MegaLab.it

ciao a tutti
ho un serio problema, non riesco ad installare nessun antivirus, penso di aver preso qualche virus da emule poichè l'antivirus che avevo(avg) non mi si apriva più. Allora l'ho disinstallato, e da allora niente più. Potete aiutarmi per favore, sono in panico!!
grazie grazie

per prima cosa mi sa ti conviene una scansione on line con kaspersky,e posta qui il risultato
http://www.MegaLab.it/2657/5

ci sto provando. spero di riuscirci anche se da quando ho preso i virus mi si interrompe spesso la connessione. Sono riuscito ad arrivare al 75 per cento della scansione e mi ha trovato 5 virus. Comunque grazie ...e anticipo che non sono molto pratico nell'uso e con la terminologia dei pc!

Benvenuto dandolo, omonimo del famoso doge veneziano, e buona frequenza.
Io nel passato ho installato la versione free di AVG e anch'io sono incorso in virus e ho dovuto formattare perché l'AVG non si aggiornava, nè si poteva disinstallare.
Altro non so dirti., ma qui abbiamo numerosi e validi esperti: immagina che la mattina mangiano cornetti e PC per cui siamo in buone mani.

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Giuseppe & Elena\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_346.wmdb Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Temporary Internet Files\Content.IE5\A9MZE5YR\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Giuseppe & Elena\SOUNDMAN.EXE Infected: Trojan-Downloader.Win32.Bagle.lc skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.13 Infected: Trojan-Downloader.Win32.Bagle.lc skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP67\A0010605.exe/data0000.bin Infected: Rootkit.Win32.Agent.qn skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP67\A0010605.exe EmbeddedEXE: infected - 1 skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP67\A0010605.exe PE_Patch.UPX: infected - 1 skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP70\A0011940.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP71\A0012122.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP71\A0012123.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP72\A0012129.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP72\A0012140.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP72\A0012249.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP72\A0012252.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP72\A0012253.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP72\A0012258.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP73\A0012264.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP73\A0012265.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP73\A0012275.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP74\A0012276.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP74\A0012277.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0013278.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0013299.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0013300.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014305.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014311.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014312.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014319.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014328.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014329.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014334.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014335.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014336.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014345.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014354.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014356.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014357.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{BDBD91CC-6DD2-4421-8287-E6B140767594}\RP75\A0014366.sys Infected: Trojan-Downloader.Win32.Bagle.ky skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

Finalmente ci sono riuscito! Attendo fiducioso istruzioni per proseguire. Grazie!!!!!

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Temporary Internet Files\Content.IE5\A9MZE5YR\b64_31[1].jpg
C:\Documents and Settings\Giuseppe & Elena\SOUNDMAN.EXE

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Muestras

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.

purtroppo non me lo fa scaricare!! come posso fare?

dandolo ha scritto:purtroppo non me lo fa scaricare!! come posso fare?

Che tipo di errore ha?

mi dice: impossibile aprire C:/documents and settings/giuseppe & elena/impostazioni locali/temporary internet files/contentIE5/M5PU3Y18/avenger[1].zip

Prova con questa versione:

http://www.MegaLab.it/forum/viewtopic.p ... 172#325172

niente!!!!!!!!!!!!!!!!!!!!!!!! neanche con questa riesco. AIUTO!!

Prova a salvarlo e poi a estrarlo.

ok!!!! ma alla seconda richiesta di avenger mi da INVALID SCRIPT a valid script must begin with a command directive. aborting execution. Che faccio?? grazie per la tempestività.

Succede con entrambe le versioni?

con la seconda versione mi si apre una finestra con un semaforo verde e tre opzioni...

Le istruzioni per utilizzare la vecchia versione sono queste:

http://www.MegaLab.it/forum/viewtopic.p ... 172#325172

Lo script rimane comunque quello da me indicato.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ypqqcrvm

*******************

Script file located at: \??\C:\xbobahdg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Documents and Settings\Giuseppe & Elena\Impostazioni locali\Temporary Internet Files\Content.IE5\A9MZE5YR\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\Giuseppe & Elena\SOUNDMAN.EXE deleted successfully.
Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Muestras deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Prova a reinstallare un antivirus.

ci sono riuscito!!!!!! Ti ringrazio infinitamente.
Ma ora devo riabilitare la configurazione di sistema che prima ho disabilitato?