Olimpo Informatico

[zaefich]

Un consiglio da Holifay...

Norton Internet Security.. posso disattivarlo?... perché spesso mi dice di reinstallarlo a causa di errori (dopo che Symantec Emai Proxy mi ha distrutto anche email amiche..)

ho attivati e uso:

Ad-Aware SE Personal
Avast
Norton Utilities Integrator
NTREGOPT
Peer guardian
Spybot
UnHackMe

Copio anche qui sotto il log di HijackThis...

Logfile of HijackThis v1.99.1
Scan saved at 11.31.21, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
C:\Programmi\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\hplampc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\lotus\organize\org5.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 212.227.64.159 www.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmi\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\System32\hplampc.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Ms Spool32] C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/it/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C2D675-A58F-4B10-81EA-7FD9B4D373A4}: NameServer = 212.216.112.112 212.216.172.62
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmi\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Programmi\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Grazie...

[zaefich]

[zaefich]

[Benny]

Più che un consiglio è la mia esperienza... ho acquistato un pc con norton antivirus preinstallato... ancora prima di installare qualsiasi altra cosa, ho pensato bene di rimuoverlo e mettere su qualcosa d'altro: la lista che hai postato mi pare buona, ma lascio ad altri il giudizio su questo.

Personalmente trovo che norton sia poco gestibile e troppo "autoritario". Lascia poche possibilità di interazione all'utente.
Nel rimuoverlo bisogna ricordarsi di togliere anche il live update, che spesso non viene rimosso con il programma principale.

[holifay]

Eh eh, hai meno tool di protezione di quelli che ho io e ti sei preso questo trojan (o almeno credo):

[zaefich]

provo ad andare su www.virustotal.com e mi viene questa pagina..

?ÍÛnÛ8ö9ú?¤X[?/I?Äö M²ÓI[4igç) %Úb#?ªHÙñ,úAûyû{I]|Ë»-6?Ú2Ésã¹Íà?³§×~<'?Jbòñó??w§Äi{Þ½SÏ;»>#ÿx{}yA:®O®s?J®¸HiìyçïâDJeG?7?ÏÝyÏùÔ»þäÝ!®ÛǶj@º¡ �ÑógM1¦étè0é�»$NåpÆÎáá¡A?`d1â(®b6úòîÓç«ë×'¤Mþ?3F>¤1OùÂóB??ä?Æs?3rÐtà°çÏ??Û$LQ?4Ûì[ÁgCçT¤?¥ª}½È?Cókè(v§<äá?Í%SÃwWÚ¯_ï¶;ñF²?&lèܲÅ\ä¡l ?!;J(·?)Åõïáé???-2
Þ[D�-"´?L9Ïð.¸µ¨×??pY£"³JþÄÊo°jD²|Æ?M$h¡"?7°¿å2£?ä?KÅ*7"[ä|©'ÂålÆÁ4P$¤ {tå0ZKA§MÅ°tsÕÇAÂ[?³xèHµ???ì ÔiµH@ål2tðÙ?ætÂÑuõ?6?¡ó{N³?äR?@-a!§?0?kMK!?L(g²? ?¡´�a¸v?;i:¡3üíÂG??'p Þ]Û?3ì³hÒÿJgÔ¬æ
?)÷«tFÏ,k¸1h?(?OÁ¤�%2ãe?u³ÁX? Íé@ÑqÌÈÌ?åCÇ%°8 }ØþÎhÚߣ�Êá_H"??
?=tÈ?Æ|??? ù?ðV¸*báh¦¢Îh@Ë `©ÇÓ�ÝM\@3Õ&âàÂÀ£ð 5?þÚ±?gL8B!q¹�¥'QEÀko%)$È3?`å­¬ HºI c´XJÁÒ§7?δ ;??È?ÊERm¡
úïR°«£??4?bç,`YG'h?à?@ ôÉÒÀh:
?<£¹ò�R;¤?ßPç$?©????­d}Îé£%ó
Í3?,ÙmRï?X74">3zP¼?&ÖѯéXfÇä¾/{{PH_�þ?!(n=7?@??±?� *³:¹?©£ª¦lÿ5ÿ?fè°p9åÅ?Q´üiô?\?ò¿à¹Óm^þ ?!Î?� ??h?+sÄãxV�ȵªk?\B:},c4kÒÓ?· k¦öTÄåËcòÆ¥($3tü¤`@÷vYºÛÜ,ÀÃE?¾Ë£M?í:£3KM±Ê??ø?lZäÕU?¿?¼¡??{4'¶siö·±Ú#¼ºXáqgEåÚÙ+EÈb?`&³?¸bi?t-Ï|B4».ú©k­Ã5g?dw÷%ù'¡1ËÕÞî{a"?Ô^ÀÂ_`ó8gªÈS2¡±dÇß ?/?°²Þhan �E,·B?ïÖÊ ???X½4Í{ÝÂ~!¦sÈÎ9Y?"'�÷9Tþwl ²{+I82)R]¿?±?«½(3_Ø?µæî?§7¸-¸óÜx?»xÞ?níêv·µ;ç¡??û]¿e«ÄÞ¾ß?âpØñ[1?(üÒ"?ÇÐv S
Ñ| !?¬A!÷Êý¥?ùüÙw¼Áªî}r1K £Î«ýÃõ¶ÛïbK?ðPÕuW ÛIY¬]dN#ì Äø+ø?Ù ?2(ýiµ¡¶']?ÅðutÖ}uzöæà¼}r~pÖît?IûðàÍëv¿ßßßïí÷}øCÚ!ÃB¾?#pÝi,hè&.O÷/dÅØ?6#¸�Óó?&ïɹþvaédQ?õi¿å·º­Zö^¯ïÔ2w;º�5P[á&bÆY?þ<­á =zh¬?|+ W 
j<À?±N ?© ?¥Ï:¿,.À?áî§l©¤^½»¼¯ì?¶³êiVô?ÑØ&Õ¢�®x^½? ¬ú%î?¤ÕócAD·?�é×MàfûáxûöCÈ-nÜ3' ®îÊL� ?®EF®YJö.¨T¤Û'o!ÇË?äè¨L "?¸?Áãú·ÿkKï#©Òæz~×?ð�©[y¥ñ«ãßtûQiG;Úü?5úÆýü(3ßÂæý²W?°Óð? ??EÞm§}h»??È?í®/?²?2cè±cÒ_«ËÖ²ÝÒä??§nDî=ýç,¥Ñ²Är?ËZþ×7»?ºÄ ?îÎè?*(^VTGu?ß3&QëÂbä¸�?Ûõý?U�T9Äh*?:à ?P?©â;pªÑ Æ?[l?é²:YÓ?¹Y:­TØéÔÄç:ÍÙ)?dÑòì»Ý'ÉsR@ Åc?~vúúó?þ4+ú³S=û?z×G(¿oVë3þáño�h±v^�?¼?î¯ÄeÎYø?l·þ×ä¡w¬z@B% ÁÜxj|Z=pU=e¨áV~¢/ô�?Ã}Þc³(Vi­vÔre$M³8${óÇ hW8?õ??@H!s0_4µ°?¡V%M2c?h?'_ HN|ñ²b¿?àD)D[Æp.0 ?z#
cÖDÙ]À .íøäò Ê?#lmÖ??jtÌØ1¾`?1bå-½iãö?Ç1sSý?J$§?q¼¨$+Èë?Úo4pÀø ç?Ö=´ SXÇ®5VÉ?/u?K?|*Ó?â 3xf4_?Î3p<ô7?n ?? ç³üi|°?ÅzX`T�³o8?u?C�zhÜ(f==xxD?ÛìÖ2ÎL�][1UÇäw
z<j¼?À£´<grDõ:?� 3C¬U?öèèÁðÐý1áÁ¸½EèëÅ®= ·ü?W ?þ æ[?pÕôùÇÝÎ1¥'??Öí<%çóo×7åZ)ø*�¢flä­^¢UoÂM^]Éùë/û?ÑúR?¦?ükx³bu®¾e×°P?ôÛþ
`mí3êtoûÝ7®ÐÎ-ë a­Ô÷²6yØêNùÝbÔs½%6?}7=ÐÿgÆè???Ý Í"

e mo'?:..

ps: senza quella faccina che ride però...

[holifay]

Non ho capito: non riesci a collegarti alla pagina o quello è il risultato della scansione?

Eventualmente zippa il file e mandamelo a www.suspectfile.com che lo guardo.

Ciao

[zaefich]

[zaefich]

Norton Internet Security l' ho tolto...

Holifay, pfv... guardando quello che già ho:

Ad-Aware SE Personal
Avast
Norton Utilities Integrator
NTREGOPT
Peer guardian
Spybot
UnHackMe

che altro devo mettere per stare tranquillo?..