www.MegaLab.it

da **figio87** » lun feb 25, 2008 8:53 am

dunque se scrivo tutta la stringa con c:\windows...
non mi trova niente
se scrivo solo exhapvxy.dat
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln

kbdbenev.dll:
HKEY_CLASSES_ROOT\CLSID\{1F9F1983-2C24-46F5-86D6-606C3D202086}\InprocServer32
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

da **ste_95** » lun feb 25, 2008 1:50 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il flag su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto: Registry keys to delete: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln HKEY_CLASSES_ROOT\CLSID\{1F9F1983-2C24-46F5-86D6-606C3D202086} HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente.
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Poi al riavvio inserisci ancora questo script in Avenger:

Codice: Seleziona tutto: Files to delete: C:\windows\system32\kbdbenev.dll C:\windows\system32\kbdbenev.dll.bak C:\WINDOWS\system32\drivers\exhapvxy.dat

da **figio87** » lun feb 25, 2008 3:36 pm

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{1F9F1983-2C24-46F5-86D6-606C3D202086}

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\skpwjnos

*******************

Script file located at: \??\C:\WINDOWS\uwwlixnn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln
Status: 0xc0000022

Could not open registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln
Status: 0xc0000022

Completed script processing.

*******************

Finished! Terminate.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fjoekfde

*******************

Script file located at: \??\C:\Documents and Settings\taqerpnl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\windows\system32\kbdbenev.dll for deletion
Deletion of file C:\windows\system32\kbdbenev.dll failed!

Could not process line:
C:\windows\system32\kbdbenev.dll
Status: 0xc0000022

Could not open file C:\windows\system32\kbdbenev.dll.bak for deletion
Deletion of file C:\windows\system32\kbdbenev.dll.bak failed!

Could not process line:
C:\windows\system32\kbdbenev.dll.bak
Status: 0xc0000022

Could not open file C:\WINDOWS\system32\drivers\exhapvxy.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\exhapvxy.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\exhapvxy.dat
Status: 0xc0000022

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » lun feb 25, 2008 3:38 pm

Riprova entrambi gli script, ma in modalità provvisoria.

da **figio87** » mar feb 26, 2008 12:02 pm

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ifwmlyay

*******************

Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.

Could not open script file! Status: 0xc0000034 Abort!
//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\otspwckp

*******************

Script file located at: \??\C:\WINDOWS\system32\mqsralih.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\windows\system32\kbdbenev.dll for deletion
Deletion of file C:\windows\system32\kbdbenev.dll failed!

Could not process line:
C:\windows\system32\kbdbenev.dll
Status: 0xc0000022

Could not open file C:\windows\system32\kbdbenev.dll.bak for deletion
Deletion of file C:\windows\system32\kbdbenev.dll.bak failed!

Could not process line:
C:\windows\system32\kbdbenev.dll.bak
Status: 0xc0000022

Could not open file C:\WINDOWS\system32\drivers\exhapvxy.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\exhapvxy.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\exhapvxy.dat
Status: 0xc0000022

Completed script processing.

*******************

Finished! Terminate.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ifwmlyay

*******************

Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.

Could not open script file! Status: 0xc0000034 Abort!
//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\otspwckp

*******************

Script file located at: \??\C:\WINDOWS\system32\mqsralih.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\windows\system32\kbdbenev.dll for deletion
Deletion of file C:\windows\system32\kbdbenev.dll failed!

Could not process line:
C:\windows\system32\kbdbenev.dll
Status: 0xc0000022

Could not open file C:\windows\system32\kbdbenev.dll.bak for deletion
Deletion of file C:\windows\system32\kbdbenev.dll.bak failed!

Could not process line:
C:\windows\system32\kbdbenev.dll.bak
Status: 0xc0000022

Could not open file C:\WINDOWS\system32\drivers\exhapvxy.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\exhapvxy.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\exhapvxy.dat
Status: 0xc0000022

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » mar feb 26, 2008 1:54 pm

Disabilita il ripristino configurazione di sistema.

Crea il MegaLabCD e fai il boot da quello all'avvio. Dopo che lo hai avviato apri il menù Start -> Registro -> Remote Regedit e cancella le seguenti chiavi come se fossi all'interno del registro configurazione di Windows:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln
HKEY_CLASSES_ROOT\CLSID\{1F9F1983-2C24-46F5-86D6-606C3D202086}
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

Riavvia e sempre dal MegaLab CD apri il menù Start -> Gestione Risorse -> A43 Management. Elimina ora i seguenti file e cartelle dal disco C:\ come se fossi nel tuo computer:

C:\windows\system32\kbdbenev.dll
C:\windows\system32\kbdbenev.dll.bak
C:\WINDOWS\system32\drivers\exhapvxy.dat

Riesci?

da **figio87** » mer feb 27, 2008 12:20 am

Crea il MegaLabCD e fai il boot da quello all'avvio. Dopo che lo hai avviato apri il menù Start -> Registro -> Remote Regedit e cancella le seguenti chiavi come se fossi all'interno del registro configurazione di Windows:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xqqeboln
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xqqeboln
HKEY_CLASSES_ROOT\CLSID\{1F9F1983-2C24-46F5-86D6-606C3D202086}
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

o sbaglio qlks nel creare il labcd...
perché nella cartella creata (megalabcd) non c'è il menu start! [uhm]

mentre gestione risorse sì.
quindi questo primo procedimento non mi riesce[/quote]

da **ste_95** » mer feb 27, 2008 7:08 am

Devi riavviare il computer, e fare il boot dal CD appena creato. Per impostare le priorità di boot puoi seguire questa guida:

http://www.MegaLab.it/2655

www.MegaLab.it

win32/trojanclicker.delf NAZ non rimovibile

Chi c’è in linea