www.MegaLab.it

da **triskell** » ven ago 31, 2007 8:28 pm

hai un link?

da **triskell** » ven ago 31, 2007 8:32 pm

non parte nemmeno....

da **triskell** » ven ago 31, 2007 11:39 pm

sono riuscita a fare la scansione di kaspersky on line e ho trovato due versioni di beagle : cw e iz.... credo
comunque posto il log perché ci sono anche altre porcherie.....

forse gli script di avenger nel post in evidenza non sono sufficienti, ma nemmeno i tools che ho trovato sul sito di kaspersky sembrano essere stati utili perché non hanno trovato niente

da **triskell** » ven ago 31, 2007 11:40 pm

KASPERSKY ONLINE SCANNER REPORT
Friday, August 31, 2007 11:39:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/08/2007
Kaspersky Anti-Virus database records: 401539

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 57009
Number of viruses found 4
Number of infected objects 20
Number of suspicious objects 0
Duration of the scan process 01:05:31

Infected Object Name Virus Name Last Action
C:\avenger\backup-31.08.2007-20.30.48,39.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\avenger\backup-31.08.2007-20.30.48,39.zip/avenger/srosa.sys Infected: Email-Worm.Win32.Bagle.iz skipped

C:\avenger\backup-31.08.2007-20.30.48,39.zip ZIP: infected - 2 skipped

C:\avenger\backup-31.08.2007-20.59.03,18.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\avenger\backup-31.08.2007-20.59.03,18.zip/avenger/srosa.sys Infected: Email-Worm.Win32.Bagle.iz skipped

C:\avenger\backup-31.08.2007-20.59.03,18.zip ZIP: infected - 2 skipped

C:\avenger\backup-31.08.2007-21.27.38,17.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\avenger\backup-31.08.2007-21.27.38,17.zip/avenger/srosa.sys Infected: Email-Worm.Win32.Bagle.iz skipped

C:\avenger\backup-31.08.2007-21.27.38,17.zip ZIP: infected - 2 skipped

C:\avenger\backup.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\avenger\backup.zip/avenger/srosa.sys Infected: Email-Worm.Win32.Bagle.iz skipped

C:\avenger\backup.zip ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\ANNAMARIA\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ANNAMARIA\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ANNAMARIA\Cronologia\History.IE5\MSHist012007083120070901\index.dat Object is locked skipped

C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Dati applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse Object is locked skipped

C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Temp\IH258.tmp Infected: Trojan.Win32.Dialer.fl skipped

C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip/Big Kahuna Reef.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip ZIP: infected - 1 skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe Infected: Trojan-Downloader.Win32.Bagle.cw skipped

C:\Programmi\Servizi in linea\IT\Interfree\HP-easy.exe/data0003 Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped

C:\Programmi\Servizi in linea\IT\Interfree\HP-easy.exe Inno: infected - 1 skipped

Scan process completed.

da **crazy.cat** » sab set 01, 2007 7:07 am

Dai questo script ad avenger, dopo il riavvio cancella anche la cartella c:\avenger.
Posta qui nuovamente il txt finale, se non ti prende subito lo script, prova a riavviare il pc e rifarlo.

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Temp\IH258.tmp
C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe
C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32

da **ste_95** » sab set 01, 2007 7:22 am

scusa se te lo chiedo....:

come mai hai messo entrambi questi:

C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe
C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip

non bastava eliminare lo zip?

da **crazy.cat** » sab set 01, 2007 7:38 am

ste_95 ha scritto:non bastava eliminare lo zip?

No, perché il file Big Kahuna Reef.exe è stato estratto dal zip, quindi deve cancellarli tutti e due.

Comunque adesso si capisce da dove ha preso l'infezione e perché si è replicata.

Adesso aggiungo l'obbligo della scansione online su kaspersky prima di fare lo script.

da **triskell** » sab set 01, 2007 11:44 am

ho seguito le istruzioni di crazy:
ecco il log finale di Avenger
l'ho dovuto lanciare un po'' di volte

ho anche cancellato the avenger da C:/

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xncurewa

*******************

Script file located at: \??\C:\Documents and Settings\actuvhly.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034

File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Temp\IH258.tmp not found!
Deletion of file C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Temp\IH258.tmp failed!

Could not process line:
C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Temp\IH258.tmp
Status: 0xc0000034

File C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe not found!
Deletion of file C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe failed!

Could not process line:
C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe
Status: 0xc0000034

File C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip not found!
Deletion of file C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip failed!

Could not process line:
C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip
Status: 0xc0000034

File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found!
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000034

File C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe not found!
Deletion of file C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe failed!

Could not process line:
C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
Status: 0xc0000034

Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034

Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

da **crazy.cat** » sab set 01, 2007 12:01 pm

Non ha cancellato un piffero....

Cancellali tu a mano, usa unlocker o killbox se ti danno problemi.

C:\Documents and Settings\ANNAMARIA\Impostazioni locali\Temp\IH258.tmp
C:\Programmi\eMule\Incoming\Big Kahuna Reef\Big Kahuna Reef.exe
C:\Programmi\eMule\Incoming\Big Kahuna Reef.zip
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

da **triskell** » sab set 01, 2007 12:49 pm

che le abbia cancellate in una delle prime scansioni che ho lanciato perché , di fatto , ora avast è correttamente installato e gmer non mi rileva rootkit nemmeno nella scansione preliminare nemmeno controllando a mano trovo le chiavi che mi elenchi.
effettivamente nella prima scansione che ho fatto non mi dava l'errore ma mi aveva creato il notepad in bianco...

da **triskell** » sab set 01, 2007 1:12 pm

che è tutto a posto,
ho ripristinato il registro del wi fi e ora sono anche connessa al mio router. [rotolo]

ho fatto un po' di pulizia con ccleaner.... ho tolto tutte le boiate che c'erano...

posto solo un ultimo log di hjack per conferma....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.12.31, on 01/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ANNAMARIA\Application Data\m\flec006.exe
C:\Programmi\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ANNAMARIA\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ANNAMARIA\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Programmi\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O24 - Desktop Component 0: (no name) - http://images.sfondo.it/img/animali/Panda1_1024.jpg
O24 - Desktop Component 1: (no name) - http://www.webalice.it/silvamamusy/ciccio.jpg
O24 - Desktop Component 2: (no name) - http://web.rossoalice.it/silvamamusy/astratto2.jpg

--
End of file - 7346 bytes [:D]

da **crazy.cat** » sab set 01, 2007 1:23 pm

Cancella questa riga con hijackthis
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
controlla che il file exe non ci sia

da **triskell** » sab set 01, 2007 1:30 pm

kaspersky log

KASPERSKY ONLINE SCANNER REPORT
Saturday, September 01, 2007 2:28:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/09/2007
Kaspersky Anti-Virus database records: 401879

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Memory

Scan Statistics
Total number of scanned objects 2159
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:00:54

Infected Object Name Virus Name Last Action
[524] flec006.exe => C:\Documents and Settings\ANNAMARIA\Application Data\m\flec006.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped

Scan process completed

da **crazy.cat** » sab set 01, 2007 1:33 pm

Cancella tutto.
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ANNAMARIA\Application Data\m\flec006.exe

Prova i piccoli file che scarichi dal p2p su www.virustotal.com, avast non vale più come antivirus.

da **triskell** » sab set 01, 2007 1:36 pm

gli ho rimosso il mulo.. e ora la scansione con kasper mi dà nuovamente due oggetti infetti.... porcaputt...

da **triskell** » sab set 01, 2007 3:30 pm

Una nuova scansione di viruscan che ho interrotto per indisponibilità
entanea della connessione mi trova tutte ste porcherie

dove trovo sto "recyclers"?
ora funziona tutto ma è ovvio che la macchina è ancora infetta..

da **crazy.cat** » sab set 01, 2007 4:45 pm

recyclers è il cestino di windows, svuotalo.

da **triskell** » sab set 01, 2007 4:55 pm

ehm...mi era venuto il dubbio.....:) sto rifacendo la scansione...con kasper

da **triskell** » sab set 01, 2007 5:21 pm

ok la scansione con kasper ora è pulita
ho rimosso anche qualche dialer qua e là....

sono morta ma ce l'ho fatta davvero

grazie crazy.... ne ho imparate di cose da te..... [acc2]

un bacio! (si puo?) [bleh]

da **crazy.cat** » sab set 01, 2007 5:24 pm

triskell ha scritto:un bacio! (si puo?)

Certo....e dimenticati del mulo per qualche tempo girano solo virus in questo periodo.

www.MegaLab.it

bagle o che altro?

ultimo aggiornamento

ecco il log di kaspersky

buongiorno....

crazy mi sa che chi siamo...

confermo

si c'e ancora qualcosa....

niente p2p

Chi c’è in linea