Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

ANCHH'IO HO PRESO BAGLE!!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

ANCHH'IO HO PRESO BAGLE!!!

Messaggioda Fabieddu » ven gen 04, 2008 5:03 am

Salve,come da titolo anch'io ho preso bagle..Con GMER appare evidente..Il virus mi ha pure creato un eseguibile nella cartella C:,il suo nome è www.exe e ha l'icona delle chiavi,esatta mente come il trusted.exe di cui ho letto sul sito..Il mio problema è che con lo script generico di avenger non ho ancora risolto nulla e sino a ieri non riuscivo nemmeno a fare la scansione online con Kaspersky..Oggi miracolosamente ci sono riuscito,ed ecco il log:


Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 59999
Number of viruses found: 9
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 02:08:03

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-03.01.2008-11.10.24,90.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\avenger\backup-03.01.2008-11.10.24,90.zip ZIP: infected - 1 skipped
C:\avenger\backup-03.01.2008-23.16.43,28.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\avenger\backup-03.01.2008-23.16.43,28.zip ZIP: infected - 1 skipped
C:\avenger\backup.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\avenger\backup.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy3.gthr Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_274.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Luciano\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\cert8.db Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\history.dat Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\key3.db Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\parent.lock Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Luciano\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\x2q365ge.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Temp\~DF351D.tmp Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Temp\~DFC8F1.tmp Object is locked skipped
C:\Documents and Settings\Luciano\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Luciano\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Luciano\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe Infected: Trojan-Downloader.Win32.Bagle.ha skipped
C:\Programmi\DreaMule\incoming\Skyway Builder 2.2.zip/Skyway Builder 2.2.exe Infected: Trojan-Downloader.Win32.Bagle.ha skipped
C:\Programmi\DreaMule\incoming\Skyway Builder 2.2.zip ZIP: infected - 1 skipped
C:\Programmi\PiZZa40\nuke\Hnuke.exe Infected: Nuker.Win32.Hosp.223 skipped
C:\Programmi\PiZZa40\nuke\Icmp3.exe Infected: Flooder.DOS.Code.02 skipped
C:\Programmi\PiZZa40\nuke\ident.exe Infected: Exploit.IRC.Slap skipped
C:\Programmi\PiZZa40\nuke\pingath\lowkill21.ex_/ Infected: Backdoor.Win32.LowKill skipped
C:\Programmi\PiZZa40\nuke\pingath\lowkill21.ex_ MSExpand: infected - 1 skipped
C:\Programmi\PiZZa40\nuke\Portfuck.exe Infected: Nuker.Win32.Portfu skipped
C:\Programmi\PiZZa40\nuke\UDP2.EXE Infected: Flooder.Win32.UDP.102 skipped
C:\Programmi\PiZZa40\Utilities\Flash.exe Infected: Flooder.Win32.Flash3 skipped
C:\Programmi\xampp\apache\logs\access.log Object is locked skipped
C:\Programmi\xampp\apache\logs\error.log Object is locked skipped
C:\Programmi\xampp\apache\logs\ssl_request.log Object is locked skipped
C:\Programmi\xampp\mysql\data\LUCIANO-CASA.err Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP1\A0000045.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP1\A0001493.exe Infected: Trojan-Downloader.Win32.Bagle.ha skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP1\A0001523.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP1\A0001524.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP2\A0001561.exe Infected: Trojan-Downloader.Win32.Bagle.ha skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP2\A0001567.sys Infected: Trojan-Downloader.Win32.Bagle.gz skipped
C:\System Volume Information\_restore{1D8BA932-EE8C-4E39-9669-263DC6E5AF91}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Chi sarebbe così gentile da darmi una mano?Sto impazzendo.. [cry+]
Avatar utente
Fabieddu
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: ven gen 04, 2008 4:55 am
Top

Messaggioda crazy.cat » ven gen 04, 2008 8:37 am

disattiva il rispristino della configurazione e dopo il riavvio del pc applica lo script con avenger
http://www.MegaLab.it/2330

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\avenger\backup-03.01.2008-11.10.24,90.zip
C:\avenger\backup-03.01.2008-23.16.43,28.zip
C:\avenger\backup.zip
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\DreaMule\incoming\Skyway Builder 2.2.zip

Folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Fabieddu » sab gen 05, 2008 4:24 am

Grazie mille,il computer a parte qualche rallentamento al riavvio funziona perfettamente e sono riuscito a reinstallare il mio adorato nod32..Ancora grazie!!!
Avatar utente
Fabieddu
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: ven gen 04, 2008 4:55 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising