NUOVA VERSIONE DI BAGLE ???
Inviato: sab gen 19, 2008 10:19 amSalve a tutti sono nuovo in questo forum e scrivo poiché sono stato attaccato dal worm Bagle, e nonostante abbia seguito passo passo le vostre esaurienti guide non riesco a rimuovere il virus...non so più dove sbattere la testa ![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")
ho scritto Nuova versione poiché presenta delle novità non inserite nell'ultimo aggiornamento
1) spesso (anche senza riavvio del computer) imposta attivo il ripristino configurazione sistema
2) è allegato con qualche trojan remoto (infatti non appena mi collego a forum come il vostro,eseguo l'avenger o metta insomma a repentaglio chi c'è dietro ..tempo 5 minuti e mi si riavvia il computer)
3) non permette nemmeno alla scansione online di kaspersky di avviarsi
4) attraverso l' msconfig ho trovato 2 servizi impossibili da eliminare poiché segnati come "essenziali" che credo siano collegati al trojan sono:
- RPC locator
- RPC (Remote Procedure Call)
5) alcuni file di registro del virus non esistono, non risiedono nelle cartelle specificate o non possono essere eliminati...
vi allego l'ultimo log dell'avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kvopfohi
*******************
Script file located at: \??\C:\WINDOWS\system32\alstwxak.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!
Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034
File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!
Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.exe
Status: 0xc0000034
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!
Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
in attesa di una vostra risposta...
Grazie![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
[/b]
ho scritto Nuova versione poiché presenta delle novità non inserite nell'ultimo aggiornamento
1) spesso (anche senza riavvio del computer) imposta attivo il ripristino configurazione sistema
2) è allegato con qualche trojan remoto (infatti non appena mi collego a forum come il vostro,eseguo l'avenger o metta insomma a repentaglio chi c'è dietro ..tempo 5 minuti e mi si riavvia il computer)
3) non permette nemmeno alla scansione online di kaspersky di avviarsi
4) attraverso l' msconfig ho trovato 2 servizi impossibili da eliminare poiché segnati come "essenziali" che credo siano collegati al trojan sono:
- RPC locator
- RPC (Remote Procedure Call)
5) alcuni file di registro del virus non esistono, non risiedono nelle cartelle specificate o non possono essere eliminati...
vi allego l'ultimo log dell'avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kvopfohi
*******************
Script file located at: \??\C:\WINDOWS\system32\alstwxak.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!
Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034
File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!
Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.exe
Status: 0xc0000034
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!
Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
in attesa di una vostra risposta...
Grazie
[/b]![[applauso+]](http://www.megalab.it/forum/images/smilies/Bigclap.gif "Grande applauso")
![[rotolo]](http://www.megalab.it/forum/images/smilies/rotolbriggin.gif "Rotolo dal ridere")