www.MegaLab.it

[genchi]

Ciao a tutti,
mi ritrovo con il pc bloccato da un virus dove mi compare una pagina con scritto il tuo pc e' stato bloccato per sicurezza e mi chiedono 100 euro per sbloccarlo.E' possibile eliminarlo usando malawarebyte in modalita' provvisoria o kasperski rescue?In caso potete indicarmi un sistema alternativo efficace?
Grazie

[Lele.1990]

hai heccato il virus della polizia di stato... che versione hai di malwarebytes? qui ti metto l'utima https://it.malwarebytes.org/mwb-download ricordati prima di far la scansione completa di abilitare la ricerca rootkit e aggiornare. Se ciò non dovesse bastare io farei anche una scansione con combofix http://www.bleepingcomputer.com/downloa ... fix/dl/12/ ti basta avviarlo pensa a tutto lui.

Attendo i 2 log (malwarebytes e combofix).

P.s. per eliminare combofix scarica avvia http://www.geekstogo.com/forum/files/go ... rs-list-it e premi su cleanup, accetta il riavvio. ( questo passaggio fallo dopo avermi passato il suo log)

[genchi]

ciao,grazie per le informazioni,in attesa dell' aiuto ho seguito i consigli nella sezione ransmwae e ho risolto,ti ringrazio ancora per l' aiuto
buona giornata.
combofix funziona anche con le versioni win7 e 8?in attesa di risposta ringrzio per l' attenzione dedicatomi

[genchi]

ComboFix 15-07-08.01 - ANDREA 09/07/2015 6.54.03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.2090 [GMT 2:00]
Eseguito da: c:\users\ANDREA\Desktop\OMBOFIX WIN7 E 8\COMBOFIX\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Creati Da 2015-06-09 al 2015-07-09 )))))))))))))))))))))))))))))))))))
.
.
2015-07-09 05:01 . 2015-07-09 05:01 -------- d-----w- c:\users\ANDREA\AppData\Local\temp
2015-07-09 05:01 . 2015-07-09 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-09 04:51 . 2015-07-09 04:51 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54E2D0B0-12F6-419E-8DFD-E775A06B32CD}\MpKslb5898762.sys
2015-07-09 04:24 . 2015-07-01 06:55 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3114E751-ABB5-49B6-8090-818155DF029E}\gapaengine.dll
2015-07-09 04:21 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54E2D0B0-12F6-419E-8DFD-E775A06B32CD}\mpengine.dll
2015-07-07 18:53 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-07 13:56 . 2015-07-07 13:56 -------- d-----w- c:\programdata\Malwarebytes
2015-07-06 13:44 . 2015-07-06 13:44 -------- d-----w- C:\KVRT_Data
2015-07-06 13:21 . 2015-07-06 13:21 -------- d-----w- c:\users\ANDREA\AppData\Roaming\Enigma Software Group
2015-07-06 13:20 . 2015-07-06 13:21 -------- d-----w- C:\sh4ldr
2015-07-06 13:19 . 2015-07-06 13:19 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-07-06 13:19 . 2015-07-06 13:19 -------- d-----w- c:\program files\Enigma Software Group
2015-07-05 13:01 . 2015-07-08 10:19 -------- d-----w- c:\users\ANDREA\AppData\Roaming\vlc
2015-07-05 13:00 . 2015-07-05 13:00 -------- d-----w- c:\program files\VideoLAN
2015-07-03 09:10 . 2015-07-01 06:55 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5495E820-710B-487A-B4D9-62233C70A021}\gapaengine.dll
2015-06-23 06:26 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2015-06-23 06:26 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2015-06-23 06:22 . 2015-06-23 06:22 -------- d-----r- C:\MSOCache
2015-06-18 10:23 . 2015-06-18 10:25 -------- d-----w- c:\users\ANDREA\driver
2015-06-18 09:14 . 2015-06-18 09:14 -------- d-----w- c:\users\ANDREA\AppData\Roaming\OpenOffice
2015-06-18 09:12 . 2015-06-18 09:13 -------- d-----w- c:\program files\OpenOffice 4
2015-06-18 09:11 . 2015-06-18 09:12 -------- d-----w- c:\users\ANDREA\OpenOffice 4.1.1 (it) Installation Files
2015-06-18 06:43 . 2015-06-18 06:43 -------- d-----w- c:\users\ANDREA\AppData\Local\Skype
2015-06-18 06:43 . 2015-07-01 10:55 -------- d-----w- c:\users\ANDREA\AppData\Roaming\Skype
2015-06-18 06:42 . 2015-07-01 10:55 -------- d-----w- c:\programdata\Skype
2015-06-17 22:08 . 2015-06-17 22:08 -------- d-----w- c:\windows\PCHEALTH
2015-06-17 22:04 . 2015-06-17 22:17 -------- d-----w- c:\program files\Windows Live
2015-06-17 22:02 . 2015-06-17 22:02 -------- d-----w- c:\users\ANDREA\AppData\Local\Windows Live
2015-06-17 22:02 . 2015-06-17 22:02 -------- d-----w- c:\program files\Common Files\Windows Live
2015-06-17 22:01 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2015-06-17 21:19 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-17 21:18 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-06-17 21:17 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-06-17 21:17 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-06-17 21:16 . 2015-04-30 16:03 279040 ----a-w- c:\windows\system32\schannel.dll
2015-06-17 21:16 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-17 21:14 . 2015-03-05 02:24 297984 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 21:12 . 2015-04-24 15:54 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-06-17 21:11 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys
2015-06-17 21:11 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-17 21:10 . 2015-03-14 02:21 1205168 ----a-w- c:\windows\system32\ntdll.dll
2015-06-17 21:10 . 2015-01-09 02:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-06-17 21:10 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-06-17 21:10 . 2015-03-13 01:51 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-06-17 21:10 . 2015-03-13 01:51 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-06-17 21:08 . 2015-04-19 21:24 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-17 21:08 . 2015-04-19 21:24 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-17 21:08 . 2015-04-19 21:24 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-17 21:08 . 2015-04-19 20:19 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-06-17 21:08 . 2015-04-19 20:18 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-17 21:08 . 2015-04-19 20:13 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-06-17 21:08 . 2015-04-19 21:24 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-06-17 21:08 . 2015-04-19 20:12 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-06-17 21:08 . 2015-04-19 20:12 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-06-17 21:07 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-06-17 21:07 . 2015-02-20 02:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-06-17 21:07 . 2015-02-20 00:28 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-06-17 21:06 . 2015-04-30 13:14 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-17 21:05 . 2015-04-08 01:11 939008 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-06-17 21:05 . 2015-04-08 01:11 1219584 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-06-17 21:05 . 2015-04-07 23:35 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-06-17 21:05 . 2015-04-08 01:11 985088 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-06-17 21:05 . 2015-04-08 01:11 967168 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-06-17 21:05 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-06-17 21:04 . 2015-05-21 14:22 2066432 ----a-w- c:\windows\system32\win32k.sys
2015-06-17 21:03 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\system32\msi.dll
2015-06-17 21:02 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-06-17 21:02 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-06-17 21:02 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-06-17 20:55 . 2015-04-10 23:22 279552 ----a-w- c:\windows\system32\services.exe
2015-06-17 20:44 . 2015-06-17 20:46 -------- d-----w- c:\program files\Google
2015-06-17 20:43 . 2015-06-17 20:47 -------- d-----w- c:\users\ANDREA\AppData\Local\Google
2015-06-17 20:43 . 2015-06-17 20:43 -------- d-----w- c:\users\ANDREA\AppData\Local\Deployment
2015-06-17 20:43 . 2015-06-17 20:43 -------- d-----w- c:\users\ANDREA\AppData\Local\Apps
2015-06-17 20:39 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-06-17 20:38 . 2015-05-04 22:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-06-17 20:38 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-06-17 20:38 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-06-17 20:38 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2015-06-17 20:38 . 2015-05-04 21:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-06-17 20:38 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2015-06-17 20:38 . 2015-05-04 21:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2015-06-17 20:34 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-06-17 19:28 . 2015-06-17 19:28 -------- d-----w- c:\windows\Sun
2015-06-17 19:20 . 2015-06-17 19:20 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 10:11 . 2014-07-24 14:57 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-01 06:55 . 2015-01-11 11:09 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-25 06:41 . 2014-08-06 06:06 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-25 06:41 . 2014-08-06 06:06 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-17 22:04 . 2011-03-28 16:36 23776 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-06-17 19:19 . 2015-01-11 12:51 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-14 00:35 . 2015-04-14 00:35 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 00:35 . 2015-04-14 00:35 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-06-17 20:30 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [2015-04-03 814880]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MPKSLB5898762
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 19:03 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-06 06:41]
.
2015-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-17 20:44]
.
2015-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-17 20:44]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-09 07:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2015-07-09 07:03:37
ComboFix-quarantined-files.txt 2015-07-09 05:03
.
Pre-Run: 241.579.888.640 byte disponibili
Post-Run: 241.678.487.552 byte disponibili
.
- - End Of File - - 2EFA4F0C4C8E8B67AE898494D1762B52
5C616939100B85E558DA92B899A0FC36

[Lele.1990]

combofix si può utlizzare in tutte le versioni di Windows da vista a windows 8, allega il file "combofix quarantined files" contenuto in C/Qoobox (se non sbaglio) dopo di che puoi eliminare combofix con il tool che ti ho elencato nel post precedente.

Se non riscontri ancora problemi direi che abbiamo finito, fammi sapere.

[Angelicajh]

Secondo la sua lettera di riscatto qualsiasi tipo di tentativi invitanti e dannosi per il programma risultato immediato in perdita permanente di file più importanti. Quando l'utente paga il Ransome in bitcoin non è sicuro che il male autori del software mentalità dietro lo sviluppo e la distribuzione di questo programma maligno fornire loro le chiavi private per recuperare i file. Così, Ransome pagare per i non attendibili cyber criminali non è raccomandato. A questo link potete trovare altri manuali metodi e automatici metodi per sbarazzarsi di ransomware sul computer. http://www.comeadisinstallazione.com/rimuovere-locker-v2-26-ransomware-come-rimuovere-locker-v2-26-ransomware

[Julian Martin82]

Se il computer è stato infettato e si è riesce a di accedere ai file di documenti importanti, immagini, video e messaggi di posta elettronica a causa della crittografia RSA-2048 ransomware. Come è possibile rimuovere RSA-2048 crittografia ransomware dal computer e recuperare tutti i file crittografati senza pagare alcun centesimo per i truffatori informatici? Ho trovato questo articolo molto utile per sbarazzarsi di ransomware:http://www.srpskamreza.net/rimuovere-rsa-2048-encryption-ransomware-modo-rapido-e-semplice-per-disinstallare-rsa-2048-encryption-ransomware