Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Trojan totour.exe

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Trojan totour.exe

Messaggioda Guercio » mer mag 23, 2007 2:21 am

Sera/notte a tutti.. prima di andare a dormire sereno mi sono beccato un bel trojan [cry+]

Avast e AVG Anti-Spyware hanno bloccato l'azione del file ma comunque mi sono comparsi 3-4 file exe sul desktop che poi si sono rimossi con l'azione dell'AVG.. al momento il pc non rileva anomanie ma non sono sicuro della scampata infezione..

Ho effettuato in modalità provvisoria una scansione rapida del sistema (memoria-registro-directory windows-cookie) con AVG e vi posto il rapporto per rendervi le idee più chiare:

---------------------------------------------------------
AVG Anti-Spyware - Rapporto scansione
---------------------------------------------------------

+ Creato alle: 2.10.19 23/05/2007

+ Risultato scansione:

C:\WINDOWS\system32\ipv6monl.dll -> Logger.BZub.jg : Ripulito con backup (in quarantena)
C:\WINDOWS\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Ignorato.
C:\WINDOWS\system32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Ignorato.
C:\WINDOWS\system32\drivers\ndis.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Ignorato.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Ripulito con backup (in quarantena)
C:\Documents and Settings\Emanuele\Cookies\emanuele@fastclick[2].txt -> TrackingCookie.Fastclick : Ripulito.
C:\Documents and Settings\Emanuele\Cookies\emanuele@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ripulito.
C:\WINDOWS\system32\ollkhdsjdcivh.dll -> Trojan.Agent.j : Ripulito con backup (in quarantena)
C:\WINDOWS\system32\wincom32.sys -> Trojan.Tibs.w : Ripulito con backup (in quarantena)

::Fine rapporto


Cosa faccio?? Posto il log di HijackThis?? Oppure faccio una scansione completa con AVG?? Oppure con SUPERAntiSpyware Professional?? Oppure con cosa??

Aspetto consigli, grazie a tutti [:)]
Avatar utente
Guercio
Senior Member
Senior Member
 
Messaggi: 161
Iscritto il: lun apr 02, 2007 6:19 pm
Località: Napoli

Re: Trojan totour.exe

Messaggioda crazy.cat » mer mag 23, 2007 9:13 am

Guercio ha scritto:Posto il log di HijackThis?? Oppure con SUPERAntiSpyware Professional??

si e si.
Vediamo il log intanto
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Guercio » mer mag 23, 2007 2:00 pm

crazy.cat ti posto il log di hijackthis:
Fammi sapere un po' come sono messo, perché sto prendendo in considerazione la formattazione

Logfile of HijackThis v1.99.1
Scan saved at 11.08.57, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: C:\WINDOWS\system32\lxnhe873ejkd.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lxnhe873ejkd.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System update] C:\DOCUME~1\Emanuele\IMPOST~1\Temp\1634.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Programmi\Executive Software\Diskeeper\ESIRegister.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe
O8 - Extra context menu item: &Download with FreeDAccelerator! - C:\Programmi\Free Download Accelerator 2\FreeDAccelerator.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Programmi\IDA\idaieall.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with IDA - C:\Programmi\IDA\idaie.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Programmi\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Programmi\IDA\ida.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6568654074
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Avatar utente
Guercio
Senior Member
Senior Member
 
Messaggi: 161
Iscritto il: lun apr 02, 2007 6:19 pm
Località: Napoli

Messaggioda crazy.cat » mer mag 23, 2007 2:06 pm

Guercio ha scritto:perché sto prendendo in considerazione la formattazione

Una volta ogni tanto non fa mai male.

Qualche zozzeria si vede
Guercio ha scritto:O2 - BHO: C:\WINDOWS\system32\lxnhe873ejkd.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\system32\lxnhe873ejkd.dll
O4 - HKCU\..\Run: [System update] C:\DOCUME~1\Emanuele\IMPOST~1\Temp\1634.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rbtjxlh.dll
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Guercio » mer mag 23, 2007 6:02 pm

Grazie crazy.cat ho seguito il tuo consiglio e ho formattato direttamente [;)]
Avatar utente
Guercio
Senior Member
Senior Member
 
Messaggi: 161
Iscritto il: lun apr 02, 2007 6:19 pm
Località: Napoli


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising