Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

AIUTO VIRUS BAGLE

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

AIUTO VIRUS BAGLE

Messaggioda kawax » lun gen 14, 2008 7:32 pm

Chiedo aiuto per la rimozione dell'odioso virus in questione...
che scritp devo inserire in avenger?

il risultato del kapersky è:

nfected Object Name Virus Name Last Action
C:\avenger\backup-13.01.2008-22.35.38,09.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\avenger\backup-13.01.2008-22.35.38,09.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\avenger\backup-13.01.2008-22.35.38,09.zip ZIP: infected - 2 skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip/avenger/117765.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip/avenger/132687.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip/avenger/jvmimpro.jar-6b13a7e7-5d89df7f.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip/avenger/jvmimpro.jar-6b13a7e7-5d89df7f.zip Infected: Exploit.Java.Gimsh.b skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\avenger\backup-13.01.2008-23.11.48,57.zip ZIP: infected - 6 skipped
C:\avenger\backup.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\avenger\backup.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Dati applicazioni\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pec\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\cert8.db Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\history.dat Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\key3.db Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\parent.lock Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Pec\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Cronologia\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\eoy41bai.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Pec\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pec\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pec\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pec\UserData\index.dat Object is locked skipped
C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.84 Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.84 Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.84 Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\Programmi\Apoint\Apoint.exe Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\Programmi\FreshDevices\FreshUI\freshui.exe 15 16 17 Infected: Trojan-Downloader.Win32.Bagle.hz skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\JETBD06.tmp Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_554.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.



[cry] GRAZIEEEE
Avatar utente
kawax
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: lun gen 14, 2008 1:50 pm

Messaggioda ste_95 » lun gen 14, 2008 8:15 pm

[ciao]

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\avenger\backup-13.01.2008-22.35.38,09.zip
C:\avenger\backup.zip
C:\Programmi\Apoint\Apoint.exe
C:\Programmi\FreshDevices\FreshUI\freshui.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\Muestras

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda kawax » lun gen 14, 2008 9:09 pm

innanzitutto grazie mille...
log del avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ynqoscqx

*******************

Script file located at: \??\C:\Documents and Settings\tjailtlm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\avenger\backup-13.01.2008-22.35.38,09.zip deleted successfully.


File C:\avenger\backup.zip not found!
Deletion of file C:\avenger\backup.zip failed!

Could not process line:
C:\avenger\backup.zip
Status: 0xc0000034

File C:\Programmi\Apoint\Apoint.exe deleted successfully.


File C:\Programmi\FreshDevices\FreshUI\freshui.exe not found!
Deletion of file C:\Programmi\FreshDevices\FreshUI\freshui.exe failed!

Could not process line:
C:\Programmi\FreshDevices\FreshUI\freshui.exe
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Muestras deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
kawax
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: lun gen 14, 2008 1:50 pm

Messaggioda ste_95 » mar gen 15, 2008 7:05 am

Hai provato a reinstallare un antivirus?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda kawax » mar gen 15, 2008 8:08 pm

sì sì, risolto tutto...
grazie mille per l'aiuto... [^]
Avatar utente
kawax
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: lun gen 14, 2008 1:50 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 20 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising