Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Rilevato trojan
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Blacks84
Dio maturo
Dio maturo


Registrato: 26/04/07 14:50
Messaggi: 2446
Residenza: Nelpaese bagnato da tre mari e prosciugato da Tremonti

MessaggioInviato: 09 Dic 2008 15:01    Oggetto: Rilevato trojan Rispondi citando

Ciao gente di PSV!!!!Purtroppo sono passato a trovarvi Evil or Very Mad

Mi son preso un virus, e non quello del raffreddore Mr. Green

Praticamente sul pc da lavoro, c'è sempre stato installato come antivirus ClamWin. Oggi il pc ha iniziato a darmi allarmi! Lo sfondo del desktop è una scritta immensa "WARNING DANGEROUS SPYWARE" che tra l'altro non mi permette di cambiarlo.
Ho fatto fare la scansione all'antivirus, mi ha trovat un paio di figli di trojan (ecco il report)

Codice:

Scan Started Mon Nov 26 15:42:57 2007
-------------------------------------------------------------------------------


----------- SCAN SUMMARY -----------
Known viruses: 170219
Engine version: 0.91.2
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 0
Data scanned: 0.16 MB
Time: 8.015 sec (0 m 8 s)

Scan Started Fri Nov 30 17:30:00 2007
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 35 processes - 374 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFD4A2.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFEF89.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\{DDB79887-2EE1-4EDC-A8B4-FD790F6742A6}.bin, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 171654
Engine version: 0.91.2
Scanned directories: 2477
Scanned files: 35342
Skipped non-executable files: 224
Infected files: 0
Data scanned: 7196.00 MB
Time: 5175.375 sec (86 m 15 s)

Scan Started Fri Jan 11 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 34 processes - 403 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 191320
Engine version: 0.91.2
Scanned directories: 2558
Scanned files: 38970
Skipped non-executable files: 270
Infected files: 0
Data scanned: 7447.73 MB
Time: 5370.813 sec (89 m 30 s)

Scan Started Fri Feb 08 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 32 processes - 371 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 204478
Engine version: 0.92
Scanned directories: 2857
Scanned files: 38568
Skipped non-executable files: 250
Infected files: 0
Data scanned: 7228.99 MB
Time: 3294.484 sec (54 m 54 s)

Scan Started Fri Feb 15 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 34 processes - 405 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\{0B7D030B-AC04-4444-A90F-C13D4A29179E}.bin, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 210964
Engine version: 0.92
Scanned directories: 2882
Scanned files: 36508
Skipped non-executable files: 232
Infected files: 0
Data scanned: 7282.98 MB
Time: 3342.532 sec (55 m 42 s)

Scan Started Fri Feb 22 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 32 processes - 314 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 214485
Engine version: 0.92
Scanned directories: 2885
Scanned files: 36394
Skipped non-executable files: 242
Infected files: 0
Data scanned: 7167.02 MB
Time: 3346.829 sec (55 m 46 s)

Scan Started Fri Feb 29 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 34 processes - 429 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF1989.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF29B0.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF2B34.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF72E5.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0003.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
C:\WINDOWS\Driver Cache\i386\sp2.cab: Trojan.Patched-2 FOUND
C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe: Trojan.Patched-2 FOUND
C:\WINDOWS\ServicePackFiles\i386\sp2.cab: Trojan.Patched-2 FOUND
WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 217792
Engine version: 0.92
Scanned directories: 3308
Scanned files: 39606
Skipped non-executable files: 221
Infected files: 3
Data scanned: 7800.48 MB
Time: 3897.171 sec (64 m 57 s)

Scan Started Fri Mar 07 13:36:53 2008
-------------------------------------------------------------------------------


Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 170704
Engine version: 0.92
Scanned directories: 0
Scanned files: 0
Skipped non-executable files: 0
Infected files: 0
Data scanned: 0.00 MB

Scan Started Fri Apr 11 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 31 processes - 374 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF1645.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF2774.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF288E.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0002.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 246086
Engine version: 0.92
Scanned directories: 3471
Scanned files: 42296
Skipped non-executable files: 325
Infected files: 0
Data scanned: 8293.50 MB
Time: 4111.860 sec (68 m 31 s)

Scan Started Fri Apr 18 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 35 processes - 467 modules ***
 *** Computer Memory Scan Completed ***

WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF83FB.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF9565.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF968A.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0003.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 256858
Engine version: 0.92
Scanned directories: 3481
Scanned files: 42093
Skipped non-executable files: 294
Infected files: 0
Data scanned: 8435.82 MB
Time: 4159.594 sec (69 m 19 s)

Scan Started Fri May 23 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 32 processes - 356 modules ***
 *** Computer Memory Scan Completed ***


----------- SCAN SUMMARY -----------
Known viruses: 293884
Engine version: 0.93
Scanned directories: 3507
Scanned files: 43298
Infected files: 0
Data scanned: 6933.44 MB
Time: 3078.000 sec (51 m 18 s)

Scan Started Fri Jun 06 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***


 *** Scanned 34 processes - 372 modules ***
 *** Computer Memory Scan Completed ***

C:\Programmi\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzpsl01.exe: W32.Virut.Gen.D-165 FOUND
C:\Programmi\ScanSoft\OmniPageSE2.0\xocr32b.exe: W32.Virut.Gen.D-146 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 305005
Engine version: 0.93
Scanned directories: 2946
Scanned files: 32320
Infected files: 2
Data scanned: 5916.59 MB
Time: 2540.047 sec (42 m 20 s)

Scan Started Fri Jul 04 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 37 processes - 407 modules ***
 *** Computer Memory Scan Completed ***


----------- SCAN SUMMARY -----------
Known viruses: 339057
Engine version: 0.93.1
Scanned directories: 3051
Scanned files: 38757
Infected files: 0
Data scanned: 6296.79 MB
Time: 2932.641 sec (48 m 52 s)

Scan Started Fri Jul 11 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 36 processes - 418 modules ***
 *** Computer Memory Scan Completed ***

C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND

----------- SCAN SUMMARY -----------
Known viruses: 346325
Engine version: 0.93.1
Scanned directories: 3071
Scanned files: 41962
Infected files: 2
Data scanned: 6734.09 MB
Time: 3147.188 sec (52 m 27 s)

Scan Started Fri Jul 18 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 35 processes - 382 modules ***
 *** Computer Memory Scan Completed ***

C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND

----------- SCAN SUMMARY -----------
Known viruses: 353839
Engine version: 0.93.1
Scanned directories: 3057
Scanned files: 43981
Infected files: 2
Data scanned: 7289.52 MB
Time: 3257.796 sec (54 m 17 s)

Scan Started Fri Jul 25 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 37 processes - 400 modules ***
 *** Computer Memory Scan Completed ***

C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND

----------- SCAN SUMMARY -----------
Known viruses: 368672
Engine version: 0.93.1
Scanned directories: 3070
Scanned files: 41583
Infected files: 2
Data scanned: 7478.20 MB
Time: 3294.828 sec (54 m 54 s)

Scan Started Fri Aug 01 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 34 processes - 387 modules ***
 *** Computer Memory Scan Completed ***

C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND

----------- SCAN SUMMARY -----------
Known viruses: 377417
Engine version: 0.93.1
Scanned directories: 3110
Scanned files: 43814
Infected files: 2
Data scanned: 7677.30 MB
Time: 3357.157 sec (55 m 57 s)

Scan Started Tue Sep 23 09:49:21 2008
-------------------------------------------------------------------------------

C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFD261.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFE43A.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFEE5.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFEFCD.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFFA0.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0272.tmp: Permission denied
C:\pagefile.sys: Permission denied
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 430820
Engine version: 0.94
Scanned directories: 3134
Scanned files: 43009
Infected files: 2
Data scanned: 7928.53 MB
Time: 3920.047 sec (65 m 20 s)

Scan Started Tue Sep 23 10:57:40 2008
-------------------------------------------------------------------------------


Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 430820
Engine version: 0.94
Scanned directories: 2426
Scanned files: 15185
Infected files: 0
Data scanned: 10348.93 MB

Scan Started Fri Oct 03 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 34 processes - 324 modules ***
 *** Computer Memory Scan Completed ***

C:\pagefile.sys: Permission denied
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 434260
Engine version: 0.94
Scanned directories: 3834
Scanned files: 49219
Infected files: 2
Data scanned: 9497.32 MB
Time: 4148.532 sec (69 m 8 s)

Scan Started Fri Oct 10 17:30:00 2008
-------------------------------------------------------------------------------

 *** Scanning Programs in Computer Memory ***
 *** Memory Scan: using ToolHelp ***


 *** Scanned 35 processes - 380 modules ***
 *** Computer Memory Scan Completed ***

C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF497C.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFDCCF.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFDD84.tmp: Permission denied
C:\pagefile.sys: Permission denied
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 438323
Engine version: 0.94
Scanned directories: 3856
Scanned files: 51403
Infected files: 2
Data scanned: 9608.34 MB
Time: 4656.172 sec (77 m 36 s)

Scan Started Tue Dec 09 11:33:14 2008
-------------------------------------------------------------------------------

C:\autorun.bat: Trojan.Bat.Small-7 FOUND
C:\autorun.inf: VBS.Autorun-15 FOUND
C:\autorun.vbs: VBS.Autorun FOUND
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\autorun.bat: Trojan.Bat.Small-7 FOUND
C:\WINDOWS\system32\autorun.inf: VBS.Autorun-15 FOUND
C:\WINDOWS\system32\autorun.vbs: VBS.Autorun FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 471792
Engine version: 0.94.1
Scanned directories: 4781
Scanned files: 56030
Infected files: 6
Data scanned: 12767.67 MB
Time: 7534.969 sec (125 m 34 s)


dopo di che non mi ha chiesto nessuna operazione di cancellare i file infetti o metterli in quarantena, ma solo di salvare il report. Confused

Non conosco questo antivirus, ho sempre usato avast home edition.
Se mi date una mano vi sarei davvero grato! Very Happy
Top
Profilo Invia messaggio privato MSN
Riverside
Ban a tempo indeterminato
Ban a tempo indeterminato


Registrato: 29/02/08 22:32
Messaggi: 4396
Residenza: Riverside House

MessaggioInviato: 09 Dic 2008 22:18    Oggetto: Re: Rilevato trojan Rispondi citando

Blacks84 ha scritto:
Ciao gente di PSV!!!!Purtroppo sono passato a trovarvi Evil or Very Mad Mi son preso un virus, e non quello del raffreddore Mr. Green
Praticamente sul pc da lavoro, c'è sempre stato installato come antivirus ClamWin. Oggi il pc ha iniziato a darmi allarmi! Lo sfondo del desktop è una scritta immensa "WARNING DANGEROUS SPYWARE" che tra l'altro non mi permette di cambiarlo.
Ho fatto fare la scansione all'antivirus, mi ha trovat un paio di figli di trojan (ecco il report) ......
dopo di che non mi ha chiesto nessuna operazione di cancellare i file infetti o metterli in quarantena, ma solo di salvare il report. Confused
Non conosco questo antivirus, ho sempre usato avast home edition.
Se mi date una mano vi sarei davvero grato! Very Happy

Direi che qual computer è messo malucccio.
Partiamo dal presupposto che in Pronto Soccorso Virus, per principio (e ne capirai le ragioni) non mettiamo, mai, le nostre capaci manine su computer aziendali (come quello di riferimento); il fatto che tu sia un assiduo frequentatore del forum, sotto questo aspetto non comporta alcun vantaggio specifico.
L'unico suggerimento che posso darti è quello di contattare il Servizio di Assistenza e segnalare la questione.
A meno che, il padrone del vapore sia tu, allora il discorso cambia Wink
Top
Profilo Invia messaggio privato
Blacks84
Dio maturo
Dio maturo


Registrato: 26/04/07 14:50
Messaggi: 2446
Residenza: Nelpaese bagnato da tre mari e prosciugato da Tremonti

MessaggioInviato: 16 Dic 2008 18:05    Oggetto: Rispondi

Non lo avevo letto da nessuna parte il fattore dei pc aziendali, forse perche frequento poco il PSV (per fortuna).
Diciamo che il padrone del vapore sono io, ma comunque sia avevo risolto in un paio d'ore senza problemi e senza contattare l'assistenza.
Grazie lo stesso.
Ciao
Top
Profilo Invia messaggio privato MSN
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi