Qualcuno conosce qualche programma free che mi possa aiutare a rimuovere il suddetto virus?
Ho tentato con Spyware Doctor ma una volta trovati non li cancella perchè richiede una versione a pagamento.
Il virus all'opera non consente neppure l'esecuzione di hijackthis se non dopo che ho rinominato il programma.
Alla voce 020 c'è uno dei file che sicuramente è anomalo.
Il virus genera nella barra dei programmi in esecuzione un falso messaggio di infezione e genera alcuni files anomali, quale ad esempio braviax.exe in c/winnt e c/winnt7system32.
Allego il log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.51.32, on 21/03/08
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\TEMP\MF7229.EXE
C:\WINNT\system32\sistray.EXE
C:\WINNT\system32\keyhook.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\cdplayer.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Trend Micro\OfficeScan Client\pccntupd.exe
\Dbsrv\ESFW40\admin\bin\EUR010.exe
C:\PROGRA~1\MICROS~2\Office\MSACCESS.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Microsoft Office\Office\Outlook.exe
C:\Programmi\File comuni\System\MAPI\1040\nt\MAPISP32.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Programmi\Microsoft Office\Office\EXCEL.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xxxxxxxx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\system32\keyhook.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SendFax Agent] "C:\Programmi\Vidicode\SendFax\SF_Agent.exe"
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\system32\cdplayer.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\WINNT\system32\cru629.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
Ho tentato con Spyware Doctor ma una volta trovati non li cancella perchè richiede una versione a pagamento.
Il virus all'opera non consente neppure l'esecuzione di hijackthis se non dopo che ho rinominato il programma.
Alla voce 020 c'è uno dei file che sicuramente è anomalo.
Il virus genera nella barra dei programmi in esecuzione un falso messaggio di infezione e genera alcuni files anomali, quale ad esempio braviax.exe in c/winnt e c/winnt7system32.
Allego il log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.51.32, on 21/03/08
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\TEMP\MF7229.EXE
C:\WINNT\system32\sistray.EXE
C:\WINNT\system32\keyhook.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\cdplayer.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Trend Micro\OfficeScan Client\pccntupd.exe
\Dbsrv\ESFW40\admin\bin\EUR010.exe
C:\PROGRA~1\MICROS~2\Office\MSACCESS.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\Programmi\Microsoft Office\Office\Outlook.exe
C:\Programmi\File comuni\System\MAPI\1040\nt\MAPISP32.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Programmi\Microsoft Office\Office\EXCEL.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xxxxxxxx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\system32\keyhook.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SendFax Agent] "C:\Programmi\Vidicode\SendFax\SF_Agent.exe"
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\system32\cdplayer.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\WINNT\system32\cru629.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
