Esegui -
- Annuncio Pubblicitario
Rimozione Virus Bagle...Non Ci Riesco!
28 messaggi
• Pagina 2 di 2 • 1, 2
da crazy.cat » ven gen 18, 2008 1:23 pm
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da kandiska » ven gen 18, 2008 1:34 pm
Crazy...Ho effettuato l'operazione con Avenger...tt ok...il pc si è riavviato e al riavvio mi è uscito fuori questo:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cscqopha
*******************
Script file located at: \??\C:\WINDOWS\wqstrjih.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!
Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!
Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\43QX65TH is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\43QX65TH failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\43QX65TH
Status: 0xc00000ba
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\H7DQ1G6R is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\H7DQ1G6R failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\H7DQ1G6R
Status: 0xc00000ba
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\N8KZBWPN is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\N8KZBWPN failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\N8KZBWPN
Status: 0xc00000ba
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\Z3P2I9X5 is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\Z3P2I9X5 failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\Z3P2I9X5
Status: 0xc00000ba
File C:\Programmi\Realtek\InstallShield\AzMixerSel.exe deleted successfully.
File C:\Programmi\Acer\OrbiCam\CameraAssistant.exe deleted successfully.
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!
Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Che ne dici?...E' Risolto il poblema?
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cscqopha
*******************
Script file located at: \??\C:\WINDOWS\wqstrjih.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!
Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!
Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\43QX65TH is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\43QX65TH failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\43QX65TH
Status: 0xc00000ba
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\H7DQ1G6R is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\H7DQ1G6R failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\H7DQ1G6R
Status: 0xc00000ba
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\N8KZBWPN is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\N8KZBWPN failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\N8KZBWPN
Status: 0xc00000ba
Error: C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\Z3P2I9X5 is a folder, not a file!
Deletion of file C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\Z3P2I9X5 failed!
Could not process line:
C:\Documents and Settings\Melvin\Impostazioni locali\Temporary Internet Files\Content.IE5\Z3P2I9X5
Status: 0xc00000ba
File C:\Programmi\Realtek\InstallShield\AzMixerSel.exe deleted successfully.
File C:\Programmi\Acer\OrbiCam\CameraAssistant.exe deleted successfully.
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!
Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Che ne dici?...E' Risolto il poblema?
-
kandiska - Aficionado
- Messaggi: 60
- Iscritto il: gio gen 17, 2008 4:59 pm
da kandiska » ven gen 18, 2008 1:49 pm
Noooooo...Crazy...Ho provato a fare la scansione con bps remover..(che è l'unica utility di sicurezza che mi funziona e che mi riesce a scovare i bagle...Ahimè...ancora sono presenti nella cartelle:
Beagle.dopo
HKEY_CURRENT_USER\Software\Datetime4
HKEY_CURRENT_USER\Software\Datetime4=uid
HKEY_CURRENT_USER\Software\Datetime4=port
HKEY_CURRENT_USER\Software\Datetime4=wdrn
Beagle.Du
HKEY_CURRENT_USER\Software\FirstRRRun
HKEY_CURRENT_USER\Software\FirstRRRun=First12Ru123n
Beagle.Dz
HKEY_CURRENT_USER\Software\Datetime4=wdrn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run=German.exe
HKEY_CURRENT_USER\Software\Datetime4=port
HKEY_CURRENT_USER\Software\Datetime4=uid
Bagle.Cu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run=drvsyskit
Come deve x elimanarli?
Beagle.dopo
HKEY_CURRENT_USER\Software\Datetime4
HKEY_CURRENT_USER\Software\Datetime4=uid
HKEY_CURRENT_USER\Software\Datetime4=port
HKEY_CURRENT_USER\Software\Datetime4=wdrn
Beagle.Du
HKEY_CURRENT_USER\Software\FirstRRRun
HKEY_CURRENT_USER\Software\FirstRRRun=First12Ru123n
Beagle.Dz
HKEY_CURRENT_USER\Software\Datetime4=wdrn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run=German.exe
HKEY_CURRENT_USER\Software\Datetime4=port
HKEY_CURRENT_USER\Software\Datetime4=uid
Bagle.Cu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run=drvsyskit
Come deve x elimanarli?
-
kandiska - Aficionado
- Messaggi: 60
- Iscritto il: gio gen 17, 2008 4:59 pm
da ste_95 » ven gen 18, 2008 1:51 pm
Volendo le puoi elimninare, ma avendo eliminato i file fisici, il worm non può più servirsi delle chiavi elencate.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
da kandiska » ven gen 18, 2008 1:58 pm
Te Dici?...Quindi secondo te posso stare tranquillo?...comunque sto provando ad installare kaspersky..vediamo un po'....Ma te dal risultato che ti ho postato di avenger...ritieni che sia tt ok?Ho visto tante voci "Failed"...è uguale?
-
kandiska - Aficionado
- Messaggi: 60
- Iscritto il: gio gen 17, 2008 4:59 pm
da kandiska » ven gen 18, 2008 2:12 pm
Sembra Che Vada tt bene...In effetti Kaspersky sono riuscito ad installarlo senza troppi intoppi....Beh...Speriamo bene
Ti ringrazio Crazy...e ringrazia anche i tuo "colleghi"...x l'aiuto...
Se ho proproblemi ti ricontatto
X il momento ti auguro un buon week-end
Grazie ancora
Ti ringrazio Crazy...e ringrazia anche i tuo "colleghi"...x l'aiuto...
Se ho proproblemi ti ricontatto
X il momento ti auguro un buon week-end
Grazie ancora
-
kandiska - Aficionado
- Messaggi: 60
- Iscritto il: gio gen 17, 2008 4:59 pm
28 messaggi
• Pagina 2 di 2 • 1, 2
Chi c’è in linea
Visitano il forum: Nessuno e 38 ospiti
megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising