controllando bene process explorer ho notato che c'erano 2 lsass.exe guarda...
Process PID CPU Description Company Name
System Idle Process 0 3
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 4
smss.exe 788 Windows NT Session Manager Microsoft Corporation
csrss.exe 1168 1 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1192 Applicazione Accesso a Windows NT Microsoft Corporation
services.exe 1236 1 Applicazione Servizi e Controller Microsoft Corporation
ati2evxx.exe 1416
svchost.exe 1432 Generic Host Process for Win32 Services Microsoft Corporation
DATALA~1.EXE 872 DataLayer 2.0 Module Nokia Mobile Phones Ltd.
SERVIC~1.EXE 920 ServiceLayer Module Nokia.
MPAPI3s.exe 992 Mobile Phone API Nokia Corporation
msmsgs.exe 2560 Messenger Microsoft Corporation
svchost.exe 1492 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1724 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1852 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1984 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 560 Spooler SubSystem App Microsoft Corporation
ccSetMgr.exe 1596 Symantec Settings Manager Service Symantec Corporation
NPFMntor.exe 1668 Norton AntiVirus Firewall Install Monitor Symantec Corporation
PPPoEService.exe 1688
SPBBCSvc.exe 176 SPBBC Service Symantec Corporation
svchost.exe 2288 Generic Host Process for Win32 Services Microsoft Corporation
symlcsvc.exe 2344 Symantec Core Component Symantec Corporation
wdfmgr.exe 2384 Windows User Mode Driver Manager Microsoft Corporation
ccEvtMgr.exe 2432 Symantec Event Manager Service Symantec Corporation
alg.exe 3396 Application Layer Gateway Service Microsoft Corporation
SNDSrvc.exe 972 Network Driver Service Symantec Corporation
svchost.exe 2064 Generic Host Process for Win32 Services Microsoft Corporation
navapsvc.exe 1636 Norton AntiVirus Auto-Protect Service Symantec Corporation
----> lsass.exe 1248 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 196 2 Esplora risorse Microsoft Corporation
----> lsass.exe 356 88
atiptaxx.exe 396 ATI Desktop Control Panel ATI Technologies, Inc.
SOUNDMAN.EXE 412 Realtek Sound Manager Realtek Semiconductor Corp.
AGRSMMSG.exe 420 SoftModem Messaging Applet Agere Systems
CPLBCL53.EXE 428 MultiMedia Keyboard Dritek System Inc.
PDVDServ.exe 452 PowerDVD RC Service Cyberlink Corp.
SynTPLpr.exe 460 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 468 Synaptics TouchPad Enhancements Synaptics, Inc.
jusched.exe 476
ccApp.exe 2036 Symantec User Session Symantec Corporation
MsgPlus.exe 624 Messenger Plus! Patchou
vsnpstd.exe 312 CameraMonitor MFC Application
MWSOEMON.EXE 668 My Web Search Email Plugin MyWebSearch.com
Launch Application 2.exe 676 Launch Application 2 Nokia
ctfmon.exe 704 CTF Loader Microsoft Corporation
PcSync2.exe 752 PC Sync Time Information Services Ltd.
iexplore.exe 3376 Internet Explorer Microsoft Corporation
procexp.exe 2488 1 Sysinternals Process Explorer Sysinternals
Navw32.exe 1716 Norton AntiVirus Scanner Module Symantec Corporation
mi è venuto un sospetto...
infatti se leggi il log della scansione con scangui...
02/04/2005 16:25:17
Options:
/AD /CLEAN /SUB /UNZIP /ALL /RPTCOR /RPTERR /REPORT C:\SCANGUI\SCAN.TXT
Scanning C: [BIG]
Scanning C:\*.*
C:\System Volume Information\_restore{9744EC8F-5B85-442F-8992-DF8912DA36B2}\RP201\A0033596.exe\A0033596.exe ... Found the BackDoor-ASB.gen trojan !!!
The file has been deleted.
C:\WINDOWS\lsass.exe\lsass.exe ... Found the BackDoor-ASB.gen trojan !!!
The file has been deleted.
Summary report on C:\*.*
File(s)
Total files: ........... 144644
Clean: ................. 144417
Possibly Infected: ..... 2
Cleaned: ............... 0
Deleted: ............... 2
Non-critical Error(s): 3
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Scanning D: [SMALL]
Scanning D:\*.*
Summary report on D:\*.*
File(s)
Total files: ........... 5470
Clean: ................. 5470
Possibly Infected: ..... 0
Cleaned: ............... 0
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0
Time: 00:49.03
eccolo li il clone del lsass.exe..ora sembra andare tutto bene, devo preoccuparmi per quel pppoeservice.exe?
ciao e grazie!!
ps. mi consigli mcafee piuttosto di norton 2005??