Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Virus Bagle

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Virus Bagle

Messaggioda aneder » dom gen 20, 2008 1:21 pm

Ciao!
Sono nuova nel forum, ma ho visto che un sacco di gente ha il mio stesso problema con bagle!
Purtroppo non sono per niente destra col computer, per cio vi chiedero un po di pazienza.... [cry]
Ho gia fatto il kaspersky on line due volte e ogni volta ho elimitato i files infetti che mi permeteva di eliminare..., la prima volta avevo 20 virus e 151 file infetti, la seconda, 12 virus el 79 files infetti eliminati anche di questi i files che mi permeteva, ma non tutti (dice che sono utilizati da un'altra applicazione), sto facendo la terza scansione online, che poi vi passero per avere lo script necessario, me dovete dire che programma devo scaricare per riuscire ad eliminare definitivamente i virus e cosi poter installarte un antivirus (avg free sparito dopo la infestazione)
Spero riuscire a inviarvi l'esito della terza scansione, ma vi ringrazio anticipatamente.
Avatar utente
aneder
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: sab gen 19, 2008 3:37 pm

Messaggioda crazy.cat » dom gen 20, 2008 1:35 pm

Per la pulizia completa ti basta the avenger
http://www.MegaLab.it/2656

Prima però vediamo il risultato di kaspersky e poi prepariamo lo script adatto.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda aneder » lun gen 21, 2008 10:58 am

Questa volta a fare la scansione ci ha messo più di 16 ore!
Vi invio il report, come prima i files che sono riuscita ad eliminare sono gia state eliminate.
Grazie,

Monday, January 21, 2008 10:50:38 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 522946


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 171915
Number of viruses found 9
Number of infected objects 59
Number of suspicious objects 0
Duration of the scan process 16:37:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wsb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy9.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_640.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Cronologia\History.IE5\MSHist012008012020080121\index.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\pipaferrari@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\pipaferrari@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\pipaferrari@hotmail.com\SharingMetadata\Working\database_1E7C_49AF_7C49_830F\dfsr.db Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\pipaferrari@hotmail.com\SharingMetadata\Working\database_1E7C_49AF_7C49_830F\fsr.log Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\pipaferrari@hotmail.com\SharingMetadata\Working\database_1E7C_49AF_7C49_830F\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\pipaferrari@hotmail.com\SharingMetadata\Working\database_1E7C_49AF_7C49_830F\tmp.edb Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\pipaferrari@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\pipaferrari@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temp\~DFBD34.tmp Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temp\~DFBD5F.tmp Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temp\~DFD3BD.tmp Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temp\~DFD6E8.tmp Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_1[3].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\Ferrari\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ferrari\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Ferrari\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Alice ti aiuta\SmartBridge\AlertFilter.log Object is locked skipped

C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log Object is locked skipped

C:\Programmi\Alice ti aiuta\SmartBridge\SmartBridge.log Object is locked skipped

C:\Programmi\DAP\History\Ferrari\_lasthist.dat Object is locked skipped

C:\Programmi\DAP\Log\DAP_REPORT.LOG Object is locked skipped

C:\Programmi\Motive\AsstCommon\log\MotiveDirectory.log Object is locked skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP499\A0115448.exe Infected: Trojan.Win32.Dialer.yl skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115521.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115522.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115531.exe Infected: Trojan.Win32.Dialer.yl skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115532.exe Infected: Trojan.Win32.Dialer.aaf skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115533.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115534.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115535.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115536.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115537.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115538.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115539.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115540.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115541.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115542.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115543.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115544.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115545.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115546.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115547.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115548.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115549.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115550.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115551.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115552.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115553.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115554.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115555.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115556.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115557.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115558.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115559.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115560.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\A0115561.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{732C3204-2AF9-439C-9CB9-CFF93AE32A0D}\RP500\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\iesetup.exe Infected: Backdoor.Win32.Rbot.euv skipped

C:\WINDOWS\lasys32.exe Infected: Trojan.Win32.Dialer.yw skipped

C:\WINDOWS\logon.dll Infected: Trojan.Win32.Inject.sb skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2A3BF1C5-33C9-42DA-B980-469A6ACA1CD9}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\down\116390640.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\130889906.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\145376312.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\159897890.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\159920187.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\174452156.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\174735187.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\189276843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\189292828.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wisyst32.exe Object is locked skipped

Scan process completed.
[/img][/url]
Avatar utente
aneder
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: sab gen 19, 2008 3:37 pm


Messaggioda crazy.cat » lun gen 21, 2008 11:10 am

Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_2[1].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[1].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[2].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[1].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[2].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_1[3].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[1].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[2].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[1].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[2].jpg
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[3].jpg
C:\WINDOWS\iesetup.exe
C:\WINDOWS\lasys32.exe
C:\WINDOWS\logon.dll
C:\WINDOWS\wisyst32.exe

folders to delete:
c:\WINDOWS\exefnd
c:\WINDOWS\exefld
c:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32



Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà e prova a reinstallare subito l'antivirus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda aneder » lun gen 21, 2008 12:42 pm

Grazie mille!!!! [applauso+]

Ho eseguito le tue indicazioni e alla fine sono riuscita ad installare avg free, potresti dirmi se c'è un altro antivirus che sia più valido? Fino adesso mi trovavo bene con avg, ma non ho mai chiesto un parere ad un esperto...
Ancora grazie!!!!
Avatar utente
aneder
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: sab gen 19, 2008 3:37 pm

Messaggioda aneder » lun gen 21, 2008 12:53 pm

mi sono dimenticata di incollare el contenuto del blocco notes di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cqtqkslf

*******************

Script file located at: \??\C:\Program Files\pfiuntih.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.


Could not open file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_2[1].jpg for deletion
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_2[1].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_2[1].jpg
Status: 0xc000003a



Could not open file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[1].jpg for deletion
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[1].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[1].jpg
Status: 0xc000003a



Could not open file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[2].jpg for deletion
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[2].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\33EO9WLJ\b64_3[2].jpg
Status: 0xc000003a



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[1].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[1].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[1].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[2].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[2].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\CZMEQZS6\b64_3[2].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_1[3].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_1[3].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_1[3].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[1].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[1].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[1].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[2].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[2].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\OXKFM6T6\b64_2[2].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[1].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[1].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[1].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[2].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[2].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[2].jpg
Status: 0xc0000034



File C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[3].jpg not found!
Deletion of file C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[3].jpg failed!

Could not process line:
C:\Documents and Settings\Ferrari\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSB24BWV\b64_3[3].jpg
Status: 0xc0000034

File C:\WINDOWS\iesetup.exe deleted successfully.
File C:\WINDOWS\lasys32.exe deleted successfully.
File C:\WINDOWS\logon.dll deleted successfully.
File C:\WINDOWS\wisyst32.exe deleted successfully.


Folder c:\WINDOWS\exefnd not found!
Deletion of folder c:\WINDOWS\exefnd failed!

Could not process line:
c:\WINDOWS\exefnd
Status: 0xc0000034

Folder c:\WINDOWS\exefld deleted successfully.
Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
aneder
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: sab gen 19, 2008 3:37 pm

Messaggioda crazy.cat » lun gen 21, 2008 1:59 pm

aneder ha scritto:Grazie mille!!!! [applauso+]

Ho eseguito le tue indicazioni e alla fine sono riuscita ad installare avg free, potresti dirmi se c'è un altro antivirus che sia più valido? Fino adesso mi trovavo bene con avg, ma non ho mai chiesto un parere ad un esperto...
Ancora grazie!!!!


Questo gratis per sei mesi,
http://www.MegaLab.it/1740
e poi passi alla versione freeware dello stesso antivirus
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda megaman » lun gen 21, 2008 3:39 pm

crazy.cat ha scritto: e poi passi alla versione freeware dello stesso antivirus

ma così non si perde la scansione delle mail?!
Avatar utente
megaman
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: ven gen 18, 2008 10:29 am

Messaggioda crazy.cat » lun gen 21, 2008 3:51 pm

megaman ha scritto:ma così non si perde la scansione delle mail?!

Si, però visto che non si paga non si può avere tutto dalla vita.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Leleweb » lun gen 21, 2008 6:03 pm

Ciao a tutti,
mi chiamo Gabriele e a breve (spero, dato che sto facendo la scansione online con Kaspersky) vi posterò il resoconto così da creare lo script per The Avenger!

P.S.: è retorico dire che sono uno dei tanti infettati...

Ciao!
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Messaggioda Leleweb » mar gen 22, 2008 7:35 pm

Bene, ho fatto 11 ore di scansione.
Vi posto il report in formato codice.
Da notare: avevo precedentemente eseguito la scansione ma solo di alcune cartelle, non tenendo conto del desktop e di una partizione. Il fatto è che quando ho inserito lo script (che ho fatto io e questa volta vi chiedo se per favore me lo fate voi) ho riavviato, ma al riavvio, anche se mi si è aperto avenger, l'antivirus e il resto non funzionava. Dopo l'ultima scansione totale sono stati trovati un sacco di file infetti.
Chi mi aiuta?
Grazie!

Codice: Seleziona tutto
 Tuesday, January 22, 2008 7:26:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/01/2008
Kaspersky Anti-Virus database records: 526268
Scan Settings
Scan using the following antivirus database    extended
Scan Archives    true
Scan Mail Bases    true
Scan Target    My Computer
C:\
D:\
E:\
F:\
H:\
Scan Statistics
Total number of scanned objects    202504
Number of viruses found    10
Number of infected objects    85
Number of suspicious objects    0
Duration of the scan process    11:56:38

Infected Object Name    Virus Name    Last Action
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/109235859.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/109238687.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/109249218.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/121093.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/121484.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/121531.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/130375.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/130796.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/136500.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/137734.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/140312.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14528828.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14533171.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14533843.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14537109.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14540906.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14543609.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14544609.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14733250.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14738203.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/14911390.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/160359.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/160718.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/174281.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/175203.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29088078.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29124125.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29164234.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29180921.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29447015.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29451031.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/29456156.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/51176078.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/51179062.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/51185015.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/72906921.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/72911375.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/72916125.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/87449046.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/87455296.exe    Infected: Trojan.Win32.Pakes.bwy    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/87472375.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/9455921.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/b64_3[1].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/b64_3[1].jpg-ren-458    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/b64_3[2].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/b64_3[2]_jpg.vir    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/b64_3[3].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/b64_3[3]_jpg.vir    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/ctvsgzlx.exe    Infected: Trojan.Win32.Dialer.aaf    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/GoogleToolbarNotifier.exe    Infected: Trojan-Downloader.Win32.Bagle.ii    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/jar_cache17324.tmp    Infected: Trojan.Win32.Dialer.aaf    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/jar_cache19103.tmp/Baaaaa.class    Infected: Trojan.Java.ClassLoader.ap    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/jar_cache19103.tmp/BaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ap    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/jar_cache19103.tmp/VaaaaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ap    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/jar_cache19103.tmp    Infected: Trojan.Java.ClassLoader.ap    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/jar_cache59886.tmp    Infected: Trojan.Win32.Dialer.aaf    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/mdelk.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip/avenger/x7b[1].xml    Infected: Exploit.Multi.Qtp.g    skipped
C:\avenger\backup-22.01.2008- 4.31.05,50.zip    ZIP: infected - 58    skipped
C:\avenger\backup.zip/avenger/b64_3[1].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup.zip/avenger/down/158812.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup.zip/avenger/mdelk.exe    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\avenger\backup.zip    ZIP: infected - 3    skipped
C:\Documents and Settings\Administrator\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Dati applicazioni\$_hpcst$.hpc    Object is locked    skipped
C:\Documents and Settings\Administrator\hdmqpeit.exe    Infected: Trojan.Win32.Dialer.aaf    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Cronologia\History.IE5\MSHist012008012220080123\index.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\WCESLog.log    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\2O03OPYU\b64_3[1].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\6TKSJRQN\b64_3[1].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\MP17B7SE\b64_3[1].jpg    Infected: Email-Worm.Win32.Bagle.of    skipped
C:\Documents and Settings\Administrator\nayfcxwc.exe    Infected: Trojan.Win32.Dialer.aaf    skipped
C:\Documents and Settings\Administrator\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Administrator\UserData\index.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt    Object is locked    skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt    Object is locked    skipped
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG    Object is locked    skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-01-22.04-31-11.log    Object is locked    skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\ib_logfile0    Object is locked    skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\ib_logfile1    Object is locked    skipped
C:\Programmi\MySQL\MySQL Server 5.0\data\lele.err    Object is locked    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\CSC\00000001    Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt    Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt    Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\config\ACEEvent.evt    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\default    Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt    Object is locked    skipped
C:\WINDOWS\system32\config\SAM    Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SB Insta.evt    Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\software    Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\system    Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
C:\WINDOWS\system32\dllcache\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\system32\drivers\sptd.sys    Object is locked    skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log    Object is locked    skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl    Object is locked    skipped
C:\WINDOWS\system32\ntoskrnl.exe    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
C:\WINDOWS\Temp\ib25.tmp    Object is locked    skipped
C:\WINDOWS\Temp\ib26.tmp    Object is locked    skipped
C:\WINDOWS\Temp\ib27.tmp    Object is locked    skipped
C:\WINDOWS\Temp\ib28.tmp    Object is locked    skipped
C:\WINDOWS\Temp\ib29.tmp    Object is locked    skipped
C:\WINDOWS\wiadebug.log    Object is locked    skipped
C:\WINDOWS\wiaservc.log    Object is locked    skipped
E:\MySQL Datafiles\ibdata1    Object is locked    skipped
E:\Files scaricati\Incomplete\009.part/CrossFont 5 working CRACK!!!.exe/crack.exe    Infected: Trojan.Win32.VB.azv    skipped
E:\Files scaricati\Incomplete\009.part/CrossFont 5 working CRACK!!!.exe/ca.exe    Infected: Trojan.Win32.VB.azv    skipped
E:\Files scaricati\Incomplete\009.part/CrossFont 5 working CRACK!!!.exe/ff.exe    Infected: Trojan.Win32.VB.azv    skipped
E:\Files scaricati\Incomplete\009.part/CrossFont 5 working CRACK!!!.exe    Infected: Trojan.Win32.VB.azv    skipped
E:\Files scaricati\Incomplete\009.part    ZIP: infected - 4    skipped
E:\Files scaricati\CrossFont 5.1.zip/CrossFont 5.1.exe    Infected: Trojan-Downloader.Win32.Bagle.ii    skipped
E:\Files scaricati\CrossFont 5.1.zip    ZIP: infected - 1    skipped
E:\Files scaricati\CrossFont 5.1 Key.zip/CrossFont 5.1 Key.exe    Infected: Trojan-Downloader.Win32.Bagle.ii    skipped
E:\Files scaricati\CrossFont 5.1 Key.zip    ZIP: infected - 1    skipped
E:\Files scaricati\DAP Download Accelerator Plus v8 Premium + crack.rar/crack/DAP.exe    Infected: not-a-virus:AdWare.Win32.Dap.a    skipped
E:\Files scaricati\DAP Download Accelerator Plus v8 Premium + crack.rar    RAR: infected - 1    skipped
E:\Files scaricati\MorphVOX Pro 3 CRACK.zip/Path_r37.00.exe/stream/data0001    Infected: not-a-virus:RiskTool.Win32.FWDisabler.a    skipped
E:\Files scaricati\MorphVOX Pro 3 CRACK.zip/Path_r37.00.exe/stream    Infected: not-a-virus:RiskTool.Win32.FWDisabler.a    skipped
E:\Files scaricati\MorphVOX Pro 3 CRACK.zip/Path_r37.00.exe    Infected: not-a-virus:RiskTool.Win32.FWDisabler.a    skipped
E:\Files scaricati\MorphVOX Pro 3 CRACK.zip    ZIP: infected - 3    skipped
E:\Files scaricati\Download.Accelerator.Plus.v8.5.5.5.Multilangages.Incl.Crack.rar/Crack/DAP.exe    Infected: Trojan-Spy.Win32.Banker.fzf    skipped
E:\Files scaricati\Download.Accelerator.Plus.v8.5.5.5.Multilangages.Incl.Crack.rar    RAR: infected - 1    skipped
Scan process completed.
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Messaggioda Leleweb » mar gen 22, 2008 7:37 pm

Noto anche che Bagle ha contaminato la cartella di backup di Avenger (dopo il primo utilizzo). Non so come procedere.

Errata Corrige: le ore sono 12, non 11 [8)]
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Messaggioda ste_95 » mar gen 22, 2008 8:23 pm

Bagle non ha ciontaminato Avenger, è lui stesso che ha fatto un backup dei ifle eliminati, comunque ecco lo script:


Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\avenger\backup-22.01.2008- 4.31.05,50.zip
C:\avenger\backup.zip
C:\Documents and Settings\Administrator\hdmqpeit.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\2O03OPYU\b64_3[1].jpg
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\6TKSJRQN\b64_3[1].jpg
C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\MP17B7SE\b64_3[1].jpg
E:\Files scaricati\Incomplete\009.part
E:\Files scaricati\CrossFont 5.1.zip
E:\Files scaricati\CrossFont 5.1 Key.zip
E:\Files scaricati\DAP Download Accelerator Plus v8 Premium + crack.rar
E:\Files scaricati\Download.Accelerator.Plus.v8.5.5.5.Multilangages.Incl.Crack.rar

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Ora, se tutto è andato a buon fine, dovresti riuscire a reinstallare un valido antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Leleweb » mar gen 22, 2008 8:39 pm

Codice: Seleziona tutto
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mibwxjmg

*******************

Script file located at: \??\C:\Program Files\twgwotyv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034


Ora installo AVG che avevo già scaricato.
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Messaggioda ste_95 » mar gen 22, 2008 9:05 pm

Il log è tagliato. In ogni caso se hai installato l'antivirus significa che tutto è andato a buon fine.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Leleweb » mar gen 22, 2008 10:35 pm

Ste GRAZIE!!!! [^]
Ho installato Avast ed è andato tutto bene, mi ha fatto la scansione prima dell'avvio!! Ora funziona anche CCleaner che prima non andava neanche a pagarlo!!
Non so come ringraziarti! Hai posto fine alle mie sofferenze, al lavoro il portatile mi serve come il pane!
Grazie di cuore!!
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Messaggioda Leleweb » mar gen 22, 2008 11:38 pm

Una cosa ancora: ora che il pc è ritornato ad essere protetto (Spybot S&D, Avast-Home, Ad-Aware, Ccleaner e altri programmi che ho installato) posso ritornare ad usare eMule (so che non devo più aprire sprovvedutamente files sospetti)?
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Messaggioda ste_95 » mer gen 23, 2008 7:01 am

SI, ma miraccomando a ciò che scarichi!
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda crazy.cat » mer gen 23, 2008 8:34 am

Leleweb ha scritto:(so che non devo più aprire sprovvedutamente files sospetti)?

Prima li fai provare a questo sito
http://www.MegaLab.it/2425
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Leleweb » ven gen 25, 2008 2:43 pm

Ciao, grazie dei consigli!
Ma non è ancora finita.
Come ho già detto, Avast funziona, come CCleaner e Spybot (che non mi funzionava più, assieme a CCleaner e molti altri). Il fatto è che OGNI GIORNO Avast mi trova in "C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\" una valanga di Trojan&Co..
Come devo fare? Ho fatto una scansione con Gmer, ma niente. Per il resto funziona tutto, ma questi odiosi Trojan non la smettono di riprodursi.
Grazie!
Avatar utente
Leleweb
Neo Iscritto
Neo Iscritto
 
Messaggi: 7
Iscritto il: lun gen 21, 2008 5:16 pm
Località: Rimini

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 14 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising