Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

agentWin32.amf

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

agentWin32.amf

Messaggioda Albachiara » mer giu 06, 2007 8:38 am

aiuto ragazzi non riesco a togliere questo maledetto virus....agentWin32.amf aiutatemi... vi mando il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7.35.24, on 06/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\DAP\DAP.EXE
C:\windows\system32\services.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis_v2.zip\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [drvllpqf] "c:\windows\system32\drvllpqf.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {E4721660-F4F9-4A76-BD3D-6472556958AA} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF0514A-A328-47F7-95C8-7D7AF9727FCC}: NameServer = 85.37.17.49 85.38.28.91
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 5833 bytes
grazie ancora
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top

Messaggioda crazy.cat » mer giu 06, 2007 9:24 am

Se è solo in questo file
O4 - HKLM\..\Run: [drvllpqf] "c:\windows\system32\drvllpqf.exe"
usa unlocker o killbox per eliminarlo.

Se si trova in altri posti, diccelo.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Albachiara » mer giu 06, 2007 9:44 pm

mmm niente... l'ho eliminato ma non è cambiato assolutamente nulla... il problema sta nel fatto che l'antivirus me lo riconosce... ma non posso eliminarlo perché mi elimina anche la connessione... che si fa?
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top
Top

Messaggioda crazy.cat » gio giu 07, 2007 12:38 pm

ci sono pochissime notizie su quel virus.
Prova una scansione online
http://www.kaspersky.com/virusscanner
e alla fine salva il log che vediamo quanti altri file infetti ci sono.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Albachiara » ven giu 08, 2007 7:39 pm

ormai non c'è via d'uscita... formattazione totale... il problema sta nel fatto che gli antivirus me lo riconoscono e lo eliminano elimando anche la connessione.... comunque il log è:

C:\System Volume Information\_restore{8DA122BE-15CF-4501-8BD3-C67FB778E9FD}\RP4\A0002168.dll Infected: Trojan.Win32.Agent.amf skipped
C:\WINDOWS\system32\drvllpqf.exe Object is locked skipped
C:\WINDOWS\system32\rasapi32.dll Infected: Trojan.Win32.Agent.amf skipped
C:\WINDOWS\Tasks\aedxuau.job Object is locked skipped
C:\WINDOWS\Tasks\ajfa.job Object is locked skipped
C:\WINDOWS\Tasks\ajgrfpsa.job Object is locked skipped
C:\WINDOWS\Tasks\aslscp.job Object is locked skipped
C:\WINDOWS\Tasks\atfaycmi.job Object is locked skipped
C:\WINDOWS\Tasks\avl.job Object is locked skipped
C:\WINDOWS\Tasks\bdhej.job Object is locked skipped
C:\WINDOWS\Tasks\bsyfey.job Object is locked skipped
C:\WINDOWS\Tasks\bude.job Object is locked skipped
C:\WINDOWS\Tasks\cgrbi.job Object is locked skipped
C:\WINDOWS\Tasks\cow.job Object is locked skipped
C:\WINDOWS\Tasks\cuc.job Object is locked skipped
C:\WINDOWS\Tasks\ddcfh.job Object is locked skipped
C:\WINDOWS\Tasks\ddddb.job Object is locked skipped
C:\WINDOWS\Tasks\dfkeo.job Object is locked skipped
C:\WINDOWS\Tasks\dpnycbe.job Object is locked skipped
C:\WINDOWS\Tasks\dqr.job Object is locked skipped
C:\WINDOWS\Tasks\dtzocyv.job Object is locked skipped
C:\WINDOWS\Tasks\dvnqkag.job Object is locked skipped
C:\WINDOWS\Tasks\eohl.job Object is locked skipped
C:\WINDOWS\Tasks\eszhirez.job Object is locked skipped
C:\WINDOWS\Tasks\faqej.job Object is locked skipped
C:\WINDOWS\Tasks\fclxbbk.job Object is locked skipped
C:\WINDOWS\Tasks\fdgxkgd.job Object is locked skipped
C:\WINDOWS\Tasks\fgxw.job Object is locked skipped
C:\WINDOWS\Tasks\fncqa.job Object is locked skipped
C:\WINDOWS\Tasks\fujtzct.job Object is locked skipped
C:\WINDOWS\Tasks\fuyank.job Object is locked skipped
C:\WINDOWS\Tasks\fwzxfd.job Object is locked skipped
C:\WINDOWS\Tasks\fzowztp.job Object is locked skipped
C:\WINDOWS\Tasks\fztgai.job Object is locked skipped
C:\WINDOWS\Tasks\gdbj.job Object is locked skipped
C:\WINDOWS\Tasks\gkuoxhdb.job Object is locked skipped
C:\WINDOWS\Tasks\gkzem.job Object is locked skipped
C:\WINDOWS\Tasks\godzr.job Object is locked skipped
C:\WINDOWS\Tasks\gyvhtgu.job Object is locked skipped
C:\WINDOWS\Tasks\hbfoac.job Object is locked skipped
C:\WINDOWS\Tasks\hildvd.job Object is locked skipped
C:\WINDOWS\Tasks\his.job Object is locked skipped
C:\WINDOWS\Tasks\hlgyuad.job Object is locked skipped
C:\WINDOWS\Tasks\hlxgvx.job Object is locked skipped
C:\WINDOWS\Tasks\hngd.job Object is locked skipped
C:\WINDOWS\Tasks\iccjkqky.job Object is locked skipped
C:\WINDOWS\Tasks\iism.job Object is locked skipped
C:\WINDOWS\Tasks\imoub.job Object is locked skipped
C:\WINDOWS\Tasks\imx.job Object is locked skipped
C:\WINDOWS\Tasks\iqltzs.job Object is locked skipped
C:\WINDOWS\Tasks\iqr.job Object is locked skipped
C:\WINDOWS\Tasks\iugkusld.job Object is locked skipped
C:\WINDOWS\Tasks\iun.job Object is locked skipped
C:\WINDOWS\Tasks\ixolcowr.job Object is locked skipped
C:\WINDOWS\Tasks\iymo.job Object is locked skipped
C:\WINDOWS\Tasks\jcxxezrf.job Object is locked skipped
C:\WINDOWS\Tasks\jmb.job Object is locked skipped
C:\WINDOWS\Tasks\jmnzhsu.job Object is locked skipped
C:\WINDOWS\Tasks\jngdqaus.job Object is locked skipped
C:\WINDOWS\Tasks\jskdsr.job Object is locked skipped
C:\WINDOWS\Tasks\jxwweoei.job Object is locked skipped
C:\WINDOWS\Tasks\kbine.job Object is locked skipped
C:\WINDOWS\Tasks\kcqp.job Object is locked skipped
C:\WINDOWS\Tasks\kgllci.job Object is locked skipped
C:\WINDOWS\Tasks\kiwjxz.job Object is locked skipped
C:\WINDOWS\Tasks\kusx.job Object is locked skipped
C:\WINDOWS\Tasks\kzhjexn.job Object is locked skipped
C:\WINDOWS\Tasks\lfyjuw.job Object is locked skipped
C:\WINDOWS\Tasks\lhap.job Object is locked skipped
C:\WINDOWS\Tasks\ljav.job Object is locked skipped
C:\WINDOWS\Tasks\ljj.job Object is locked skipped
C:\WINDOWS\Tasks\lmqse.job Object is locked skipped
C:\WINDOWS\Tasks\lvkcrm.job Object is locked skipped
C:\WINDOWS\Tasks\mabrk.job Object is locked skipped
C:\WINDOWS\Tasks\mcrrbd.job Object is locked skipped
C:\WINDOWS\Tasks\mlwmagb.job Object is locked skipped
C:\WINDOWS\Tasks\mujqxgmc.job Object is locked skipped
C:\WINDOWS\Tasks\mvwosqf.job Object is locked skipped
C:\WINDOWS\Tasks\mxsq.job Object is locked skipped
C:\WINDOWS\Tasks\nbauyg.job Object is locked skipped
C:\WINDOWS\Tasks\nbaxnvqv.job Object is locked skipped
C:\WINDOWS\Tasks\ncfmg.job Object is locked skipped
C:\WINDOWS\Tasks\ndwqvpfy.job Object is locked skipped
C:\WINDOWS\Tasks\nhnxny.job Object is locked skipped
C:\WINDOWS\Tasks\nwzef.job Object is locked skipped
C:\WINDOWS\Tasks\nxeaej.job Object is locked skipped
C:\WINDOWS\Tasks\obg.job Object is locked skipped
C:\WINDOWS\Tasks\obm.job Object is locked skipped
C:\WINDOWS\Tasks\obwzso.job Object is locked skipped
C:\WINDOWS\Tasks\okjdzy.job Object is locked skipped
C:\WINDOWS\Tasks\ollkurj.job Object is locked skipped
C:\WINDOWS\Tasks\oszcip.job Object is locked skipped
C:\WINDOWS\Tasks\oupcu.job Object is locked skipped
C:\WINDOWS\Tasks\ovu.job Object is locked skipped
C:\WINDOWS\Tasks\oyj.job Object is locked skipped
C:\WINDOWS\Tasks\oyyzbz.job Object is locked skipped
C:\WINDOWS\Tasks\pcy.job Object is locked skipped
C:\WINDOWS\Tasks\pltqdy.job Object is locked skipped
C:\WINDOWS\Tasks\plum.job Object is locked skipped
C:\WINDOWS\Tasks\pnroqshn.job Object is locked skipped
C:\WINDOWS\Tasks\ptcrfc.job Object is locked skipped
C:\WINDOWS\Tasks\pvhvi.job Object is locked skipped
C:\WINDOWS\Tasks\pvqmr.job Object is locked skipped
C:\WINDOWS\Tasks\pxviuk.job Object is locked skipped
C:\WINDOWS\Tasks\qdhkwb.job Object is locked skipped
C:\WINDOWS\Tasks\qgo.job Object is locked skipped
C:\WINDOWS\Tasks\qnn.job Object is locked skipped
C:\WINDOWS\Tasks\qplxaw.job Object is locked skipped
C:\WINDOWS\Tasks\qsfa.job Object is locked skipped
C:\WINDOWS\Tasks\qvv.job Object is locked skipped
C:\WINDOWS\Tasks\rec.job Object is locked skipped
C:\WINDOWS\Tasks\rmqs.job Object is locked skipped
C:\WINDOWS\Tasks\rrxgl.job Object is locked skipped
C:\WINDOWS\Tasks\rtxkoq.job Object is locked skipped
C:\WINDOWS\Tasks\rvt.job Object is locked skipped
C:\WINDOWS\Tasks\rvwy.job Object is locked skipped
C:\WINDOWS\Tasks\rwx.job Object is locked skipped
C:\WINDOWS\Tasks\sbflkmrv.job Object is locked skipped
C:\WINDOWS\Tasks\scywi.job Object is locked skipped
C:\WINDOWS\Tasks\sfykhbwh.job Object is locked skipped
C:\WINDOWS\Tasks\svq.job Object is locked skipped
C:\WINDOWS\Tasks\swhzob.job Object is locked skipped
C:\WINDOWS\Tasks\sxwg.job Object is locked skipped
C:\WINDOWS\Tasks\tac.job Object is locked skipped
C:\WINDOWS\Tasks\tdafi.job Object is locked skipped
C:\WINDOWS\Tasks\tfuqogw.job Object is locked skipped
C:\WINDOWS\Tasks\thap.job Object is locked skipped
C:\WINDOWS\Tasks\thr.job Object is locked skipped
C:\WINDOWS\Tasks\thtovgh.job Object is locked skipped
C:\WINDOWS\Tasks\tlxtca.job Object is locked skipped
C:\WINDOWS\Tasks\tmtp.job Object is locked skipped
C:\WINDOWS\Tasks\tvysa.job Object is locked skipped
C:\WINDOWS\Tasks\twr.job Object is locked skipped
C:\WINDOWS\Tasks\uakvo.job Object is locked skipped
C:\WINDOWS\Tasks\uamnhf.job Object is locked skipped
C:\WINDOWS\Tasks\ukimu.job Object is locked skipped
C:\WINDOWS\Tasks\uls.job Object is locked skipped
C:\WINDOWS\Tasks\utek.job Object is locked skipped
C:\WINDOWS\Tasks\uudajb.job Object is locked skipped
C:\WINDOWS\Tasks\uxon.job Object is locked skipped
C:\WINDOWS\Tasks\uydzj.job Object is locked skipped
C:\WINDOWS\Tasks\vbbk.job Object is locked skipped
C:\WINDOWS\Tasks\vdbb.job Object is locked skipped
C:\WINDOWS\Tasks\vecje.job Object is locked skipped
C:\WINDOWS\Tasks\vgg.job Object is locked skipped
C:\WINDOWS\Tasks\via.job Object is locked skipped
C:\WINDOWS\Tasks\vmfmq.job Object is locked skipped
C:\WINDOWS\Tasks\vpphgl.job Object is locked skipped
C:\WINDOWS\Tasks\vweanczy.job Object is locked skipped
C:\WINDOWS\Tasks\vzs.job Object is locked skipped
C:\WINDOWS\Tasks\wbskw.job Object is locked skipped
C:\WINDOWS\Tasks\webxf.job Object is locked skipped
C:\WINDOWS\Tasks\wfplwf.job Object is locked skipped
C:\WINDOWS\Tasks\wpu.job Object is locked skipped
C:\WINDOWS\Tasks\wqacim.job Object is locked skipped
C:\WINDOWS\Tasks\wqes.job Object is locked skipped
C:\WINDOWS\Tasks\wysgaw.job Object is locked skipped
C:\WINDOWS\Tasks\xddgffv.job Object is locked skipped
C:\WINDOWS\Tasks\xdu.job Object is locked skipped
C:\WINDOWS\Tasks\xeemmqvb.job Object is locked skipped
C:\WINDOWS\Tasks\xjqxgmtj.job Object is locked skipped
C:\WINDOWS\Tasks\xlcds.job Object is locked skipped
C:\WINDOWS\Tasks\xoxp.job Object is locked skipped
C:\WINDOWS\Tasks\yairm.job Object is locked skipped
C:\WINDOWS\Tasks\yddhejji.job Object is locked skipped
C:\WINDOWS\Tasks\yef.job Object is locked skipped
C:\WINDOWS\Tasks\ygpga.job Object is locked skipped
C:\WINDOWS\Tasks\ykwys.job Object is locked skipped
C:\WINDOWS\Tasks\yldv.job Object is locked skipped
C:\WINDOWS\Tasks\yta.job Object is locked skipped
C:\WINDOWS\Tasks\yvxwp.job Object is locked skipped
C:\WINDOWS\Tasks\yym.job Object is locked skipped
C:\WINDOWS\Tasks\zdsue.job Object is locked skipped
C:\WINDOWS\Tasks\zesrpcy.job Object is locked skipped
C:\WINDOWS\Tasks\zfn.job Object is locked skipped
C:\WINDOWS\Tasks\zmr.job Object is locked skipped
C:\WINDOWS\Tasks\zqxjzrv.job Object is locked skipped
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top

Messaggioda crazy.cat » ven giu 08, 2007 7:51 pm

Segui per bene le istruzioni.

Scaricati questa dll che è allegata alla discussione
http://www.MegaLab.it/forum/viewtopic.php?t=32288

Disattiva il ripristino della configurazione
http://www.MegaLab.it/2330

riavvia il pc in modalità provvisoria
http://www.MegaLab.it/2556

Sempre dalla modalità provvisoria cancella i due file infetti, se hai problemi usa unlcker o killbox.
C:\WINDOWS\system32\drvllpqf.exe Object is locked skipped
C:\WINDOWS\system32\rasapi32.dll Infected: Trojan.Win32.Agent.amf skipped

estrai la dll che avevi scaricato all'inizio e la metti nella cartella C:\WINDOWS\system32\

Vai in pannello di controllo - operazioni pianificate e cancella tutti quei task fasulli che si sono creati.

Riavvia il pc e incrocia le dita.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Albachiara » ven giu 08, 2007 9:32 pm

prima di fare questa cosa... io ho provato a cancellare il file e metterne un'altro scaricato sempre rasapi32 ma mi dava un errore per quanto riguarda kernell32... detto ciò che faccio lo faccio?
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top

Messaggioda crazy.cat » sab giu 09, 2007 2:29 pm

Prova a seguire la strada che ti ho detto io.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Albachiara » dom giu 10, 2007 12:10 am

questa operazione qui:
Sempre dalla modalità provvisoria cancella i due file infetti, se hai problemi usa unlcker o killbox.
C:\WINDOWS\system32\drvllpqf.exe Object is locked skipped
C:\WINDOWS\system32\rasapi32.dll Infected: Trojan.Win32.Agent.amf skipped
la devo fare sempre con hijackthis?
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top

Messaggioda crazy.cat » dom giu 10, 2007 9:10 am

No, se non riesci a cancellarli normalmente da gestione risorse di windows, usa Killobox o unlocker.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Albachiara » dom giu 10, 2007 9:54 pm

grazie..... fatto! sembra che i miei guai sono finiti... anche se ho avuto alcuni problemi nell'operazione...tipo... killbox non è proprio partito perché mi dava l'errore del file mancante o danneggiato mscom.ocx... e poi il file drvllpqf non me l'ha proprio cancellato... che faccio?
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top

Messaggioda Albachiara » lun giu 11, 2007 12:22 am

rettifico... ho risolto con killbox... cioè ho messo il file mancante.. ora il problema sta nel fatto che nonostante tutto neanche lui riesce ad eliminare quel file... perché?
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top

Messaggioda crazy.cat » lun giu 11, 2007 9:04 am

Forse perché in uso, apri il task manager (ctrl alt canc) trovi il processo attivo e lo termini, poi lo cancelli.
Oppure provi dalla modalità provvisoria o con unlocker.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Albachiara » lun giu 11, 2007 9:33 pm

non è tra i processi... e avevo già provato in modalità provvisoria sia con kill box che con unlocker ma niente....
Avatar utente
Albachiara
Aficionado
Aficionado
 
Messaggi: 29
Iscritto il: mar feb 13, 2007 1:00 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising