Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Sempre con bagle....

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Messaggioda Dagon » mar gen 08, 2008 11:39 pm

Ciao crazy.cat, ho fatto la scansione online sul sito della kaspersky e questo è il risultato:

Scan Statistics
Total number of scanned objects 46859
Number of viruses found 9
Number of infected objects 52
Number of suspicious objects 0
Duration of the scan process 14:08:06

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alessio\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\cert8.db Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\history.dat Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\key3.db Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\parent.lock Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\7adb71e3-1849a355 Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Alessio\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-6885ab0f-5a8620ee.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\dp4ja9i6.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_3[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_3[3].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\CTKPQ34X\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\CTKPQ34X\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\CTKPQ34X\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_1[2].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[4].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\Alessio\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alessio\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe Infected: Trojan-Downloader.Win32.Bagle.hn skipped
C:\Programmi\eMule\Incoming\(Pda) Palm Os Software 2006 Over 150 Programs.zip/palmsoftware - downloads/vnc-3.3.3r2_x86_win32 - Access any PC off your PC!.zip/vnc_x86_win32/vncviewer/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
C:\Programmi\eMule\Incoming\(Pda) Palm Os Software 2006 Over 150 Programs.zip/palmsoftware - downloads/vnc-3.3.3r2_x86_win32 - Access any PC off your PC!.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
C:\Programmi\eMule\Incoming\(Pda) Palm Os Software 2006 Over 150 Programs.zip ZIP: infected - 2 skipped
C:\Programmi\eMule\Incoming\(Pda) Palm Os Software Over 100 Programs.zip/palmsoftware - downloads/vnc-3.3.3r2_x86_win32 - Access any PC off your PC!.zip/vnc_x86_win32/vncviewer/vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
C:\Programmi\eMule\Incoming\(Pda) Palm Os Software Over 100 Programs.zip/palmsoftware - downloads/vnc-3.3.3r2_x86_win32 - Access any PC off your PC!.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
C:\Programmi\eMule\Incoming\(Pda) Palm Os Software Over 100 Programs.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP387\A0153915.exe Infected: Trojan-Downloader.Win32.Bagle.hn skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP387\A0153916.sys Infected: Trojan-Downloader.Win32.Bagle.hq skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP387\A0153991.exe Infected: Trojan-Downloader.Win32.Bagle.hn skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP387\A0153992.sys Infected: Trojan-Downloader.Win32.Bagle.hq skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154106.exe Infected: Trojan-Downloader.Win32.Bagle.hn skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154107.sys Infected: Trojan-Downloader.Win32.Bagle.hq skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154134.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154155.exe Infected: Trojan-Downloader.Win32.Bagle.hn skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154162.sys Infected: Trojan-Downloader.Win32.Bagle.hq skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154187.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154193.exe Infected: Trojan-Downloader.Win32.Bagle.hn skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\A0154200.sys Infected: Trojan-Downloader.Win32.Bagle.hq skipped
C:\System Volume Information\_restore{7C2E05C7-ACF4-42B8-A50D-BFCCE0CD10AD}\RP388\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\129593.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\WINDOWS\system32\drivers\down\14763171.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\5145750.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\5166203.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\WINDOWS\system32\drivers\down\5167453.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\WINDOWS\system32\drivers\down\79421.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\83906.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\86671.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\96453.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\drivers\down\98453.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\winlogon32.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
D:\PROGRAMS\NEW\nero 7 vista\Nero-7.7.5.1_ita_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\PROGRAMS\NEW\nero 7 vista\Nero-7.7.5.1_ita_trial.exe RAR: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

cosa devo fare?mi puoi aiutare? grazie mille
Avatar utente
Dagon
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: mar gen 08, 2008 5:04 am
Top

Messaggioda crazy.cat » mer gen 09, 2008 8:46 am

Dagon ha scritto:Ciao crazy.cat, ho fatto la scansione online sul sito della kaspersky e questo è il risultato:


Disattiva il ripristino della configurazione e riavvia il pc
http://www.MegaLab.it/2330

Poi applichi questo script ad avenger.

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\Documents and Settings\Alessio\Dati applicazioni\Sun\Java\Deployment\cache\6.0\35\7adb71e3-1849a355
C:\Documents and Settings\Alessio\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-6885ab0f-5a8620ee.class
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_2[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_2[2].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_3[1].jpg
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_3[2].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\7B9BFXOG\b64_3[3].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\CTKPQ34X\b64_1[1].jpg
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\CTKPQ34X\b64_1[2].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\CTKPQ34X\b64_3[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_1[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_1[2].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_2[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\QRQFMD2Z\b64_3[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_1[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[1].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[2].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[3].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_2[4].jpg 
C:\Documents and Settings\Alessio\Impostazioni locali\Temporary Internet Files\Content.IE5\WBB7Y8XD\b64_3[1].jpg
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe 
C:\WINDOWS\winlogon32.exe 
D:\PROGRAMS\NEW\nero 7 vista\Nero-7.7.5.1_ita_trial.exe

Folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Interessanti le tue varianti di bagle.
Altra mutazione in corso per questo virus bas***do.....
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda Dagon » gio gen 10, 2008 12:59 am

Grazie mille Crazy.cat
Avatar utente
Dagon
Neo Iscritto
Neo Iscritto
 
Messaggi: 2
Iscritto il: mar gen 08, 2008 5:04 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising