Go Back   Forum > Tecno-Cool > Sicurezza

LOGIN / ENTRA

Register FAQ Live Now! Rules Live TV Arcade Search Today's Posts Mark Forums Read



Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us adding to your whitelist www.coolstreaming.us . Read Guide


Reply
 
Thread Tools Search this Thread Display Modes Translate
  #1  
Old 02-13-2007, 10:26 PM
Ringhio8 Ringhio8 is offline
Senior Member
 

Join Date: Oct 2005
Location: un'isola in mezzo al mediterraneo
Posts: 1,032
Ringhio8 is on a distinguished road
Send a message via MSN to Ringhio8
Default Trojan

Kaspersky Online scanner mi ha rilevato questo trojan Trojan-PSW.Win32.OnLineGames.ib nella cartella di Windows, esattamente in un file chiamato LgSym.dll

Ho fatto pure una scansione con symantec e mcafee online e pure loro hanno rilevato 'sto file icon il trojan.

qualcuno sa qualcosa su questo trojan o come fare a toglierlo?

grazie

Last edited by Ringhio8 : 02-13-2007 at 11:35 PM.


ToolBar Coolstreaming Reply With Quote
  #2  
Old 02-13-2007, 10:43 PM
alma alma is offline
Moderator
 
alma's Avatar
 

Join Date: Nov 2005
Posts: 5,963
alma is on a distinguished road
Default

Quote:
Originally Posted by Ringhio8
Kaspersky Online scanner mi ha rilevato questo trojan Trojan-PSW.Win32.OnLineGames.ib nella cartella di Windows, esattamente in un file chiamato LgSym.dll

qualcuno sa qualcosa su questo trojan o come fare a toglierlo?

grazie

Par sian...acidi!
http://www.viruslist.com/en/viruses...?virusid=151445
Sorry.
Prova ametterlo in ricerca qui:
http://www.antiviruslab.com/search.php?lang=gb
e vedi se puoi curarlo come i suoi simili.

Last edited by alma : 02-13-2007 at 11:06 PM.


ToolBar Coolstreaming Reply With Quote
  #3  
Old 02-13-2007, 11:46 PM
Ringhio8 Ringhio8 is offline
Senior Member
 

Join Date: Oct 2005
Location: un'isola in mezzo al mediterraneo
Posts: 1,032
Ringhio8 is on a distinguished road
Send a message via MSN to Ringhio8
Default

se lo metto in ricerca lo trova questo trojan pero' sembra che non dia soluzioni per curarlo

cmq grazie alma


ToolBar Coolstreaming Reply With Quote
  #4  
Old 02-14-2007, 12:15 AM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,478
sefirothmorpheus is on a distinguished road
Default

ringhio
mi fai una scansione con hijackthis e mi posti il log?
grazie
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non Ŕ gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarÓ!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


ToolBar Coolstreaming Reply With Quote
  #5  
Old 02-14-2007, 12:36 AM
Ringhio8 Ringhio8 is offline
Senior Member
 

Join Date: Oct 2005
Location: un'isola in mezzo al mediterraneo
Posts: 1,032
Ringhio8 is on a distinguished road
Send a message via MSN to Ringhio8
Default

ale, dovrebbe essere questo no?

Logfile of HijackThis v1.99.1
Scan saved at 11:33:59 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acmilan.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/s...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/c...msearch-en.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [rundll] C:\Program Files\Common Files\rundll.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [r03b37db3] C:\WINDOWS\iexpl0re.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...can_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...961/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C1DF2DF-8D5A-410E-8C57-FC5447436374}: NameServer = 217.145.4.33,217.145.4.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB931AF3-FFA5-4C96-BCB9-DFC23F3D2510}: NameServer = 217.145.4.33 217.145.4.34
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


ToolBar Coolstreaming Reply With Quote
  #6  
Old 02-14-2007, 12:42 AM
petrescu petrescu is offline
Moderatore
 

Join Date: Mar 2006
Location: Salentu:lu sule,lu mare,lu jentu
Posts: 3,543
petrescu is on a distinguished road
Default

io vedo 4 voci che hanno trojan....per˛ aspettiamo sefiroth
__________________
VISITA LA MIA PAGINA FACEBOOK


ToolBar Coolstreaming Reply With Quote
  #7  
Old 02-14-2007, 12:45 AM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,478
sefirothmorpheus is on a distinguished road
Default

elimina:
O4 - HKLM\..\Run: [rundll] C:\Program Files\Common Files\rundll.exe
O4 - HKCU\..\Run: [r03b37db3] C:\WINDOWS\iexpl0re.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)

questo lo elimini con un anti spyware o con adaware:
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing


conosci questi ip?
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C1DF2DF-8D5A-410E-8C57-FC5447436374}: NameServer = 217.145.4.33,217.145.4.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB931AF3-FFA5-4C96-BCB9-DFC23F3D2510}: NameServer = 217.145.4.33 217.145.4.34

P.S.
il mio nome Ŕ sefiroth... non ale!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non Ŕ gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarÓ!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


ToolBar Coolstreaming Reply With Quote
  #8  
Old 02-14-2007, 12:45 AM
zibibbo zibibbo is offline
泽比波葡萄
 
zibibbo's Avatar
 

Join Date: Aug 2005
Posts: 3,188
zibibbo is on a distinguished road
Default

c'Ŕ un po di robaccia... controlla ed elimina tu stesso quelli da eliminare (x rossa)!
http://www.hijackthis.de/it
__________________
Prima di chiedere CERCA sul forum, nel 99,9999% dei casi il tuo argomento Ŕ giÓ stato trattato e la tua domanda ha giÓ una risposta!


Schedule: Serie A - Premier league - Liga - Bundesliga - Lfp - Champions League - Uefa Cup - ecc. ecc.
Link radio: Serie A e B
su www.zibibbo****


ToolBar Coolstreaming Reply With Quote
  #9  
Old 02-14-2007, 12:48 AM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,478
sefirothmorpheus is on a distinguished road
Default

si le x rosse sono sicuramente da eliminare... in questo caso...
spesso quel sito sbaglia... per questo Ŕ meglio prendere visione dei risultati!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non Ŕ gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarÓ!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


ToolBar Coolstreaming Reply With Quote
  #10  
Old 02-14-2007, 12:51 AM
zibibbo zibibbo is offline
泽比波葡萄
 
zibibbo's Avatar
 

Join Date: Aug 2005
Posts: 3,188
zibibbo is on a distinguished road
Default

Quote:
Originally Posted by sefirothmorpheus
si le x rosse sono sicuramente da eliminare... in questo caso...
spesso quel sito sbaglia... per questo Ŕ meglio prendere visione dei risultati!

prima ho controlato ed ho visto che in rosso ha segnalato solo cose da eliminare
... fai una bella recenzione di hijackthis
__________________
Prima di chiedere CERCA sul forum, nel 99,9999% dei casi il tuo argomento Ŕ giÓ stato trattato e la tua domanda ha giÓ una risposta!


Schedule: Serie A - Premier league - Liga - Bundesliga - Lfp - Champions League - Uefa Cup - ecc. ecc.
Link radio: Serie A e B
su www.zibibbo****


ToolBar Coolstreaming Reply With Quote
Reply







Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT +2. The time now is 08:25 PM.



Powered by: vBulletin Version 3.0.7
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0 ©2007, Crawlability, Inc.