Forse Bagle
Inviato: gio feb 08, 2007 10:57 pm
Ho fatto tutte le ricerche sul forum ed alcune prove seguendo i consigli che ho letto.
Non riesco ad installare antivirus. Credo sia bagle.
Ho fatto girare gmer che mi ha dato un centinaio di pagine di log e un paio di righe in rosso
Queste:
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** )
Service C:\Documents and Settings\usr\Dati applicazioni\hidires\m_hook.sys
ho fatto girare Avenger con questo script:
Files to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe
folders to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires
D:\WINDOWS\exefld
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
e mi ha dato questo risultato:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\whsfkvns
*******************
Script file located at: \??\C:\utjerqnb.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys failed!
Could not process line:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a
Could not open file D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe failed!
Could not process line:
D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a
Could not open file D:\WINDOWS\system32\wintems.exe for deletion
Deletion of file D:\WINDOWS\system32\wintems.exe failed!
Could not process line:
D:\WINDOWS\system32\wintems.exe
Status: 0xc000003a
Could not open file D:\WINDOWS\system32\hldrrr.exe for deletion
Deletion of file D:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
D:\WINDOWS\system32\hldrrr.exe
Status: 0xc000003a
Could not open folder D:\Documents and Settings\utente\Dati applicazioni\hidires for deletion
Deletion of folder D:\Documents and Settings\utente\Dati applicazioni\hidires failed!
Could not process line:
D:\Documents and Settings\utente\Dati applicazioni\hidires
Status: 0xc000003a
Could not open folder D:\WINDOWS\exefld for deletion
Deletion of folder D:\WINDOWS\exefld failed!
Could not process line:
D:\WINDOWS\exefld
Status: 0xc000003a
Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.
Completed script processing.
Che devo fare?
Non riesco ad installare antivirus. Credo sia bagle.
Ho fatto girare gmer che mi ha dato un centinaio di pagine di log e un paio di righe in rosso
Queste:
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** )
Service C:\Documents and Settings\usr\Dati applicazioni\hidires\m_hook.sys
ho fatto girare Avenger con questo script:
Files to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
D:\WINDOWS\system32\wintems.exe
D:\WINDOWS\system32\hldrrr.exe
folders to delete:
D:\Documents and Settings\utente\Dati applicazioni\hidires
D:\WINDOWS\exefld
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
e mi ha dato questo risultato:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\whsfkvns
*******************
Script file located at: \??\C:\utjerqnb.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys failed!
Could not process line:
D:\Documents and Settings\utente\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a
Could not open file D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe failed!
Could not process line:
D:\Documents and Settings\utente\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a
Could not open file D:\WINDOWS\system32\wintems.exe for deletion
Deletion of file D:\WINDOWS\system32\wintems.exe failed!
Could not process line:
D:\WINDOWS\system32\wintems.exe
Status: 0xc000003a
Could not open file D:\WINDOWS\system32\hldrrr.exe for deletion
Deletion of file D:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
D:\WINDOWS\system32\hldrrr.exe
Status: 0xc000003a
Could not open folder D:\Documents and Settings\utente\Dati applicazioni\hidires for deletion
Deletion of folder D:\Documents and Settings\utente\Dati applicazioni\hidires failed!
Could not process line:
D:\Documents and Settings\utente\Dati applicazioni\hidires
Status: 0xc000003a
Could not open folder D:\WINDOWS\exefld for deletion
Deletion of folder D:\WINDOWS\exefld failed!
Could not process line:
D:\WINDOWS\exefld
Status: 0xc000003a
Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.
Completed script processing.
Che devo fare?