| Precedente :: Successivo | 
	
	
		| Autore | Messaggio | 
	
		| baciami Semidio
 
  
  
 Registrato: 02/09/07 15:40
 Messaggi: 287
 Residenza: toscana
 
 | 
			
				|  Inviato: 13 Lug 2008 19:09    Oggetto: trojan e controllo |   |  
				| 
 |  
				| sono sempre io..ho fatto la scansione in mod provvisoria con virit e ho trovato sto trojan 
  	  | Citazione: |  	  | [SCANSIONE DELLA MEMORIA] OK
 --------------------------------------------------------
 13/07/2008 - 15:42:00
 
 [SCANSIONE DEL REGISTRO]
 OK
 
 [A:]
 BOOT SECTOR: OK
 
 
 [C:]
 MASTER BOOT RECORD: OK
 BOOT SECTOR: OK
 
 C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP13\A0000942.exe Infetto da Trojan.Win32.Agent.AWE
 
 [E:]
 MASTER BOOT RECORD: OK
 BOOT SECTOR: OK
 
 
 [F:]
 
 
 Chiavi Registro infette: 0.
 Files Infetti: 1.
 Files Sospetti: 0.
 Files Analizzati: 29949.
 Files Totali: 29949.
 Chiavi Registro rimosse: 0.
 Virus Rimossi: 0.
 | 
 
 non capisco xchè un me lo elimina.grazie x l'aiuto
 ho xp professional
 poi ne ho fatta un altra con SmitFraudFix v2.329 potresti controllare se è tutto ok? grazie
 
  	  | Citazione: |  	  | SmitFraudFix v2.329 
 Scan done at 20.33.39,65, 12/07/2008
 Run from C:\Documents and Settings\Proprietario\Desktop\SmitfraudFix
 OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
 The filesystem type is NTFS
 Fix run in safe mode
 
 »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
 !!!Attention, following keys are not inevitably infected!!!
 
 SrchSTS.exe by S!Ri
 Search SharedTaskScheduler's .dll
 
 »»»»»»»»»»»»»»»»»»»»»»»» Killing process
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» hosts
 
 127.0.0.1       localhost
 
 »»»»»»»»»»»»»»»»»»»»»»»» VACFix
 
 VACFix
 Credits: Malware Analysis & Diagnostic
 Code: S!Ri
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
 
 S!Ri's WS2Fix: LSP not Found.
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
 
 GenericRenosFix by S!Ri
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
 
 IEDFix
 Credits: Malware Analysis & Diagnostic
 Code: S!Ri
 
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
 
 404Fix
 Credits: Malware Analysis & Diagnostic
 Code: S!Ri
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» DNS
 
 HKLM\SYSTEM\CCS\Services\Tcpip\..\{675C777A-8BAA-4228-89BA-09176E9E183C}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CCS\Services\Tcpip\..\{C9EA1F64-A952-4478-B1D1-057A0022B66B}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C9EA1F64-A952-4478-B1D1-057A0022B66B}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS2\Services\Tcpip\..\{675C777A-8BAA-4228-89BA-09176E9E183C}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS2\Services\Tcpip\..\{C9EA1F64-A952-4478-B1D1-057A0022B66B}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS3\Services\Tcpip\..\{675C777A-8BAA-4228-89BA-09176E9E183C}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS3\Services\Tcpip\..\{C9EA1F64-A952-4478-B1D1-057A0022B66B}: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
 !!!Attention, following keys are not inevitably infected!!!
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
 "System"=""
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
 Registry Cleaning done.
 
 »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
 !!!Attention, following keys are not inevitably infected!!!
 
 SrchSTS.exe by S!Ri
 Search SharedTaskScheduler's .dll
 
 
 »»»»»»»»»»»»»»»»»»»»»»»» End
 | 
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| bdoriano Amministratore
 
  
  
 Registrato: 02/04/07 12:05
 Messaggi: 14391
 Residenza: 3° pianeta del sistema solare...
 
 | 
			
				|  Inviato: 13 Lug 2008 20:02    Oggetto: |   |  
				| 
 |  
				| Il trojan si trova nei files di ripristino di sistema. 
 Disabilita il ripristino di sistema e poi riabilitalo.
 Il file verrà cancellato automaticamente.
  |  | 
	
		| Top |  | 
	
		|  | 
	
		| baciami Semidio
 
  
  
 Registrato: 02/09/07 15:40
 Messaggi: 287
 Residenza: toscana
 
 | 
			
				|  Inviato: 13 Lug 2008 20:06    Oggetto: |   |  
				| 
 |  
				| grazie bdoriano e penso che il log di SmitFraudFix v2.329 sia a posto..ok ciao  |  | 
	
		| Top |  | 
	
		|  | 
	
		|  |