunto in Modalità Provvisoria, lancia in scansione del Disco C il tuo antivirus, eliminando tutto quel che di maligno scoverà.
Finito tutto, ritorna in Modalità Normale e riattiva il Ripristino configurazione di sistema (e creati un "punto di ripristini").
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
monsee ha scritto:Direi che non sono dei "sospetti": sono davvero virus!
Per farli fuori, usa il tuo antivirus come segue:
1) aggiorna il tuo antivirus a puntino;
2) chiudi la connessione ad Internet;
3) dai una ripulita ai files temporanei di Internet (tramite CCleaner, ad esempio);
4) disabilita il Ripristino configurazione di sistema;
5) riavvia il computer e, al riavvio, vai in Modalità Provvisoria;
6) giunto in Modalità Provvisoria, lancia in scansione del Disco C il tuo antivirus, eliminando tutto quel che di maligno scoverà.
Finito tutto, ritorna in Modalità Normale e riattiva il Ripristino configurazione di sistema (e creati un "punto di ripristini"). Buongiorno monsee,ho fatto tutto quello da te indicato,con scansione antivirus avast risultato,nessun virus!!! Che faccio?? Ciao e buona domenica
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Prova a fare, nell'ordine, questi due tentativi:
1) imposta una "scansione all'avvio" del tuo Avast! (ovviamente, che il Ripristino configurazione di sistema sia disabilitato, prima!) e poi riavvia il computer e, al riavvio (Avast! scansionerà il computer senza avviare Windows) guarda un po' se vien rilevato qualcosa. Se vien rilevato, eliminalo senza pietà.
2) se nulla ti vien rilevato nemmeno così, vai a fare una scansione online sul sito di BitDefender oppure su quello di Housecall/TrendMicro (anche qui, potrai eliminare quel che ti verrà rilevato). Se neanche qui ti vien rilevato niente, dovremo prendere in considerazione l'ipotesi che lo scanner online di Kaspersky possa aver sbagliato.
Se invece ti vengono rilevati gli stessi virus, ma non si riesce ugualmente a rimuoverli, allora significa che il tuo Sistema è troppo profondamente infetto e che la sola soluzione è formattare.
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
monsee ha scritto:Prova a fare, nell'ordine, questi due tentativi:
1) imposta una "scansione all'avvio" del tuo Avast! (ovviamente, che il Ripristino configurazione di sistema sia disabilitato, prima!) e poi riavvia il computer e, al riavvio (Avast! scansionerà il computer senza avviare Windows) guarda un po' se vien rilevato qualcosa. Se vien rilevato, eliminalo senza pietà.
2) se nulla ti vien rilevato nemmeno così, vai a fare una scansione online sul sito di BitDefender oppure su quello di Housecall/TrendMicro (anche qui, potrai eliminare quel che ti verrà rilevato). Se neanche qui ti vien rilevato niente, dovremo prendere in considerazione l'ipotesi che lo scanner online di Kaspersky possa aver sbagliato.
Se invece ti vengono rilevati gli stessi virus, ma non si riesce ugualmente a rimuoverli, allora significa che il tuo Sistema è troppo profondamente infetto e che la sola soluzione è formattare. Formattare!!!!Speriamo di no,riprovo a fare tutto quello che mi hai elencato poi ti faro sapere grazie
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
Dopo tutti i passaggi da te indicati,risultato di kasperki.
Total number of scanned objects 35528
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:23:25
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pasquale\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\History\History.IE5\MSHist012008011320080114\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temp\~DF5358.tmp Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temp\~DF5360.tmp Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\pasquale\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pasquale\ntuser.dat Object is locked skipped
C:\Documents and Settings\pasquale\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pasquale\UserData\index.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_528.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
RISULTATO BITDEFEDER.
Statistics
Time
00:14:16
Files
148852
Folders
3307
Boot Sectors
2
Archives
1598
Packed Files
13482
Results
Identified Viruses
1
Infected Files
1
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
889857
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe
Infected with: Trojan.Downloader.Agent.YYA
C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe
Disinfection failed
C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe
Deleted
Cosa devo fare per eliminare questultimo "virus"
Grazie
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
PS:Con antivirus avast,non a trovato niente!!
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
C:\Documents and Settings\pasquale\Application Data\setup_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.ba skipped
Questo tolto con bitdefender,
Con housecal/trendmicro,tolto qualcosa!!!Rifatto scan ed e tok!!!
Con kasperki mi trova solo questo!!!
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ce skipped
PS:Ho trovato la cartella che faccio lo elimino manualmente????
Oppure cosa mi resta da fare??????
Mi rimane solo questo che non saprei cosa e!!
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Mi par che BitDefender te l'abbia eliminato, il virus (o meglio: t'ha eliminato tutto il file che conteneva il virus).
La scansione online con Kaspersky, mi pare evidente che serva a poco e niente, dato che non è in grado di rimuovere alcunché. Crea solamente allarme e confusione. Lasciala perdere e basta. Meglio Housecall/TrendMicro e BitDefender. Semmai volessi una "terza opinione", affidati alla scansione online con Nod32 (sul sito di Eset).
Rimuovi pure a mano il file che hai trovato (WinFixer NON fa minimamente parte di Windows: anzi, è un malware).
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2006
Posts: 90
|
Mille grazie monsee,col tuo aiuto risolto alla grande!
Ciao
|
|
|
Guest |
