• Non sono ammesse registrazioni con indirizzi email temporanei usa e getta

HELP... Malware o simile virus Ciambella

Robysat64

Robysat64

Digital-Forum Master
Registrato
13 Settembre 2003
Messaggi
674
Località
Casteddu
Ciao a a tutti su pc fisso con windows 7 mi è uscita una ciambella che ruota di continua con scritta nello sfondo in inglese che devo pagare 100 dollari...
vi stò scrivendo dal notebook perchè dal fisso mi ha bloccato i browser e forse altre cose... in pratica esce un finestra cmd con scritto sopra taskeng.exe con visualizza attività mi appare 5 app la prima con scritto form1 se li arresto tutti dopo un minuto ricomincia da capo... le icone dei browser di chrome e firefox sono bianche se ci clicco... cè qualche tools fix ho provato con adwclearn antimalware e altri ma niente....
cosa mi suggerite
 
Direi di provare intanto a staccare fisicamente il pc da internet (alcune tipologie si attivano solo se sentono la connessione 'attivano'), sperando che non ti sia beccato il classico ramsowmware.
Fallo partire in modalità provvisoria (generalmente F8 all'avvio) e se riesci fare una scansione approfondita del pc con un antivirus con le definizioni aggiornate

Dopodichè se riesci a postare un log di hijackthis nell'apposito 3d.
 
ok lo ha un po ripulito Malwarebytes ma esce sempre la finestrella cmd la ciambella per ora è sparita se apro visualizza attività appare due voci uguali "eiaknnj"
allego il file richiesto .. grazie ...

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:49:50, on 22/06/2018
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)

FIREFOX: 60.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Deion\salvadoran.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Weeds\Mortimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
C:\Program Files\Weeds\Mortimer.exe
C:\Program Files\eInstruction\Device Manager\Launch.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Windows\System32\dinotify.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\taskhost.exe
E:\HijackThis.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\conhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = _http://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=IT&userid=46582969-9b21-4294-b716-ebb235ec35f4&searchtype=ds&q={searchTerms}&installDate=06/04/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {0E2877D3-2641-4970-B794-A553E295428D} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll
O2 - BHO: uTorrentBar_IT - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Remanufacture] "C:\Program Files\Daddy\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Fielden] "C:\Program Files\intercalation\Atari.exe" iakn
O4 - HKLM\..\Run: [Canaries] "C:\Program Files\Weeds\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Wilting] "C:\Program Files\Daddy\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Campion] "C:\Program Files\intercalation\Atari.exe" iakn
O4 - HKLM\..\Run: [Cancelation] "C:\Program Files\Weeds\Mortimer.exe" iakn
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: BootSys.url
O4 - Startup: kraemer.lnk = ?
O4 - Startup: kraemerkraemer.lnk = ?
O4 - Startup: Monitora avvisi inchiostro - HP Deskjet 1050 J410 series (Copia 1).lnk = ?
O4 - Global Startup: eInstruction Device Manager.lnk = C:\Program Files\eInstruction\Device Manager\Launch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Kaspersky Anti-Virus 18.0.0 (AVP18.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Secure Connection Service 1.0.0 (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MGUwZ - Unknown owner - C:\Program Files\MGUwZ\MWU2OG.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NmFiN2U2ZmM - Unknown owner - rundll32.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7826 bytes
 
Devi usare la nuova versione di HijackThis

Ti ho risposto nella discussione di HijackThis
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso