Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

problema eliminazione beagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

problema eliminazione beagle

Messaggioda elle » mar set 11, 2007 4:28 pm

credo di avere il virus beagle.....ho fatto lo scan con gmer mi è venuto fuori questo...

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-11 17:16:45
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\drivers\srosa.sys ZwQuerySystemInformation <-- ROOTKIT !!!

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 843541D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 843541D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EEC96230] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [EEC96230] vsdatant.sys

---- Processes - GMER 1.0.13 ----

Process C:\WINDOWS\system32\drivers\hidr.exe (*** hidden *** ) 400
Process C:\Documents and Settings\Administrator\Dati applicazioni\m\flec006.exe (*** hidden *** ) 1980

---- Services - GMER 1.0.13 ----

Service C:\WINDOWS\system32\drivers\srosa.sys (*** hidden *** ) [SYSTEM] srosa <-- ROOTKIT !!!

---- EOF - GMER 1.0.1



adesso non ho idea di cosa fare qualcuno puo aiutarmi per favore?
Ultima modifica di elle il mar set 11, 2007 10:38 pm, modificato 1 volta in totale.
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda elle » mar set 11, 2007 4:35 pm

non riesco a fare la scansione con kaspersky perché dopo un po internet smette di funzionare...........
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda antonio » mar set 11, 2007 4:47 pm

date mille discussioni causa titoli eccessivamente generici puoi modificare quello del tuo post?

http://www.MegaLab.it/forum/viewtopic.php?t=14965
Avatar utente
antonio
Silver Member
Silver Member
 
Messaggi: 1612
Iscritto il: ven apr 04, 2003 7:17 pm
Località: roma e cosenza


Messaggioda BilloKenobi » mar set 11, 2007 5:24 pm

antonio ha ragione, sarebbe il caso di ritoccare il titolo [;)]

comunque sì, hai il bagle.
scarica The Avenger --- http://swandog46.geekstogo.com/avenger.zip

Ora estrai e avvia Avenger.exe

disattiva antivirus, firewall, eventuali moduli hips

Cliica su "Input Script Manually". E poi sulla lente di ingrandimento. così si aprira una finestra,"View/edit script"
devi copiarci e incollarci queste scritte in grassetto:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\Documents and Settings\Administrator\Dati applicazioni\m\flec006.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Dopo di che, clicca sul pulsante Done, poi sul semaforo, e dai due consensi. Il pc si riavvierà da solo, altrimenti fallo a mano

Il programma rilascia un log con le operazioni eseguite.

Allegami il log di Avenger (che si trova in C:\avenger.txt) con l´esito dello script.
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am

Messaggioda elle » mar set 11, 2007 10:38 pm

ho fatto come hai detto ed è venuto fuori questo:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rfdygtvs

*******************

Script file located at: \??\C:\Documents and Settings\ifmrslxm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\Documents and Settings\Administrator\Dati applicazioni\m\flec006.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034

Folder C:\WINDOWS\exefld deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda BilloKenobi » mar set 11, 2007 11:10 pm

come va ora? riesci a usare e installare antivirus?
Begun the Clone War has
Avatar utente
BilloKenobi
Senior Member
Senior Member
 
Messaggi: 453
Iscritto il: gio ago 10, 2006 11:06 am

Messaggioda elle » mer set 12, 2007 8:00 am

no ancora niente
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda crazy.cat » mer set 12, 2007 10:24 am

Il virus è ancora presente.
Se riesci ad avviare la scansione con kaspersky, dopo puoi anche scollegarti da internet e riesce a terminarla anche da offline.
O troviamo tutti i file infetti, o non ne usciamo.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda elle » mer set 12, 2007 4:19 pm

ho fatto la scansione con kaspersky è venuto fuori questo...


Wednesday, September 12, 2007 4:46:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 12/09/2007
Kaspersky Anti-Virus database records: 412666
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 43586
Number of viruses found 6
Number of infected objects 27
Number of suspicious objects 0
Duration of the scan process 00:32:32

Infected Object Name Virus Name Last Action
C:\avenger\backup-11.09.2007-17.14.04,84.zip/avenger/exefld/146140.exe Infected: Trojan-Downloader.Win32.Bagle.dy skipped
C:\avenger\backup-11.09.2007-17.14.04,84.zip/avenger/exefld/213171.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup-11.09.2007-17.14.04,84.zip ZIP: infected - 2 skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/exefld/132718.exe Infected: Email-Worm.Win32.Bagle.jo skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/exefld/220640.exe Infected: Email-Worm.Win32.Bagle.jo skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/exefld/43093.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/exefld/54062.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/exefld/67296.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\avenger\backup-11.09.2007-17.41.47,20.zip ZIP: infected - 7 skipped
C:\avenger\backup-11.09.2007-23.38.32,76.zip/avenger/exefld/60765.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup-11.09.2007-23.38.32,76.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\avenger\backup-11.09.2007-23.38.32,76.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\avenger\backup-11.09.2007-23.38.32,76.zip ZIP: infected - 3 skipped
C:\avenger\backup.zip/avenger/exefld/91718.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup.zip/avenger/flec006.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\avenger\backup.zip/avenger/hidr.exe Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\avenger\backup.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dy skipped
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\Programmi\whInstall\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Programmi\whInstall\whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Programmi\whInstall\whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Programmi\whInstall\whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda crazy.cat » mer set 12, 2007 4:26 pm

controlla il nome preciso dei primi due file, sono questi tre da eliminare, e anche tutta la cartella Muestras se non sai di cosa si tratta.

C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dx skipped
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dy skipped
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe Infected: Trojan-Downloader.Win32.Bagle.dx skipped

ripeti lo script di prima aggiungendo questi tre file ai Files to delete:
mettendo il nome giusto dei file che ti ho indicato.

Dopo il riavvio rimuovi anche la cartella dei backup di the avenger.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda elle » gio set 13, 2007 7:08 am

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hmeewbdd

*******************

Script file located at: \??\C:\WINDOWS\system32\mxewqlng.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.


File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



Could not open file C:\Documents and Settings\Administrator\Dati applicazioni\m\flec006.exe for deletion
Deletion of file C:\Documents and Settings\Administrator\Dati applicazioni\m\flec006.exe failed!

Could not process line:
C:\Documents and Settings\Administrator\Dati applicazioni\m\flec006.exe
Status: 0xc000003a



File C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dx not found!
Deletion of file C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dx failed!

Could not process line:
C:\Muestras\HIDR.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dx
Status: 0xc0000034



File C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dy not found!
Deletion of file C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dy failed!

Could not process line:
C:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.51 Infected: Trojan-Downloader.Win32.Bagle.dy
Status: 0xc0000034



File C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe Infected: Trojan-Downloader.Win32.Bagle.dx not found!
Deletion of file C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe Infected: Trojan-Downloader.Win32.Bagle.dx failed!

Could not process line:
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe Infected: Trojan-Downloader.Win32.Bagle.dx
Status: 0xc0000034



Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
questo è il risultato


Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda elle » gio set 13, 2007 12:56 pm

ancora niente....
Avatar utente
elle
Neo Iscritto
Neo Iscritto
 
Messaggi: 12
Iscritto il: mar set 11, 2007 4:20 pm

Messaggioda crazy.cat » gio set 13, 2007 1:21 pm

Non devi mettere tutta la riga con il nome del virus
File C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe Infected: Trojan-Downloader.Win32.Bagle.dx not found!

ma solo
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe

stessa cosa per gli altri due nella cartella C:\Muestras\ ma guarda come si chiamano di preciso.
Dovrebbe essere
C:\Muestras\HIDR.EXE.Muestra
C:\Muestras\WINTEMS.EXE.Muestra
Ma il nome mi sembra strano, quindi controlla.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 15 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising