Ciao mi son iscritta perkè tutto è nato da questo nome:
Trojan.Clicker.win32.Tiny.h
Da lì è iniziato tutto!
I virus son diventati tanti.
Ho installato Combofix e ho fatto scansione
ho installato ad-aware e ho fatto scansione
ho installato sbybot e ho fatto scansione
ho fatto scansione con Avira antivirus
ho installato Mal-aware (non ricordo bene il nome) e ho fatto scansione
dopodichè non era cambiato niente.
HO messo pc in modalità provvisoria e ho rifatto tutte le scansioni.
Risultato finale mi diceva 1 Warning No Virus.
Ho rimesso pc in modalità normale e pareva tutto apposto.
Dopo il giorno dopo ovvero oggi alle 14.45 mi da segnale di altri 6 virus.
Faccio scansione con Avira e questo è il report:
Avira AntiVir Personal
Report file date: martedì 14 ottobre 2008 15:18
Scanning for 1683991 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HP13875249871
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 18/07/2008 07:42:27
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 07:42:27
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 07:42:28
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 07:42:28
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 07:41:46
ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 07:33:35
ANTIVIR3.VDF : 7.0.7.39 208896 Bytes 14/10/2008 12:56:42
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 07:50:18
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 19/09/2008 07:35:30
AESCN.DLL : 8.1.0.23 119156 Bytes 16/07/2008 07:35:50
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 07:35:29
AEPACK.DLL : 8.1.2.3 364918 Bytes 25/09/2008 07:34:31
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 19/09/2008 07:35:28
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 07:35:27
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 07:57:35
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/09/2008 07:35:29
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 09:23:44
AECORE.DLL : 8.1.1.11 172406 Bytes 05/09/2008 07:34:21
AEBB.DLL : 8.1.0.1 53617 Bytes 17/07/2008 07:38:45
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 07:42:27
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 07:42:27
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:23:36
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 07:42:27
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 07:50:14
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 07:42:27
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 07:50:16
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 07:42:28
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 07:50:16
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 07:42:22
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 07:42:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: martedì 14 ottobre 2008 15:18
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'NsCatCom.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'NsCatCom.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'SFUSVC.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '55' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A9F9D686-3B04-43AE-B23F-6FBE58D6D41D}\RP474\A0035226.exe
[DETECTION] Is the TR/FakeAV.baj.2 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A9F9D686-3B04-43AE-B23F-6FBE58D6D41D}\RP474\A0035239.exe
[DETECTION] Is the TR/Dldr.FraudL.vahh Trojan
[NOTE] TR/Dldr.FraudL.vahh:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Start Page>=sz:google.com>=SZ:about:blank
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A9F9D686-3B04-43AE-B23F-6FBE58D6D41D}\RP474\A0035338.exe
[DETECTION] Is the TR/Dldr.FraudL.vahh Trojan
[NOTE] The file was renamed to 'A0035338.exe.VIR'!
C:\System Volume Information\_restore{A9F9D686-3B04-43AE-B23F-6FBE58D6D41D}\RP474\A0035472.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A9F9D686-3B04-43AE-B23F-6FBE58D6D41D}\RP474\A0035473.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{A9F9D686-3B04-43AE-B23F-6FBE58D6D41D}\RP475\A0036540.exe
[DETECTION] Is the TR/Obfuscated.GX.2446 Trojan
[NOTE] The file was deleted!
Sono rimasta interdetta dal fatto la cartella C:\System Volume Information non la trovo da nessuna parte nel pc e sono rimasta interdetta dal fatto ke il report mi dice che il file A0035338.exe.VIR è stato rinominato e un file non lo riesce ad aprire il mio software antivirus. Sono sicura che tutto dipende da quel maledetto file, ma manco in modalità provvisoria riesco a toglierlo. Che fare? Aiuto son disperata perkè è il PC AZIENDALE e non posso permettermi casini..