PDA

Visualizza versione completa : Aiutooo


Gianluca72
21-11-2002, 09.49.02
Mentre navigavo in internet,a mia insaputa, mi Ŕ stata impostata una nuova pagina iniziale. Ho provato a modificarla agendo su "Internet-PropietÓ-Generale-pagina iniziale". Il risultato Ŕ che la pagina che imposto viene salvata solo per la sessione corrente ma, ogni volta che spengo il pc, questa si cancella e ricompare quella indesiderata. Penso si tratti di un TROYAN. Come posso fare?? :confused:

DavideDave
21-11-2002, 09.53.23
che SO hai?
fai una scansioncina con ad aware e con un buon antivirus
controlla di non avere cose strane in esecuzione automatica (quella nel registro... se non hai 2000 puoi usare msconfig...)

Ciao :)

Gianluca72
21-11-2002, 10.00.05
Ho Windows 98. Ecco cosa ho trovato:
Started memory scan
====================
Running processes:

#:1 Name: C:\WINDOWS\SYSTEM\KERNEL32.DLL
----------------------------
Threads:8
ProcID:4279223133
ParentProcID:2123362589
BasePriority:High


#:2 Name: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
----------------------------
Threads:1
ProcID:4294935421
ParentProcID:4279223133
BasePriority:Normal


#:3 Name: C:\WINDOWS\SYSTEM\MPREXE.EXE
----------------------------
Threads:1
ProcID:4294938317
ParentProcID:4294935421
BasePriority:Normal


#:4 Name: C:\WINDOWS\SYSTEM\MSTASK.EXE
----------------------------
Threads:2
ProcID:4294903573
ParentProcID:4294938317
BasePriority:Normal


#:5 Name: C:\WINDOWS\SYSTEM\SSDPSRV.EXE
----------------------------
Threads:4
ProcID:4294899317
ParentProcID:4294938317
BasePriority:Normal


#:6 Name: C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
----------------------------
Threads:4
ProcID:4294901049
ParentProcID:4294935421
BasePriority:Normal


#:7 Name: C:\WINDOWS\SYSTEM\mmtask.tsk
----------------------------
Threads:1
ProcID:4294847405
ParentProcID:4294935421
BasePriority:Normal


#:8 Name: C:\WINDOWS\EXPLORER.EXE
----------------------------
Threads:6
ProcID:4294842305
ParentProcID:4294935421
BasePriority:Normal


#:9 Name: C:\WINDOWS\TASKMON.EXE
----------------------------
Threads:1
ProcID:4294764517
ParentProcID:4294842305
BasePriority:Normal


#:10 Name: C:\WINDOWS\SYSTEM\SYSTRAY.EXE
----------------------------
Threads:1
ProcID:4294821277
ParentProcID:4294842305
BasePriority:Normal


#:11 Name: C:\WINDOWS\SYSTEM\STIMON.EXE
----------------------------
Threads:4
ProcID:4294767901
ParentProcID:4294842305
BasePriority:Normal


#:12 Name: C:\PROGRAMMI\REAL\REALPLAYER\REALPLAY.EXE
----------------------------
Threads:6
ProcID:4294738765
ParentProcID:4294842305
BasePriority:Normal


#:13 Name: C:\WINDOWS\SYSTEM\QTTASK.EXE
----------------------------
Threads:1
ProcID:4294731701
ParentProcID:4294842305
BasePriority:Normal


#:14 Name: C:\WINDOWS\RUNDLL32.EXE
----------------------------
Threads:5
ProcID:4294718717
ParentProcID:4294842305
BasePriority:Normal


#:15 Name: C:\WINDOWS\SYSTEM\VER_CHK.EXE
----------------------------
Threads:2
ProcID:4294705297
ParentProcID:4294842305
BasePriority:Normal


#:16 Name: C:\PROGRAMMI\NORTON ANTIVIRUS\NSCHED32.EXE
----------------------------
Threads:1
ProcID:4294689949
ParentProcID:4294842305
BasePriority:Normal


#:17 Name: C:\WINDOWS\SYSTEM\WINRAS.EXE
----------------------------
Threads:1
ProcID:4294660117
ParentProcID:4294705297
BasePriority:Normal


#:18 Name: C:\PROGRAMMI\LAVASOFT AD-AWARE\AD-AWARE.EXE
----------------------------
Threads:1
ProcID:4294722109
ParentProcID:4294842305
BasePriority:Normal


Memory scan result:
Total modules found:18
Suspicious modules found:0


Started registry scan
======================
Aureate key:HKEY_CLASSES_ROOT\software\aureate\
Aureate key:HKEY_LOCAL_MACHINE\software\aureate\
Aureate key:HKEY_USERS\.default\software\netscape\netscape navigator\automation shutdown\stub.netscapestop.1
Aureate key:HKEY_USERS\.default\software\netscape\netscape navigator\automation startup\netscape starting
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\run\cmesys
Aureate key:Netscape starting\Curver\Stub.NetscapeStart.1


Started extended registry scan
===============================


Registry scan result:
Suspicious keys found : 6


Started folder scan
====================
Now processing drive (C), 0 remaining.
Gator file:C:\WINDOWS\GatorUninstaller.log
FileSize : 0 kb
FileCreation time : 12/09/02 9.42.41
Last accessed : 20/11/02
OS : No executable

Gator file:C:\WINDOWS\GatorPatch.log
FileSize : 11 kb
FileCreation time : 20/07/02 11.06.29
Last accessed : 20/11/02
OS : No executable

Gator file:C:\WINDOWS\GatorPdpSetup.log
FileSize : 14 kb
FileCreation time : 21/05/02 8.57.54
Last accessed : 20/11/02
OS : No executable

Other folder:C:\WINDOWS\Profiles\Stefano\Menu Avvio\Programmi\NetSonic
Other folder:C:\Programmi\NetSonic
Finished processing Drive(C), 2640 folders total.

Folder scan result:
Folders processed:2640
Suspicious folders found:2


Started file scan
==================
Web3000 file:C:\WINDOWS\SYSTEM\WebOut.exe
FileSize : 103 kb
FileCreation time : 30/03/99 22.07.32
Last accessed : 20/11/02
OS : No executable

Gator file:C:\WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\GStartup.lnk
FileSize : 0 kb
FileCreation time : 20/07/02 11.06.56
Last accessed : 20/11/02
OS : No executable

Other file:C:\WINDOWS\Profiles\Stefano\Menu Avvio\Programmi\NetSonic\NetSonic.lnk
FileSize : 0 kb
FileCreation time : 30/03/99 22.07.33
Last accessed : 20/11/02
OS : No executable

Gator file:C:\WINDOWS\GatorUninstaller.log
FileSize : 0 kb
FileCreation time : 12/09/02 9.42.41
Last accessed : 20/11/02
OS : No executable

Gator file:C:\WINDOWS\GatorPatch.log
FileSize : 11 kb
FileCreation time : 20/07/02 11.06.29
Last accessed : 20/11/02
OS : No executable

Gator file:C:\WINDOWS\GatorPdpSetup.log
FileSize : 14 kb
FileCreation time : 21/05/02 8.57.54
Last accessed : 20/11/02
OS : No executable


File scan result:
Suspicious files found:9



Scanning finished
==================
Suspicious modules found:0
Suspicious keys found : 6
Suspicious folders found:2
Suspicious files found:9
=========================
Components ignored:0
Total components found:17

COSA MI CONSIGLI DI FARE?

DavideDave
21-11-2002, 10.03.28
da ad aware fai un backup di tutto quello che ti trova...pulisci...riavvia...e vedi se hai risolto ;)