Ora le cose "pallose" per voi che le sentite dire e ridire.
Sono stato infettato dal Bagle che mi ha impedito di installare gli antivirus come da prassi.
Ho messo così il mio disco su un altro pc e da lì scansionato con Norton Internet Security 2007 che mi ha rilevato 3 infezioni di livello alto. Riparato, rimesso nel case d'origine... e sono riuscito a reinstallarci il Nod.
Il problema è che sto cercando di installare per sicurezza il Norton Internet Security 2007 ma l'installazione è ancora bloccata all'avvio del CD, il che mi fa pensare che il mio PC sia ancora infetto.
Facendo una scansione con Kaspersky mi sono ritrovato:
Number of viruses found: 42
Number of infected objects: 181
Number of suspicious objects: 53
Alcuni di questi sono poi dentro ad alcuni miei documenti che non vorrei assolutamente eliminare, in una partizione dati che ho chiamato D.
Il mio disco ha infatti 2 partizioni: "C" con Windows e Programmi, "D" con i dati vari.
Ora come ora vorrei solamente sistemare i files nella partizione C:, quella dove ho programmi e sistema operativo.
Incollo di seguito il resoconto di c:, sperando che mi possiate dare una dritta su come sistemare la situazione.
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\edo1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\cert8.db Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\history.dat Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\key3.db Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\parent.lock Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\search.sqlite Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Sun\Java\Deployment\cache\6.0\34\398fcce2-6514de4a/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\edo1\Dati applicazioni\Sun\Java\Deployment\cache\6.0\34\398fcce2-6514de4a ZIP: infected - 1 skipped
C:\Documents and Settings\edo1\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-41b68eed-25d0fe73.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\edo1\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-41b68eed-25d0fe73.zip ZIP: infected - 1 skipped
C:\Documents and Settings\edo1\Dati applicazioni\Thunderbird\Profiles\y0yu1ri2.default\abook.mab Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Thunderbird\Profiles\y0yu1ri2.default\cert8.db Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Thunderbird\Profiles\y0yu1ri2.default\impab.mab Object is locked skipped
C:\Documents and Settings\edo1\Dati applicazioni\Thunderbird\Profiles\y0yu1ri2.default\key3.db Object is locked skipped
C:\Documents and Settings\edo1\Desktop\superfast.zip/setup.exe/file1 Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
C:\Documents and Settings\edo1\Desktop\superfast.zip/setup.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
C:\Documents and Settings\edo1\Desktop\superfast.zip ZIP: infected - 2 skipped
C:\Documents and Settings\edo1\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Cronologia\History.IE5\MSHist012007110620071107\index.dat Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Identities\{C6687080-49E4-43F5-A31B-0FF8D5696191}\Microsoft\Outlook Express\Posta inviata.dbx/[From ][Date Tue, 30 Jan 2007 12:49:57 +0100]/UNNAMED/Real.VNC.Enterprise.Edition.v4.2.6.Incl-Keygen.rar/vnc-E4_2_6-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Identities\{C6687080-49E4-43F5-A31B-0FF8D5696191}\Microsoft\Outlook Express\Posta inviata.dbx/[From ][Date Tue, 30 Jan 2007 12:49:57 +0100]/UNNAMED/Real.VNC.Enterprise.Edition.v4.2.6.Incl-Keygen.rar/vnc-E4_2_6-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Identities\{C6687080-49E4-43F5-A31B-0FF8D5696191}\Microsoft\Outlook Express\Posta inviata.dbx/[From ][Date Tue, 30 Jan 2007 12:49:57 +0100]/UNNAMED/Real.VNC.Enterprise.Edition.v4.2.6.Incl-Keygen.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Identities\{C6687080-49E4-43F5-A31B-0FF8D5696191}\Microsoft\Outlook Express\Posta inviata.dbx/[From ][Date Tue, 30 Jan 2007 12:49:57 +0100]/UNNAMED Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Identities\{C6687080-49E4-43F5-A31B-0FF8D5696191}\Microsoft\Outlook Express\Posta inviata.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\lpbi76dc.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\edo1\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\edo1\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\edo1\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\mIRC\backup\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
C:\mIRC\download\mirc616.exe.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\mIRC\download\mirc616.exe.exe mIRC: infected - 1 skipped
C:\mIRC\Mirc 6.16 ITA\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped
C:\Programmi\ESET\logs\virlog.dat Object is locked skipped
C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped
C:\Programmi\ESET\nod32fix.reg Object is locked skipped
C:\Programmi\Super Fast Shutdown\shutdown.exe Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
C:\Programmi\SWF Decompiler\MySearch\MySetp.exe Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBFC8C5-B172-49A7-94F8-4E7000D748BB}\RP223\A0035795.exe Object is locked skipped
C:\System Volume Information\_restore{3DBFC8C5-B172-49A7-94F8-4E7000D748BB}\RP223\A0035796.exe Object is locked skipped
C:\System Volume Information\_restore{3DBFC8C5-B172-49A7-94F8-4E7000D748BB}\RP223\A0035836.exe Object is locked skipped
C:\System Volume Information\_restore{3DBFC8C5-B172-49A7-94F8-4E7000D748BB}\RP223\A0035837.sys Infected: Trojan-Downloader.Win32.Bagle.fg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log
Un'ultima cosa: nella cartella DOCUMENT AND SETTINGS/UTENTE/IMPOSTAZIONI LOCALI/TEMP/ trovo alcuni files un po' sospetti... primi tra tutti diversi ".exe" con nomi simili a "19exhmunml14.exe".
Virus Total mi ha detto questo a tal proposito:
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2007.11.6.1 2007.11.06 -
AntiVir 7.6.0.30 2007.11.05 -
Authentium 4.93.8 2007.11.05 -
Avast 4.7.1074.0 2007.11.05 -
AVG 7.5.0.503 2007.11.06 -
BitDefender 7.2 2007.11.06 -
CAT-QuickHeal 9.00 2007.11.05 -
ClamAV 0.91.2 2007.11.06 -
DrWeb 4.44.0.09170 2007.11.06 -
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
eTrust-Vet 31.2.5270 2007.11.05 -
Ewido 4.0 2007.11.05 -
FileAdvisor 1 2007.11.06 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.06 -
F-Secure 6.70.13030.0 2007.11.06 -
Ikarus T3.1.1.12 2007.11.06 -
Kaspersky 7.0.0.125 2007.11.06 -
McAfee 5156 2007.11.05 -
Microsoft 1.3007 2007.11.06 -
NOD32v2 2640 2007.11.06 -
Norman 5.80.02 2007.11.06 -
Panda 9.0.0.4 2007.11.06 Trj/Proxy.AD
Prevx1 V2 2007.11.06 Heuristic: Suspicious File With Outbound Communications
Rising 20.17.12.00 2007.11.06 -
Sophos 4.23.0 2007.11.06 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.06 -
TheHacker 6.2.9.117 2007.11.06 -
VBA32 3.12.2.4 2007.11.06 -
VirusBuster 4.3.26:9 2007.11.05 -
Webwasher-Gateway 6.0.1 2007.11.05 Worm.Win32.ModifiedUPX.gen!84 (suspicious)
Informazioni addizionali
File size: 209408 bytes
MD5: 9d34822cf71bed3edb192ec4c3573336
SHA1: bf37bb85e73592ae59d523f8c0905c0309676a4f
packers: UPX_LZMA
Prevx info: http://fileinfo.prevx.com/fileinfo.asp? ... 0050FB1538