s8un3no
Digital-Forum Silver Master
Tento di tenere pulito il mio PC e lo aggiorno spesso, solo ieri ho aggiornato Ad-Ware SE e gli ho fatto fare la scansione risultata negativa. Sempre ieri ho aggiornato Spybot, gli ho fatto fare la scansione anche questa negativa. Oggi ho aggiorvato avast gli ho fatto fare la scansione del disco C: e mi ha trovato il trojan win32:Gload-B nel file ioaa.dll in c:windows\system\ avast l'ha rinominato e spostato. Mi chiedo è possibile che sia passato indenne ad Ad-Ware e Spybot? e anche ada Avast quando si è installato? E' sufficente averlo spostato e rinominato?
Nel registro di windows non c'è traccia come non si vede nel log di hijackthis ( che allego):
Logfile of HijackThis v1.99.1
Scan saved at 21.00.43, on 21/09/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\SISTEMA\AVAST\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SISTEMA\MOUSE\LWBWHEEL.EXE
C:\SISTEMA\AVAST\ASHWEBSV.EXE
C:\SISTEMA\AVAST\ASHMAISV.EXE
C:\SISTEMA\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMI\BLUETOOTH\BTTRAY.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.0\PROGRAM\SOFFICE.BIN
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\BLUETOOTH\BTSTACKSERVER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\SISTEMA\MOZILLA\FIREFOX\FIREFOX.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
C:\SISTEMA\HIJACK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Sistema\Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [avast! Web Scanner] C:\SISTEMA\AVAST\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\SISTEMA\AVAST\ashmaisv.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Sistema\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\bluetooth\bin\btstart.exe
O4 - HKLM\..\RunServices: [avast!] C:\Sistema\avast\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: BTTray.lnk = C:\Programmi\bluetooth\BTTray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: zonealarm.exe.lnk = C:\Sistema\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\bluetooth\btsendto_ie_ctx.htm
Nel registro di windows non c'è traccia come non si vede nel log di hijackthis ( che allego):
Logfile of HijackThis v1.99.1
Scan saved at 21.00.43, on 21/09/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\SISTEMA\AVAST\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SISTEMA\MOUSE\LWBWHEEL.EXE
C:\SISTEMA\AVAST\ASHWEBSV.EXE
C:\SISTEMA\AVAST\ASHMAISV.EXE
C:\SISTEMA\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMI\BLUETOOTH\BTTRAY.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.0\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\OPENOFFICE.ORG 2.0\PROGRAM\SOFFICE.BIN
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\BLUETOOTH\BTSTACKSERVER.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\SISTEMA\MOZILLA\FIREFOX\FIREFOX.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAMMIUTILI\REALPLAYER\REALPLAY.EXE
C:\SISTEMA\HIJACK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Sistema\Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [avast! Web Scanner] C:\SISTEMA\AVAST\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\SISTEMA\AVAST\ashmaisv.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Sistema\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\bluetooth\bin\btstart.exe
O4 - HKLM\..\RunServices: [avast!] C:\Sistema\avast\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: BTTray.lnk = C:\Programmi\bluetooth\BTTray.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: zonealarm.exe.lnk = C:\Sistema\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\bluetooth\btsendto_ie_ctx.htm
