Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Impossibile installare Antivirus

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Messaggioda crazy.cat » lun giu 25, 2007 3:03 pm

manutizy ha scritto:si....dovevo fare in un altro modo?

No è quello lo script giusto.
Prova a rifarlo, deve andare.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda manutizy » lun giu 25, 2007 3:10 pm

ho riprovato e questa volta dice così:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uimecrxm

*******************

Script file located at: \??\C:\Program Files\mrjtpnso.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\acer\Dati applicazioni\hidires\m_hook.sys not found!
Deletion of file C:\Documents and Settings\acer\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\acer\Dati applicazioni\hidires\m_hook.sys
Status: 0xc0000034

File C:\Documents and Settings\acer\Dati applicazioni\hidires\rosa.sys deleted successfully.
File C:\Documents and Settings\acer\Dati applicazioni\hidires\hidr.exe deleted successfully.


File c:\WINDOWS\system32\wintems.exe not found!
Deletion of file c:\WINDOWS\system32\wintems.exe failed!

Could not process line:
c:\WINDOWS\system32\wintems.exe
Status: 0xc0000034

File c:\WINDOWS\system32\hldrrr.exe deleted successfully.
Folder C:\Documents and Settings\acer\Dati applicazioni\hidires deleted successfully.


Folder c:\WINDOWS\exefld not found!
Deletion of folder c:\WINDOWS\exefld failed!

Could not process line:
c:\WINDOWS\exefld
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tknamopy

*******************

Script file located at: \??\C:\WINDOWS\system32\keofoofv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\Documents and Settings\acer\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C:\Documents and Settings\acer\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\acer\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a



Could not open file C:\Documents and Settings\acer\Dati applicazioni\hidires\rosa.sys for deletion
Deletion of file C:\Documents and Settings\acer\Dati applicazioni\hidires\rosa.sys failed!

Could not process line:
C:\Documents and Settings\acer\Dati applicazioni\hidires\rosa.sys
Status: 0xc000003a



Could not open file C:\Documents and Settings\acer\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\acer\Dati applicazioni\hidires\hidr.exe failed!

Could not process line:
C:\Documents and Settings\acer\Dati applicazioni\hidires\hidr.exe
Status: 0xc000003a



File c:\WINDOWS\system32\wintems.exe not found!
Deletion of file c:\WINDOWS\system32\wintems.exe failed!

Could not process line:
c:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File c:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file c:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
c:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



Folder C:\Documents and Settings\acer\Dati applicazioni\hidires not found!
Deletion of folder C:\Documents and Settings\acer\Dati applicazioni\hidires failed!

Could not process line:
C:\Documents and Settings\acer\Dati applicazioni\hidires
Status: 0xc0000034



Folder c:\WINDOWS\exefld not found!
Deletion of folder c:\WINDOWS\exefld failed!

Could not process line:
c:\WINDOWS\exefld
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
MANU
Avatar utente
manutizy
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: sab giu 23, 2007 7:29 pm

Messaggioda crazy.cat » lun giu 25, 2007 3:14 pm

Prova a reinstallare gli antivirus e seguire le istruzioni dell'articolo.
Qualcosa è stato eliminato.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Messaggioda manutizy » lun giu 25, 2007 4:07 pm

tutto ok per ora ho installato kaspersky e finora tutto ok, sto effettuando anche una scansione e sto eliminando ciò che riane del bangle....grazie di tutto!!sei il migliore!!
MANU
Avatar utente
manutizy
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: sab giu 23, 2007 7:29 pm

Messaggioda alfred888 » sab lug 14, 2007 11:56 am

ciao ...dato che ho lo stesso problema potresti darmi una mano?? questo è il log finale di gmer


---- Files - GMER 1.0.13 ----

File C:\Documents and Settings\Alfred888\Dati applicazioni\hidires
File C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\hidr.exe
File C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\rosa.sys <-- ROOTKIT !!!
File C:\Documents and Settings\Alfred888\Dati applicazioni\Symantec\Shared
File C:\Documents and Settings\Alfred888\Dati applicazioni\Symantec\Shared\Options.VcPref
File C:\Programmi\Movie Maker\Shared
File C:\Programmi\Movie Maker\Shared\Empty.txt
File C:\Programmi\Movie Maker\Shared\Filters.xml
File C:\Programmi\Movie Maker\Shared\news.png
File C:\Programmi\Movie Maker\Shared\paint.png
File C:\Programmi\Movie Maker\Shared\Profiles
File C:\Programmi\Movie Maker\Shared\Profiles\Blank.txt
File C:\Programmi\Movie Maker\Shared\Sample1.jpg
File C:\Programmi\Movie Maker\Shared\Sample2.jpg
File C:\WINDOWS\ime\shared
File C:\WINDOWS\ime\shared\res
File C:\WINDOWS\system32\hldrrr.exe
File C:\WINDOWS\system32\wintems.exe

---- Services - GMER 1.0.13 ----

Service C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\rosa.sys [DISABLED] rosa <-- ROOTKIT !!!

---- EOF - GMER 1.0.13 ----



ci sono anche due processi in esecuzione che sono nascosti:
---- Processes - GMER 1.0.13 ----

Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 464
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 536


se serve altro chiedi...ciao e grazie
Avatar utente
alfred888
Aficionado
Aficionado
 
Messaggi: 26
Iscritto il: sab ott 28, 2006 2:47 pm

Messaggioda crazy.cat » sab lug 14, 2007 12:05 pm

alfred888 ha scritto:ciao ...dato che ho lo stesso problema potresti darmi una mano??


Codice: Seleziona tutto
Files to delete:
C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\m_hook.sys
C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\rosa.sys
C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\hidr.exe
c:\WINDOWS\system32\wintems.exe
c:\WINDOWS\system32\hldrrr.exe

folders to delete:
C:\Documents and Settings\Alfred888\Dati applicazioni\hidires
c:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda alfred888 » sab lug 14, 2007 12:16 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\c^uainhd

*******************

Script file located at: \??\C:\xehmwg^x.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\m_hook.sys not found!
Deletion of file C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\m_hook.sys
Status: 0xc0000034

File C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\rosa.sys deleted successfully.
File C:\Documents and Settings\Alfred888\Dati applicazioni\hidires\hidr.exe deleted successfully.
File c:\WINDOWS\system32\wintems.exe deleted successfully.
File c:\WINDOWS\system32\hldrrr.exe deleted successfully.
Folder C:\Documents and Settings\Alfred888\Dati applicazioni\hidires deleted successfully.
Folder c:\WINDOWS\exefld deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


sembra che sia andato tutto bene ho anche reinstallato avast e finalmente funziona...grazie mille
Avatar utente
alfred888
Aficionado
Aficionado
 
Messaggi: 26
Iscritto il: sab ott 28, 2006 2:47 pm

Messaggioda reck » gio nov 01, 2007 12:45 pm

anche io ho lo stesso problema per l'installazione di AVG.
questa mattina l'ho trovato disattivato, nella cartella erano spariti i file eseguibili di AVG
ho provato a disinstallarlo e poi ho cercato di installarlo, ma mi da:
Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory
ho installato i tools suggeriti in questo topic lanciando GMAR, questo è il log:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-01 12:38:10
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQueryDirectoryFile
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQuerySystemInformation

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [9AC916DF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [9AC921C5] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoRead [9AC922C2] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoWrite [9AC923BF] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [9AC924BC] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [9AC92599] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoLock [9AC92676] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [9AC9277C] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [9AC9286D] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [9AC92942] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [9AC92B25] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [9AC92BCB] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [9AC92D1C] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [9AC92DF9] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs MdlRead [9AC92ED4] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs MdlReadComplete [9AC92FC5] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [9AC9308F] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [9AC93180] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [9AC93614] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [9AC937B8] LF30XP.sys
Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [9AC93882] LF30XP.sys

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7AE4E8A] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7AE4456] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7AE4704] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7AE465E] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7AE4F00] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7AE4456] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7AE4300] aliidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F73E866E] PQV2i.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F73E866E] PQV2i.sys

---- EOF - GMER 1.0.13 ----
Avatar utente
reck
Neo Iscritto
Neo Iscritto
 
Messaggi: 1
Iscritto il: gio nov 01, 2007 12:40 pm

Messaggioda crazy.cat » gio nov 01, 2007 1:01 pm

Bagle anche per te, se hai già provato lo script classico per avenger e non è servito, devi fare la scansione online con Kaspersky e postare qui il log.

reck ha scritto:\??\C:\WINDOWS\system32\drivers\srosa.sys
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Non riesco ad installare antivirus...

Messaggioda zancafabio » ven nov 02, 2007 9:24 pm

Ciao ho lo stesso problema delle persone che hanno scritto prima di me... non riesco ad installare più nussun antivirus e mi ripropone sempre lo stesso errore...
Ho letto le discussioni e ho provato a fare girare AVENGER con uon script classico ma non funziona!!! MI AIUTATE????
QUESTO è IL MESSAGGIO CHE MI DA GMER:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-02 21:01:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQueryDirectoryFile
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQuerySystemInformation

---- Kernel code sections - GMER 1.0.13 ----

? puygpdbj.sys Impossibile trovare il file specificato.

Process C:\WINDOWS\system32\drivers\hidr.exe (*** hidden *** ) 2504
Avatar utente
zancafabio
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven nov 02, 2007 8:51 pm

Re: Non riesco ad installare antivirus...

Messaggioda crazy.cat » sab nov 03, 2007 7:55 am

zancafabio ha scritto:QUESTO è IL MESSAGGIO CHE MI DA GMER:

Anche per te vale la risposta che ho dato nel post sopra il tuo.
Serve la scansione online su kaspersky per vere dove si trova il virus.
Gmer non serve più.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

scansione online con kaspersky (zancafabio)

Messaggioda zancafabio » sab nov 03, 2007 12:00 pm

Ciao ho effettuato la scansione online con kaspersky ecco il responso...
GRAZIE MILLE...

Ciao

Saturday, November 03, 2007 11:58:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/11/2007
Kaspersky Anti-Virus database records: 450811


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 60156
Number of viruses found 3
Number of infected objects 37
Number of suspicious objects 0
Duration of the scan process 00:38:06

Infected Object Name Virus Name Last Action
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\Programmi\eMule\Temp\001.part/Easy.Web.Editor.v3.16.163.294.Cracked-HERETiC/setup.exe Infected: Trojan-Dropper.Win32.Small.mt skipped

C:\Programmi\eMule\Temp\001.part ZIP: infected - 1 skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP139\A0019052.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019181.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019273.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019275.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019286.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019288.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019421.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019424.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019532.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019534.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019544.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019546.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019562.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP143\A0019564.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP145\A0019819.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP145\A0019820.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP148\A0019902.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP148\A0019904.exe Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP148\A0019912.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP149\A0019926.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP149\A0019929.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP150\A0019952.exe Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP150\A0019953.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP150\A0019954.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP152\A0020000.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP152\A0020002.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP152\change.log Object is locked skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP152\A0021001.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\System Volume Information\_restore{40B70121-7FC1-4057-9C2D-765003B2A806}\RP152\A0021002.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\avenger\backup.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\avenger\backup.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.ff skipped

C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\avenger\backup.zip ZIP: infected - 3 skipped

C:\avenger\backup-02.11.2007-20.33.28,57.zip/avenger/exefld/99906.exe Infected: Trojan-Downloader.Win32.Bagle.fh skipped

C:\avenger\backup-02.11.2007-20.33.28,57.zip ZIP: infected - 1 skipped
Avatar utente
zancafabio
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven nov 02, 2007 8:51 pm

Re: scansione online con kaspersky (zancafabio)

Messaggioda crazy.cat » sab nov 03, 2007 12:24 pm

zancafabio ha scritto:Ciao ho effettuato la scansione online con kaspersky ecco il responso...

Disattiva il ripristino della configurazione e subito dopo riavvia il pc
http://www.MegaLab.it/2330

Questo è lo script per avenger da usare dopo il riavvio, poi prova a reinstallare l'antivirus.

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\eMule\Temp\001.part
C:\avenger\backup.zip
C:\avenger\backup-02.11.2007-20.33.28,57.zip

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

ok con avenger!!

Messaggioda zancafabio » sab nov 03, 2007 1:18 pm

Ciao , ho effettuato le operazioni che mi hai detto ed ha funzionato!!! Grazie mille sei stato gentilissimo!!
Posso chiederti 2 cose??
la prima è se devo riattivare il ripristino configurazione di sistema
la seconda è se mi dai un consiglio di quale antivirus installare (magari free....) ora ho installato AVG.... che dici???

Grazie

Ciao
Avatar utente
zancafabio
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven nov 02, 2007 8:51 pm

Re: ok con avenger!!

Messaggioda crazy.cat » sab nov 03, 2007 1:24 pm

zancafabio ha scritto:la prima è se devo riattivare il ripristino configurazione di sistema

Se proprio lo usi e se lo ritieni utile, riattivalo.

Codice: Seleziona tutto
la seconda è se mi dai un consiglio di quale antivirus installare (magari free....) ora ho installato AVG....  che dici???

Io uso antivir pe, ma è questione di gusti.
contro Bagle non c'è quasi niente che tenga.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

ok...

Messaggioda zancafabio » sab nov 03, 2007 1:30 pm

ok.

Grazie mille se stato davvero gentile

Fabio

Ciao
Avatar utente
zancafabio
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven nov 02, 2007 8:51 pm

Precedente

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising