Olimpo Informatico

[chemicalbit]

[elisafa]

ho windows hp, nn so cosa sia il service pack 2
l'avviso è del centro sicurezza windows
nn credo di aver installato altri tipi di firewall....
che vuol dire che nn c'è nel log di hijackthis? cosa nn c'è?

[chemicalbit]

[elisafa]

grazie di tutto, ho fatto come hai detto e ho riattivato il firewall!
la cosa che nn capisco è come mai si è disattivato da solo...mah
ora sto facendo lo scan online con kaspersky e vediamo come va...

[chemicalbit]

[elisafa]

la scansione ha trovato un virus

KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 11:11:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 734552


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 90622
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 01:02:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Xp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\001.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\002.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\003.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\004.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\005.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\006.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\007.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\008.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\009.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\010.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\012.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\015.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\016.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\017.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\018.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\019.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\021.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\022.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\024.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\025.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\027.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\028.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\030.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\anteprima eMule\031.part Object is locked skipped

C:\Documents and Settings\Xp\Documenti\backups\backup-20080501-102331-239.dll Infected: not-a-virus:AdWare.Win32.Mostofate.dt skipped

C:\Documents and Settings\Xp\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Xp\Impostazioni locali\Cronologia\History.IE5\MSHist012008050120080502\index.dat Object is locked skipped

C:\Documents and Settings\Xp\Impostazioni locali\Dati applicazioni\ApplicationHistory\ENCWCSVR.EXE.26bfe7ac.ini.inuse Object is locked skipped

C:\Documents and Settings\Xp\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Xp\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Xp\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Xp\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Xp\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{1A02191E-30F0-485E-9721-58C604CDCCD7}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[chemicalbit]

[elisafa]

si, connetto la chiave, l'ipod o la scheda della macchina fotografica...
veramente mi ero scordata di avere emule aperto

[chemicalbit]

La cosa strana -ma non sono esperto di Emule- è che vedo dei file di emule non controllati, anche nel log di "Normam malware cleaner" che è stato eseguito in modalità provvisoria.

[bdoriano]

Probabilmente emule "blocca" i files che sta scaricando fino a quando non sono completati. (non ne sono sicuro, però).

Il file che ti viene segnalato come infetto è in una cartella di backup (forse qualche antispyware l'ha già isolato).
Comunque, se vuoi eliminarlo:

• Apri risorse del computer
  
• Ti sposti nella cartella Documenti
  
• Ti sposti nella cartella backups
  
• Cerca il file backup-20080501-102331-239.dll ed eliminalo

[elisafa]

ok, grazie bdoriano!

[chemicalbit]

[elisafa]

in effetti io nn ricordo che esistesse questa cartella backup in documenti...è spuntata adesso!
e quindi che faccio?

[chemicalbit]

Sei riuscita a cancellare quel file?

[elisafa]

si, il file l'ho cancellato

[bdoriano]

Bene!

Compiti per le "vacanze": ogni tanto fai una scansione con Kaspersky online e vediamo se spunta ancora la cartella backups.

Se tra una settimana non ci sono ulteriori novità, spostiamo il topic tra i casi risolti.

[elisafa]

ok, sto giusto rifacendo la scansione online e vediamo come va...

[elisafa]

la scansione nn ha rilevato virus...sembra tutto pulito, speriamo bene!
grazie ancora x l'aiuto che date ogni volta