Olimpo Informatico

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

salve a tutti,ho fatto una scansione on line,e mi ha trovato qualche infezione.siccome il programma gratis non ti permette di eliminare i virus trovati volevo sapere come eliminarli.uso xp,e zone alarm come firewall.allego cmq il log di totalscan grazie.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-03-11 10:48:01
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.518 7.5.518 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{03D19626-7A21-444B-BCA5-BFAE3E0A828A}\RP1048\A0197849.exe[ComboFix\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{03D19626-7A21-444B-BCA5-BFAE3E0A828A}\RP1048\A0197849.exe[ComboFix\nircmd.com]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

il log di kaspersky,dice che nn ci sono infezioni pero' ha trovato alcuni ogggetti locked,e skipped.ma nn so cosa significa.posto il log se qualcuno puo' dare un'okkiata.grazie

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 12, 2008 1:24:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/03/2008
Kaspersky Anti-Virus database records: 625083
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61971
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:42:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Utente\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Cronologia\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\activitylog.dat Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\Working\database_4CE0_C2ED_E0C2_DC78\dfsr.db Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\Working\database_4CE0_C2ED_E0C2_DC78\fsr.log Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\Working\database_4CE0_C2ED_E0C2_DC78\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\francomancuso1@email.it\SharingMetadata\Working\database_4CE0_C2ED_E0C2_DC78\tmp.edb Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\francomancuso1@email.it\real\members.stg Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\francomancuso1@email.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF6E11.tmp Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF6E37.tmp Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF7FC1.tmp Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Temp\~DF81A2.tmp Object is locked skipped
C:\Documents and Settings\Utente\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Utente\ntuser.dat Object is locked skipped
C:\Documents and Settings\Utente\ntuser.dat.LOG Object is locked skipped
C:\Programmi\eMule\Temp\002.part Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{03D19626-7A21-444B-BCA5-BFAE3E0A828A}\RP1075\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\OEMCOMPUTER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\ZLT01a79.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{03D19626-7A21-444B-BCA5-BFAE3E0A828A}\RP1075\change.log Object is locked skipped

Scan process completed.

bdoriano · Inviato: 13 Mar 2008 18:20 Oggetto:

Per cancellare i files infetti presenti nella System Volume Information, Disabilita il ripristino di sistema.

A parte quello che ti viene segnalato da Total Scan, riscontri problemi nell'uso del pc?

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

grazie tanto bdoriano,devo solo disattivare il ripristino di sistema?o devo seguire tutta la procedura del link che mi hai mandato?non dovrei infine riattivarlo?il pc va abbastanza bene,forse e' un po lento.aspetto notizie.grazie ancora.

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

c'e' da dire che avg non mi trova piu' nessun file infetto,solo kaspersky trovava questi file definendoli locked e skipped.

bdoriano · Inviato: 13 Mar 2008 22:12 Oggetto:

I locked sono files bloccati da altri processi che non può analizzare e, quindi, li salta (skip).

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

grazie per la rapidita',quindi disattivo il ripristino di sistema,e con che programma faccio la scansione per eliminare i virus?va bene avg?anche se l'untima scansione fatta oggi non riscontrava virus?solo kaspersky li trovava,ma kaspersky non permette la rimozione virus.quindi come procedo?

bdoriano · Inviato: 13 Mar 2008 22:28 Oggetto:

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

tutto chiaro.l'ho disabilitato,ho riavviato e l'ho riattivato.spero sia giusto.

volevo in oltre chiederti:zone alarm mi chiede l'accesso a internet da parte di qusti files: lsa shell (appl. isass.exe) e sadhlp.dll io nego l'accesso ma mi piacerebbe sapere di cosa si tratta,posso concedere l'accesso a internet?
ti ringrazio tanto ciao

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

bitdefender ha trovato questo e' tutto ok?

BitDefender Online Scanner

Scan report generated at: Thu, Mar 13, 2008 - 23:27:24

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time

00:36:20

Files

82544

Folders

6159

Boot Sectors

3

Archives

781

Packed Files

645

Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

33998

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

3

Archive plugins

10

Unpack plugins

3

E-mail plugins

1

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\WINDOWS\system32\ActiveScan\pskahk.dll

Infected with: Generic.Malware.SIMDWYNVdprn.51496DA0

C:\WINDOWS\system32\ActiveScan\pskahk.dll

Disinfection failed

C:\WINDOWS\system32\ActiveScan\pskahk.dll

Deleted

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

ok tutto pulito,ho fatto un'altra scansione con bitdefender e non ha trovato nulla.
l'ultima curiosita riguarda zone alarm, mi chiede l'accesso a internet da parte di qusti files: lsa shell (appl. isass.exe) e sadhlp.dll io nego l'accesso ma mi piacerebbe sapere di cosa si tratta,posso concedere l'accesso a internet?
ti ringrazio tanto ciao[/quote]