trovato in windows/downloaded program files ( non e' la cartella dei programmi scaricati con gli aggiornamenti) un file cab, che sembra essere questo virus, come dice il programma, un harmful backdoor BDS/checkno.buo
non posso farlo, perche' la cartella non contiene il file, o quantomeno non me lo fa vedere, e' una cartella con la e di explorer sopra, se ci clicco mi compare una schermata con i programmi installati, tra l'altro mi risulta solo shockwave
strumenti -> opzioni cartella -> visualizzazione -> "visualizza cartelle e file nascosti" e poi togli la spunta da "nascondi file protetti e di sistema"
no, non si vede, mi mostra solo una pagina che mi dice che c'e' questo showave flash object che se metto il file e' installato se lo metto in quarantina e' danneggiato.,....
sembrerebbe un controllo di active x.... ho provato anche a fare un aggiornamento, bho.. forse e' un falso, pero' non capisco come posso arrivare al file cab
Avira AntiVir Personal
Report file date: sabato 19 luglio 2008 18:02
Scanning for 1476110 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MEACCI
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: sabato 19 luglio 2008 18:02
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cdrom_mon.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'c6Messenger.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '52' files ).
Starting the file scan:
Begin scan in 'C:\'
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\Documents and Settings\Livio\Documenti\giochi\xcom3.zip
[0] Archive type: ZIP
--> apocalypse.part02.rar
[1] Archive type: RAR
--> apocalypse\Maps\01senate\Mapunits\Floor.pck
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> apocalypse.part03.rar
[1] Archive type: RAR
--> apocalypse\Ufopaedi\05autops.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> apocalypse.part04.rar
[1] Archive type: RAR
--> apocalypse\Ufopaedi\31water.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> apocalypse.part05.rar
[1] Archive type: RAR
--> apocalypse\Ufopaedi\W38.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> apocalypse.part06.rar
[1] Archive type: RAR
--> apocalypse\Smk\Lose1.smk
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> apocalypse.part07.rar
[1] Archive type: RAR
--> apocalypse\Smk\Wingame2.smk
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> apocalypse.part09.rar
[1] Archive type: RAR
--> apocalypse\Maps\01senate\01sec01.smp
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art02.rar
[0] Archive type: RAR
--> apocalypse\Maps\01senate\Mapunits\Floor.pck
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art03.rar
[0] Archive type: RAR
--> apocalypse\Ufopaedi\05autops.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art04.rar
[0] Archive type: RAR
--> apocalypse\Ufopaedi\31water.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art05.rar
[0] Archive type: RAR
--> apocalypse\Ufopaedi\W38.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art06.rar
[0] Archive type: RAR
--> apocalypse\Smk\Lose1.smk
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art07.rar
[0] Archive type: RAR
--> apocalypse\Smk\Wingame2.smk
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Documents and Settings\Livio\Documenti\giochi\xcom3\apocalypse.p art09.rar
[0] Archive type: RAR
--> apocalypse\Maps\01senate\01sec01.smp
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part02.rar
[0] Archive type: RAR
--> apocalypse\Maps\01senate\Mapunits\Floor.pck
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part03.rar
[0] Archive type: RAR
--> apocalypse\Ufopaedi\05autops.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part04.rar
[0] Archive type: RAR
--> apocalypse\Ufopaedi\31water.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part05.rar
[0] Archive type: RAR
--> apocalypse\Ufopaedi\W38.pcx
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part06.rar
[0] Archive type: RAR
--> apocalypse\Smk\Lose1.smk
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part07.rar
[0] Archive type: RAR
--> apocalypse\Smk\Wingame2.smk
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\livio\xcom3\apocalypse.part09.rar
[0] Archive type: RAR
--> apocalypse\Maps\01senate\01sec01.smp
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Ceckno.buo back-door program
[WARNING] The file was ignored!
End of the scan: sabato 19 luglio 2008 18:51
Used time: 49:12 Minute(s)
The scan has been done completely.
9584 Scanning directories
291584 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
291582 Files not concerned
2095 Archives were scanned
23 Warnings
0 Notes
D:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
questo è il nome del file e come vedi non è un file cab ma è un eseguibile
senza contare che non si trova in una cartella di sistema e che se cerchi su google lo riconoscono come virus
metti in quarantena e così non ci pensi più
alla peggio se poi hai problemi lo ripristini
cmq, innanzitutto come al solito vi ringrazio, ho aggiornado il flash di adobe, rifatto la scansione e non risulta piu' nulla, quindi o era un falso, o adesso il virus si e' spostato chissa dove, ma per adesso penso che possiamo chiudere....
scansione con avira antivir
Permessi di Scrittura
Rispondi Citando