www.MegaLab.it

da **luca65** » gio mar 08, 2007 9:27 pm

Ciao a tutti,
credo di aver raccattato qualche virus [cry+]

o qualcosa del genere sul mio pc, ho fatto la scansione con kaspersky e questo è il report:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 07, 2007 7:29:07 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/03/2007
Kaspersky Anti-Virus database records: 261615

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 38863
Number of viruses found 1
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 02:19:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LUCA\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Temp\Perflib_Perfdata_3f8.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LUCA\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP35\A0014825.scr/data_1.set/winmech/services.exe Infected: Backdoor.Win32.Mechbot.e skipped

C:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP35\A0014825.scr/data_1.set Infected: Backdoor.Win32.Mechbot.e skipped

C:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP35\A0014825.scr ZIP: infected - 2 skipped

C:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP39\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP39\change.log Object is locked skipped

E:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP39\change.log Object is locked skipped

F:\eMule0.47c\temp\001.part Object is locked skipped

F:\eMule0.47c\temp\005.part Object is locked skipped

F:\eMule0.47c\temp\007.part Object is locked skipped

F:\eMule0.47c\temp\008.part Object is locked skipped

F:\eMule0.47c\temp\009.part Object is locked skipped

F:\eMule0.47c\temp\011.part Object is locked skipped

F:\eMule0.47c\temp\022.part Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{71E0D9AD-D8B4-40DF-801B-D901184A9489}\RP39\change.log Object is locked skipped

Scan process completed.

Vi sarei grato se qualcuno mi potesse dare un suggerimentosul come poter rimuovere i files infetti e ripulire il sistema.
Un grazie in anticipo per gli eventuali suggerimenti.

Luca65

da **crazy.cat** » ven mar 09, 2007 9:27 am

Disattiva il ripristino della configurazione
http://www.MegaLab.it/2330
riavvia il pc e poi rifai la scansione.

Se poi proprio lo usi riattiva il ripristino della configurazione.

da **luca65** » sab mar 10, 2007 8:53 am

Ciao a tutti.
Grazie crazy.cat per il suggerimento, ho fatto come mi hai detto ed ora il report della scansione è il seguente:

Saturday, March 10, 2007 7:44:11 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/03/2007
Kaspersky Anti-Virus database records: 264117

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 34543
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 02:26:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LUCA\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped

C:\Documents and Settings\LUCA\Dati applicazioni\Microsoft\Outlook\Outlook.srs Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Cronologia\History.IE5\MSHist012007030920070310\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Dati applicazioni\Microsoft\Outlook\Outlook.pst Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Temp\~DF731B.tmp Object is locked skipped

C:\Documents and Settings\LUCA\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LUCA\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LUCA\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\eMule0.47c\temp\001.part Object is locked skipped

F:\eMule0.47c\temp\002.part Object is locked skipped

F:\eMule0.47c\temp\003.part Object is locked skipped

F:\eMule0.47c\temp\008.part Object is locked skipped

F:\eMule0.47c\temp\011.part Object is locked skipped

F:\eMule0.47c\temp\022.part Object is locked skipped

F:\Luca1\Backup070309\backup090307.pst Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Da quello che vedo non dovrebbero esserci più virus o almeno credo, ma se qualche esperto mi può rassicurare gliene sarei riconoscente.
Grazie per l'interessamento.

Saluti da luca65

da **crazy.cat** » sab mar 10, 2007 9:03 am

Tutto pulito.

luca65 ha scritto:Scan Statistics
Total number of scanned objects 34543
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 02:26:35

da **luca65** » sab mar 10, 2007 9:17 am

Grazie per la conferma crazy.cat.
Un saluto e un grazie a tutti.

luca65

www.MegaLab.it

Backdoor.Win32.Mechbot.e

Backdoor.Win32.Mechbot.e

Chi c’è in linea