www.MegaLab.it

da **crazy.cat** » dom mar 09, 2008 3:43 pm

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla lo script nella box bianca che si è aperta:

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.

da **ardito** » dom mar 09, 2008 3:52 pm

ste_95 ha scritto:Prova con questo script:

Files to replace with dummy:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\monica\Dati applicazioni\Sun\Java\Deployment\cache\6.0\20\52ca1394-6ce4dd36
C:\Documents and Settings\monica\Dati applicazioni\Sun\Java\Deployment\cache\6.0\52\7e615cf4-138fdb14
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\01ERGLMN\b64_3[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\0PINWDUV\b64_31[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\0PINWDUV\b64_3[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2LXAF6XO\b64[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2LXAF6XO\b64_31[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2XCR6TGT\b64_1[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\C1I3O1IN\b64_2[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\C1I3O1IN\mxd[2].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\GPUBO9AZ\b64_31[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\HUGBIJTF\b64_3[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\IGTU78I4\b64[2].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\M38NIX47\b64[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\M38NIX47\b64_3[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PG2SMZ4O\b64[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PG2SMZ4O\b64_2[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PNNFX90E\b64_31[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PNNFX90E\b64_3[1].jpg
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\SLYRSLE3\b64_1[1].jpg
C:\WINDOWS\system32\i
C:\WINDOWS\system32\o

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\monica\Dati applicazioni\m

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

E' QUESTO LO SCRIP DA INSERIRe ????

da **crazy.cat** » dom mar 09, 2008 3:55 pm

Si usa quello

da **ardito** » dom mar 09, 2008 3:56 pm

OK, ora procedo.

da **ardito** » dom mar 09, 2008 4:07 pm

Avenger ha risposto cosi:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jbxaxlen

*******************

Script file located at: \??\C:\WINDOWS\system32\bnuekict.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe not found!
Replacement with dummy of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys replaced with dummy successfully.
File C:\WINDOWS\system32\wintems.exe replaced with dummy successfully.
File C:\windows\system32\drivers\hldrrr.exe replaced with dummy successfully.
File C:\WINDOWS\system32\mdelk.exe replaced with dummy successfully.
File C:\Documents and Settings\monica\Dati applicazioni\Sun\Java\Deployment\cache\6.0\20\52ca1394-6ce4dd36 replaced with dummy successfully.
File C:\Documents and Settings\monica\Dati applicazioni\Sun\Java\Deployment\cache\6.0\52\7e615cf4-138fdb14 replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\01ERGLMN\b64_3[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\0PINWDUV\b64_31[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\0PINWDUV\b64_3[1].jpg replaced with dummy successfully.

File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2LXAF6XO\b64[1].jpg not found!
Replacement with dummy of file C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2LXAF6XO\b64[1].jpg failed!

Could not process line:
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2LXAF6XO\b64[1].jpg
Status: 0xc0000034

File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2LXAF6XO\b64_31[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\2XCR6TGT\b64_1[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\C1I3O1IN\b64_2[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\C1I3O1IN\mxd[2].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\GPUBO9AZ\b64_31[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\HUGBIJTF\b64_3[1].jpg replaced with dummy successfully.

File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\IGTU78I4\b64[2].jpg not found!
Replacement with dummy of file C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\IGTU78I4\b64[2].jpg failed!

Could not process line:
C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\IGTU78I4\b64[2].jpg
Status: 0xc0000034

File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\M38NIX47\b64[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\M38NIX47\b64_3[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PG2SMZ4O\b64[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PG2SMZ4O\b64_2[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PNNFX90E\b64_31[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\PNNFX90E\b64_3[1].jpg replaced with dummy successfully.
File C:\Documents and Settings\monica\Impostazioni locali\Temporary Internet Files\Content.IE5\SLYRSLE3\b64_1[1].jpg replaced with dummy successfully.
File C:\WINDOWS\system32\i replaced with dummy successfully.
File C:\WINDOWS\system32\o replaced with dummy successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\monica\Dati applicazioni\m deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **ardito** » dom mar 09, 2008 5:53 pm

Sono riuscito a reinstallare AVAST, sto facendo una scansione.
Però nelle inpostazioni del pannello di controllo mi dice che il Centro sicurezza del PC non è disponibile. Servizio no avviato o arrestato. Ho provato a resettare ma niente da fare. C'è un perché??????

da **crazy.cat** » dom mar 09, 2008 6:08 pm

Disabilita del tutto il centro di sicurezza tanto non serve a niente e rompe.
Pannello di controllo - strumenti amministrazione - servizi e cerchi il centro di sicurezza e lo disabiliti in modo che non si avvia più.

da **ardito** » lun mar 10, 2008 11:17 am

SEMBRA CHE TUTTO ORA PROCEDA COME DEVE.
GRAZIE MILLE.

da **ste_95** » lun mar 10, 2008 2:16 pm

Ripristina anche la modalità provvisoria utilizzando questo file.

www.MegaLab.it

Antivirus e Firewall disabilitato

Chi c’è in linea