www.MegaLab.it

da **akira2108** » dom feb 03, 2008 3:36 pm

salve! anche io ho attualmente questo problema: il maledetto virus BAGLE...sto seguendo la vostra procedura. posto il log ottenuto con Elibagla:

Sun Feb 03 04:41:43 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE -->

Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT -->

Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS -->

Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.96
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE -->

Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Feb 03 04:43:35 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 7154
Nº Total de Ficheros: 100423
Nº de Ficheros Analizados: 11501
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0

Sun Feb 03 04:54:24 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\

Nº Total de Directorios: 416
Nº Total de Ficheros: 6373
Nº de Ficheros Analizados: 1183
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Feb 03 04:55:08 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 3
Nº Total de Ficheros: 2
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Feb 03 04:55:19 2008
EliBagle v10.96 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 6840
Nº Total de Ficheros: 95821
Nº de Ficheros Analizados: 8617
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

grazie....

da **ste_95** » dom feb 03, 2008 3:37 pm

Leggere e applicare:

http://www.MegaLab.it/forum/viewtopic.php?t=34966

da **akira2108** » dom feb 03, 2008 3:43 pm

ho appena terminato anche la scansione con kaspersky...come faccio a postare il log?

da **ste_95** » dom feb 03, 2008 3:44 pm

trovi tutte le istruzioni nell'ultimo post della discussione che ti ho dato nel mio precedente post.

da **akira2108** » dom feb 03, 2008 3:56 pm

questo è il report di kaspersky

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
G:\

Scan Statistics
Total number of scanned objects 107592
Number of viruses found 6
Number of infected objects 18
Number of suspicious objects 0
Duration of the scan process 22:16:48

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\MSHist012008020220080203\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Acer Arcade\Log\Trace20080202.log Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\graziasant@tiscali.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\graziasant@tiscali.it\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\graziasant@tiscali.it\SharingMetadata\Working\database_442C_DF25_2CDF_10B2\dfsr.db Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\graziasant@tiscali.it\SharingMetadata\Working\database_442C_DF25_2CDF_10B2\fsr.log Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\graziasant@tiscali.it\SharingMetadata\Working\database_442C_DF25_2CDF_10B2\fsrtmp.log Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\graziasant@tiscali.it\SharingMetadata\Working\database_442C_DF25_2CDF_10B2\tmp.edb Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\graziasant@tiscali.it\real\members.stg Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\graziasant@tiscali.it\shadow\members.stg Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\Perflib_Perfdata_5a8.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\Perflib_Perfdata_80c.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\Perflib_Perfdata_884.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DF3A91.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DF3A9C.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DF5D04.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DF5D34.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe/file002/TBEDRS.DLL Infected: not-a-virus:AdWare.Win32.Shopper.t skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe/file002 Infected: not-a-virus:AdWare.Win32.Shopper.t skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe Inno: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\i386\ntkrnlpa.exe Object is locked skipped

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jc skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\CnxDslWz.log Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.jc skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\sqlite_i6sF0CHkLRasKAC Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip/Adobe Illustrator CS3 Ita + crack (OK)/crack/US Adobe Illustrator CS3 crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped

G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip ZIP: infected - 1 skipped

G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip/AVS Ringtone Maker 1.5.1.20 [Cracked].exe Infected: Trojan-Downloader.Win32.Bagle.jc skipped

G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip ZIP: infected - 1 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

da **ste_95** » dom feb 03, 2008 4:00 pm

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip
G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Ora, se tutto è andato a buon fine, dovresti riuscire a reinstallare un valido antivirus.

da **akira2108** » dom feb 03, 2008 4:19 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ourgocrp

*******************

Script file located at: \??\C:\Program Files\gdcgfkaw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg
Status: 0xc0000103

Error: C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg is not a folder! It may instead be a file.
Deletion of folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg failed!

Could not process line:
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg
Status: 0xc0000103

Error: C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe is not a folder! It may instead be a file.
Deletion of folder C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000103

Could not open folder G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip for deletion
Deletion of folder G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip failed!

Could not process line:
G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip
Status: 0xc000003a

Could not open folder G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip for deletion
Deletion of folder G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip failed!

Could not process line:
G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip
Status: 0xc000003a

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » dom feb 03, 2008 4:21 pm

Scusa, avevo fatto un errore nello script, inserisci ancora questo:

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip
G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip

Folders to delete:
C:\WINDOWS\system32\drivers\down

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

da **akira2108** » dom feb 03, 2008 4:30 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\itpuaonn

*******************

Script file located at: \??\C:\algalfnq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034

File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe not found!
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034

File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\1GMC4V8C\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\3SW1LPMY\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\432AFJ15\MegaPack-Coolstreaming[1].exe deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7Z81C35C\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\9Y6M23WE\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\BLEL9C8H\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\EC7FSNV5\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\NBZU3ZCY\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VAPSQEK4\b64_1[1].jpg deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.

Could not open file G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip for deletion
Deletion of file G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip failed!

Could not process line:
G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip
Status: 0xc000003a

Could not open file G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip for deletion
Deletion of file G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip failed!

Could not process line:
G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip
Status: 0xc000003a

Folder C:\WINDOWS\system32\drivers\down deleted successfully.

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » dom feb 03, 2008 4:32 pm

Elimina manualmente questi due file:

G:\incoming emule\- Adobe Illustrator Cs3 Ita Crack.zip
G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip

Riscarica gli eseguibili dei programmi di sicurezza e reinstalla un antivirus.

da **akira2108** » dom feb 03, 2008 4:41 pm

grazie 1000000000....sembra che adesso vada tutto ok!!!!
[^]

m , mi chiedevo ma allora questo virus come l'ho beccato? e adesso devo impostare qualcosa per nn ri-beccarlo più? e che anti-virus mi consigli tra quelli gratuiti?
grazie ancora [:)]

da **ste_95** » dom feb 03, 2008 4:49 pm

Come antivirus ti consiglio Avira Antivir.

Ripristina la modalità provvisoria utilizzando questo file.

Il trojan lo hai preso aprendo questo file:

G:\incoming emule\AVS Ringtone Maker 1.5.1.20 [Cracked].zip

www.MegaLab.it

Infettato da bagle

Chi c’è in linea