Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.101 2009.05.02 -
AhnLab-V3 5.0.0.2 2009.05.01 -
AntiVir 7.9.0.160 2009.05.02 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.05.01 -
Avast 4.8.1335.0 2009.05.01 -
AVG 8.5.0.327 2009.05.01 -
BitDefender 7.2 2009.05.02 -
CAT-QuickHeal 10.00 2009.05.02 -
ClamAV 0.94.1 2009.05.02 -
Comodo 1147 2009.05.02 -
DrWeb 4.44.0.09170 2009.05.02 -
eSafe 7.0.17.0 2009.04.30 -
eTrust-Vet 31.6.6487 2009.05.02 -
F-Prot 4.4.4.56 2009.05.01 -
F-Secure 8.0.14470.0 2009.05.02 -
Fortinet 3.117.0.0 2009.05.02 -
GData 19 2009.05.02 -
Ikarus T3.1.1.49.0 2009.05.02 -
K7AntiVirus 7.10.722 2009.05.02 -
Kaspersky 7.0.0.125 2009.05.02 -
McAfee 5602 2009.05.01 -
McAfee+Artemis 5602 2009.05.01 -
McAfee-GW-Edition 6.7.6 2009.05.02 -
Microsoft 1.4602 2009.05.02 -
NOD32 4049 2009.05.01 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.02 -
Panda 10.0.0.14 2009.05.02 -
PCTools 4.4.2.0 2009.05.02 -
Prevx1 3.0 2009.05.02 -
Rising 21.27.41.00 2009.05.01 -
Sophos 4.41.0 2009.05.02 -
Sunbelt 3.2.1858.2 2009.05.02 -
Symantec 1.4.4.12 2009.05.02 -
TheHacker 6.3.4.1.317 2009.05.02 -
TrendMicro 8.950.0.1092 2009.05.01 -
VBA32 3.12.10.4 2009.05.02 -
ViRobot 2009.5.1.1717 2009.05.01 -
VirusBuster 4.6.5.0 2009.05.01 -
Informazioni addizionali
File size: 10693 bytes
MD5…: 7d441f8b91046a208408b652ca3bb0a6
SHA1…: ff8136620bbeb7c002985f15d702935747336f20
SHA256: 7672cd6d901eb317455e70a78d168b242a74b907df6d7d0aec187e7efd76f904
SHA512: b9ce5767383761b692c2a815e655e922bf06104ca7f4b22ec8a841c7b769ea1a
07005fb7fbb030892e029e0a09a15536fe4351343fc32f86dc564c6b561e3519
ssdeep: 192:ijGYnsROJeuQwPWt7hMdceebXh7dhprm/j:iNteuxPWPt/bR7dLrm/j

PEiD…: -
TrID…: File type identification
HijackThis logfile (100.0%)
PEInfo: -
PDFiD.: -
RDS…: NSRL Reference Data Set

I,m sure this file is a legit from Intel, but send it to VT for a look please igfxext.exe C:\Windows\system32\igfxext.exe

http://www.virustotal.com/

ok,i i’ve just sent thet single file to VT and here is the result…

Please ignore the first one…here is the result :-..i forgot the file…

i run a new scan few min.ago and i found…
O4 - HKCU..\Run: [oaiau] “c:\users\fausto\appdata\local\oaiau.exe” oaiau
i’m sure i fixed this one after mickey 77’s advice! ???any idea???

I did not tell you to fix it.You sent it to Virustotal, yes ? It was negative

http://forum.avast.com/index.php?topic=44694.msg375467#msg375467

Please run again MBAM, and download SAS, update ,run and post both logs
http://www.superantispyware.com/
Also are there any entries in your host file C:\Windows\System32\drivers\etc\hosts Right click and choose open, with notepad

What file did you send to Virustotal ? Did you send oaiau.exe ?
The MD5…: 7d441f8b91046a208408b652ca3bb0a6 shows you sent Doc_hjt.txt What is that ?
http://www.virustotal.com/analisis/4ab3b3b605acbddbe16f6be3a7f8ac8a

And the other file I asked you to send igfxext.exe
The MD5…: 59903071d7ace6a02093c47e9e38af97
shows this Dwm.exe http://www.virustotal.com/analisis/fd1c22efedae019d684befa2bb7a0cef
I am confused

[quote author=micky77 link=topic=44694.msg375663#msg375663 date=1241348844]
I did not tell you to fix it.You sent it to Virustotal, yes ? It was negative

http://forum.avast.com/index.php?topic=44694.msg375467#msg375467

Please run again MBAM, and download SAS, update ,run and post both logs
http://www.superantispyware.com/
Also are there any entries in your host file C:\Windows\System32\drivers\etc\hosts Right click and choose open, with notepad
Idid not write that you told me to fix…i’ve decided by my self …now everything seems to go fine anyway.In case something should turn bad i will follow your advice.A big thanxxx!!!

i sent to virus total the hijack log file,first.And then only the file you indicate to me… i am sure about that…

You need to navigate to c:\users\fausto\appdata\local\oaiau.exe to find the file.
If you fixed that entry O4 - HKCU..\Run: [oaiau] “c:\users\fausto\appdata\local\oaiau.exe” oaiau
and its solved your problem, you could send it to virus@avast.com, and then delete the file.

After a new scan with MBAM has been found a “rogue residue”(deleted now).Then i run a scan with SUPER ANTISPYWARE but no way to open the logfile(maybe because i used a free version?)to post the results.The elements the scan found were more than 200,i saw again lots of elements named ZANGO.I can post the mbam results,so if someone would give a look at it.it could be useful…Thanx

Malwarebytes’ Anti-Malware 1.36
Versione del database: 2064
Windows 6.0.6001 Service Pack 1

03/05/2009 17.59.34
mbam-log-2009-05-03 (17-59-34).txt

Tipo di scansione: Scansione completa (C:|D:|)
Elementi scansionati: 177091
Tempo trascorso: 2 hour(s), 40 minute(s), 33 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) → Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

I would not worry about MBAM entry.
As for SAS, open SAS, go to preferencies/ statistics/logs double click on latest log. Copy/paste results.
Possible these entries are cookies NOT BAD

;)I appreciate very much what you did Mickey77…thank you!!!Should i run a scan more often to avoid these bad problems ??? ?And, ::)can i delete the quarentenied elements definetely?