Precedente :: Successivo |
Autore |
Messaggio |
Blacks84 Dio maturo


Registrato: 26/04/07 14:50 Messaggi: 2446 Residenza: Nelpaese bagnato da tre mari e prosciugato da Tremonti
|
Inviato: 09 Dic 2008 15:01 Oggetto: Rilevato trojan |
|
|
Ciao gente di PSV!!!!Purtroppo sono passato a trovarvi
Mi son preso un virus, e non quello del raffreddore
Praticamente sul pc da lavoro, c'è sempre stato installato come antivirus ClamWin. Oggi il pc ha iniziato a darmi allarmi! Lo sfondo del desktop è una scritta immensa "WARNING DANGEROUS SPYWARE" che tra l'altro non mi permette di cambiarlo.
Ho fatto fare la scansione all'antivirus, mi ha trovat un paio di figli di trojan (ecco il report)
Codice: |
Scan Started Mon Nov 26 15:42:57 2007
-------------------------------------------------------------------------------
----------- SCAN SUMMARY -----------
Known viruses: 170219
Engine version: 0.91.2
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 0
Data scanned: 0.16 MB
Time: 8.015 sec (0 m 8 s)
Scan Started Fri Nov 30 17:30:00 2007
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 35 processes - 374 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFD4A2.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFEF89.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\{DDB79887-2EE1-4EDC-A8B4-FD790F6742A6}.bin, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 171654
Engine version: 0.91.2
Scanned directories: 2477
Scanned files: 35342
Skipped non-executable files: 224
Infected files: 0
Data scanned: 7196.00 MB
Time: 5175.375 sec (86 m 15 s)
Scan Started Fri Jan 11 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 34 processes - 403 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 191320
Engine version: 0.91.2
Scanned directories: 2558
Scanned files: 38970
Skipped non-executable files: 270
Infected files: 0
Data scanned: 7447.73 MB
Time: 5370.813 sec (89 m 30 s)
Scan Started Fri Feb 08 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 32 processes - 371 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 204478
Engine version: 0.92
Scanned directories: 2857
Scanned files: 38568
Skipped non-executable files: 250
Infected files: 0
Data scanned: 7228.99 MB
Time: 3294.484 sec (54 m 54 s)
Scan Started Fri Feb 15 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 34 processes - 405 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\{0B7D030B-AC04-4444-A90F-C13D4A29179E}.bin, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 210964
Engine version: 0.92
Scanned directories: 2882
Scanned files: 36508
Skipped non-executable files: 232
Infected files: 0
Data scanned: 7282.98 MB
Time: 3342.532 sec (55 m 42 s)
Scan Started Fri Feb 22 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 32 processes - 314 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 214485
Engine version: 0.92
Scanned directories: 2885
Scanned files: 36394
Skipped non-executable files: 242
Infected files: 0
Data scanned: 7167.02 MB
Time: 3346.829 sec (55 m 46 s)
Scan Started Fri Feb 29 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 34 processes - 429 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF1989.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF29B0.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF2B34.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF72E5.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0003.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
C:\WINDOWS\Driver Cache\i386\sp2.cab: Trojan.Patched-2 FOUND
C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe: Trojan.Patched-2 FOUND
C:\WINDOWS\ServicePackFiles\i386\sp2.cab: Trojan.Patched-2 FOUND
WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 217792
Engine version: 0.92
Scanned directories: 3308
Scanned files: 39606
Skipped non-executable files: 221
Infected files: 3
Data scanned: 7800.48 MB
Time: 3897.171 sec (64 m 57 s)
Scan Started Fri Mar 07 13:36:53 2008
-------------------------------------------------------------------------------
Scanning aborted...
----------- SCAN SUMMARY -----------
Known viruses: 170704
Engine version: 0.92
Scanned directories: 0
Scanned files: 0
Skipped non-executable files: 0
Infected files: 0
Data scanned: 0.00 MB
Scan Started Fri Apr 11 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 31 processes - 374 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF1645.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF2774.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF288E.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0002.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 246086
Engine version: 0.92
Scanned directories: 3471
Scanned files: 42296
Skipped non-executable files: 325
Infected files: 0
Data scanned: 8293.50 MB
Time: 4111.860 sec (68 m 31 s)
Scan Started Fri Apr 18 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 35 processes - 467 modules ***
*** Computer Memory Scan Completed ***
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF83FB.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF9565.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF968A.tmp, Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0003.tmp, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 256858
Engine version: 0.92
Scanned directories: 3481
Scanned files: 42093
Skipped non-executable files: 294
Infected files: 0
Data scanned: 8435.82 MB
Time: 4159.594 sec (69 m 19 s)
Scan Started Fri May 23 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 32 processes - 356 modules ***
*** Computer Memory Scan Completed ***
----------- SCAN SUMMARY -----------
Known viruses: 293884
Engine version: 0.93
Scanned directories: 3507
Scanned files: 43298
Infected files: 0
Data scanned: 6933.44 MB
Time: 3078.000 sec (51 m 18 s)
Scan Started Fri Jun 06 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Scanned 34 processes - 372 modules ***
*** Computer Memory Scan Completed ***
C:\Programmi\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzpsl01.exe: W32.Virut.Gen.D-165 FOUND
C:\Programmi\ScanSoft\OmniPageSE2.0\xocr32b.exe: W32.Virut.Gen.D-146 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 305005
Engine version: 0.93
Scanned directories: 2946
Scanned files: 32320
Infected files: 2
Data scanned: 5916.59 MB
Time: 2540.047 sec (42 m 20 s)
Scan Started Fri Jul 04 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 37 processes - 407 modules ***
*** Computer Memory Scan Completed ***
----------- SCAN SUMMARY -----------
Known viruses: 339057
Engine version: 0.93.1
Scanned directories: 3051
Scanned files: 38757
Infected files: 0
Data scanned: 6296.79 MB
Time: 2932.641 sec (48 m 52 s)
Scan Started Fri Jul 11 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 36 processes - 418 modules ***
*** Computer Memory Scan Completed ***
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
----------- SCAN SUMMARY -----------
Known viruses: 346325
Engine version: 0.93.1
Scanned directories: 3071
Scanned files: 41962
Infected files: 2
Data scanned: 6734.09 MB
Time: 3147.188 sec (52 m 27 s)
Scan Started Fri Jul 18 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 35 processes - 382 modules ***
*** Computer Memory Scan Completed ***
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
----------- SCAN SUMMARY -----------
Known viruses: 353839
Engine version: 0.93.1
Scanned directories: 3057
Scanned files: 43981
Infected files: 2
Data scanned: 7289.52 MB
Time: 3257.796 sec (54 m 17 s)
Scan Started Fri Jul 25 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 37 processes - 400 modules ***
*** Computer Memory Scan Completed ***
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
----------- SCAN SUMMARY -----------
Known viruses: 368672
Engine version: 0.93.1
Scanned directories: 3070
Scanned files: 41583
Infected files: 2
Data scanned: 7478.20 MB
Time: 3294.828 sec (54 m 54 s)
Scan Started Fri Aug 01 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 34 processes - 387 modules ***
*** Computer Memory Scan Completed ***
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
----------- SCAN SUMMARY -----------
Known viruses: 377417
Engine version: 0.93.1
Scanned directories: 3110
Scanned files: 43814
Infected files: 2
Data scanned: 7677.30 MB
Time: 3357.157 sec (55 m 57 s)
Scan Started Tue Sep 23 09:49:21 2008
-------------------------------------------------------------------------------
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFD261.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFE43A.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFEE5.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFEFCD.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFFA0.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~WRS0272.tmp: Permission denied
C:\pagefile.sys: Permission denied
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 430820
Engine version: 0.94
Scanned directories: 3134
Scanned files: 43009
Infected files: 2
Data scanned: 7928.53 MB
Time: 3920.047 sec (65 m 20 s)
Scan Started Tue Sep 23 10:57:40 2008
-------------------------------------------------------------------------------
Scanning aborted...
----------- SCAN SUMMARY -----------
Known viruses: 430820
Engine version: 0.94
Scanned directories: 2426
Scanned files: 15185
Infected files: 0
Data scanned: 10348.93 MB
Scan Started Fri Oct 03 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 34 processes - 324 modules ***
*** Computer Memory Scan Completed ***
C:\pagefile.sys: Permission denied
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 434260
Engine version: 0.94
Scanned directories: 3834
Scanned files: 49219
Infected files: 2
Data scanned: 9497.32 MB
Time: 4148.532 sec (69 m 8 s)
Scan Started Fri Oct 10 17:30:00 2008
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 35 processes - 380 modules ***
*** Computer Memory Scan Completed ***
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DF497C.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFDCCF.tmp: Permission denied
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\~DFDD84.tmp: Permission denied
C:\pagefile.sys: Permission denied
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc38\removewga.exe: Trojan.RemovWGA FOUND
C:\RECYCLER\S-1-5-21-1482476501-1563985344-839522115-500\Dc39.zip: Trojan.RemovWGA FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 438323
Engine version: 0.94
Scanned directories: 3856
Scanned files: 51403
Infected files: 2
Data scanned: 9608.34 MB
Time: 4656.172 sec (77 m 36 s)
Scan Started Tue Dec 09 11:33:14 2008
-------------------------------------------------------------------------------
C:\autorun.bat: Trojan.Bat.Small-7 FOUND
C:\autorun.inf: VBS.Autorun-15 FOUND
C:\autorun.vbs: VBS.Autorun FOUND
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\autorun.bat: Trojan.Bat.Small-7 FOUND
C:\WINDOWS\system32\autorun.inf: VBS.Autorun-15 FOUND
C:\WINDOWS\system32\autorun.vbs: VBS.Autorun FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 471792
Engine version: 0.94.1
Scanned directories: 4781
Scanned files: 56030
Infected files: 6
Data scanned: 12767.67 MB
Time: 7534.969 sec (125 m 34 s)
|
dopo di che non mi ha chiesto nessuna operazione di cancellare i file infetti o metterli in quarantena, ma solo di salvare il report.
Non conosco questo antivirus, ho sempre usato avast home edition.
Se mi date una mano vi sarei davvero grato!  |
|
Top |
|
 |
Riverside Ban a tempo indeterminato

Registrato: 29/02/08 22:32 Messaggi: 4396 Residenza: Riverside House
|
Inviato: 09 Dic 2008 22:18 Oggetto: Re: Rilevato trojan |
|
|
Blacks84 ha scritto: | Ciao gente di PSV!!!!Purtroppo sono passato a trovarvi Mi son preso un virus, e non quello del raffreddore
Praticamente sul pc da lavoro, c'è sempre stato installato come antivirus ClamWin. Oggi il pc ha iniziato a darmi allarmi! Lo sfondo del desktop è una scritta immensa "WARNING DANGEROUS SPYWARE" che tra l'altro non mi permette di cambiarlo.
Ho fatto fare la scansione all'antivirus, mi ha trovat un paio di figli di trojan (ecco il report) ......
dopo di che non mi ha chiesto nessuna operazione di cancellare i file infetti o metterli in quarantena, ma solo di salvare il report.
Non conosco questo antivirus, ho sempre usato avast home edition.
Se mi date una mano vi sarei davvero grato!  |
Direi che qual computer è messo malucccio.
Partiamo dal presupposto che in Pronto Soccorso Virus, per principio (e ne capirai le ragioni) non mettiamo, mai, le nostre capaci manine su computer aziendali (come quello di riferimento); il fatto che tu sia un assiduo frequentatore del forum, sotto questo aspetto non comporta alcun vantaggio specifico.
L'unico suggerimento che posso darti è quello di contattare il Servizio di Assistenza e segnalare la questione.
A meno che, il padrone del vapore sia tu, allora il discorso cambia  |
|
Top |
|
 |
Blacks84 Dio maturo


Registrato: 26/04/07 14:50 Messaggi: 2446 Residenza: Nelpaese bagnato da tre mari e prosciugato da Tremonti
|
Inviato: 16 Dic 2008 18:05 Oggetto: |
|
|
Non lo avevo letto da nessuna parte il fattore dei pc aziendali, forse perche frequento poco il PSV (per fortuna).
Diciamo che il padrone del vapore sono io, ma comunque sia avevo risolto in un paio d'ore senza problemi e senza contattare l'assistenza.
Grazie lo stesso.
 |
|
Top |
|
 |
|
|
Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento Non puoi modificare i tuoi messaggi Non puoi cancellare i tuoi messaggi Non puoi votare nei sondaggi
|
|