Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Ennesimo Bagle Trojan win32 [RISOLTO]

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Ennesimo Bagle Trojan win32 [RISOLTO]

Messaggioda rolcia2 » dom feb 03, 2008 10:17 am

Salve vi riporto lo scan con kaspersky online


C:\Documents and Settings\All Users\Dati applicazioni\Technisat\DVB-PC TV

Stars\EPG.ldb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Technisat\DVB-PC TV

Stars\EPG.MDB Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked

skipped

C:\Documents and Settings\LocalService\Impostazioni

locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati

applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati

applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet

Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped



C:\Documents and Settings\NetworkService\Impostazioni locali\Dati

applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati

applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked

skipped

C:\Documents and Settings\Rolex\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\call256.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati

applicazioni\Skype\uaccone\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\chat256.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\chat512.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati

applicazioni\Skype\uaccone\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\chatmsg1024.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\chatmsg2048.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\chatmsg256.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\chatmsg512.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati

applicazioni\Skype\uaccone\chatsync\6b\6bf8a7c663fe6da9.dat Object is locked

skipped

C:\Documents and Settings\Rolex\Dati

applicazioni\Skype\uaccone\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Rolex\Dati

applicazioni\Skype\uaccone\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\index2.dat

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\profile16384.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\transfer256.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\transfer512.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\user1024.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\user16384.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\user256.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\user32768.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\user4096.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Dati applicazioni\Skype\uaccone\voicemail256.dbb

Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni

locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni

locali\Cronologia\History.IE5\MSHist012008020220080203\index.dat Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\ApplicationHistory\hpqimzone.exe.fd734169.ini.inuse Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati applicazioni\HP\Digital

Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\rolandociarla@hotmail.com\SharingMetadata\Logs\

Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\rolandociarla@hotmail.com\SharingMetadata\pendi

ng.dat Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\rolandociarla@hotmail.com\SharingMetadata\Worki

ng\database_269C_37A3_9C37_6D05\dfsr.db Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\rolandociarla@hotmail.com\SharingMetadata\Worki

ng\database_269C_37A3_9C37_6D05\fsr.log Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\rolandociarla@hotmail.com\SharingMetadata\Worki

ng\database_269C_37A3_9C37_6D05\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Messenger\rolandociarla@hotmail.com\SharingMetadata\Worki

ng\database_269C_37A3_9C37_6D05\tmp.edb Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Dati

applicazioni\Microsoft\Windows Live

Contacts\rolandociarla@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\hpodvd09.log Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\JET2565.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\JET4.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\JET8.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\JETD05F.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni

locali\Temp\Perflib_Perfdata_2f4.dat Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni

locali\Temp\Perflib_Perfdata_300.dat Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\~DF7F6A.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\~DF9EC7.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\~DFB61C.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\~DFC8B3.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temp\~DFD17D.tmp Object is

locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\6PW6D2FG\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\6PW6D2FG\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\6PW6D2FG\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\6PW6D2FG\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\6PW6D2FG\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\6PW6D2FG\b64_31[4].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_1[3].jpg Infected: Trojan-PSW.Win32.Agent.xd

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_31[4].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_31[5].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\9AYCHL9B\b64_31[6].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\N37NLS86\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\N37NLS86\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\N37NLS86\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\N37NLS86\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\N37NLS86\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618\b64_2[3].jpg Infected: Trojan.Win32.Pakes.bwy

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of

skipped

C:\Documents and Settings\Rolex\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Rolex\ntuser.dat.LOG Object is locked skipped

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.96 Infected:

Trojan-Downloader.Win32.Bagle.jd skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\chandir.dat

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\chandir.idx

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\chn.dat Object

is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\chn.idx Object

is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\D0000000.FCS

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\inuse.txt

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\L0000011.FCS

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\main.log

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs.dat Object

is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs.idx Object

is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_die.dat

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_die.idx

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_dnd.dat

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_dnd.idx

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_ext.dat

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_ext.idx

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_rcv.dat

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\prs_rcv.idx

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\storydb.dat

Object is locked skipped

C:\Programmi\Logitech\Desktop Messenger\8876480\Users\Rolex\Data\storydb.idx

Object is locked skipped

C:\Programmi\TeamViewer3\TeamViewer3_Logfile.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked

skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000013.sys

Infected: Trojan-Downloader.Win32.Bagle.iw skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000016.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000017.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000058.reg

Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000059.reg

Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000063.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000064.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000070.exe

Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000083.exe

Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000107.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000108.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000110.exe

Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000112.exe

Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000113.exe

Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000114.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000115.sys

Infected: Trojan-Downloader.Win32.Bagle.iw skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000116.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0000167.exe

Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001162.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001163.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001164.sys

Infected: Trojan-Downloader.Win32.Bagle.iw skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001165.exe

Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001167.exe

Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001168.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001187.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001237.reg

Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001238.reg

Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001243.exe

Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001244.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001253.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001254.exe

Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001255.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001256.sys

Infected: Trojan-Downloader.Win32.Bagle.iw skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001257.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001391.sys

Infected: Trojan-Downloader.Win32.Bagle.iw skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001420.reg

Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001421.reg

Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0001434.exe

Infected: Trojan-Downloader.Win32.Bagle.jd skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0002422.sys

Infected: Trojan-Downloader.Win32.Bagle.iw skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0002425.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\A0002426.exe

Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume

Information\_restore{FBD225D4-108F-4D8F-AFEE-514C5DB4D0ED}\RP1\change.log

Object is locked skipped

C:\TEMP\iniag2101.exe/data0002 Infected: Trojan-Downloader.Win32.Small.buy

skipped

C:\TEMP\iniag2101.exe/data0003 Infected: Trojan-Downloader.Win32.Small.hml

skipped

C:\TEMP\iniag2101.exe NSIS: infected - 2 skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\S16C636C3.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\ardCo03\ardCo031064.exe Infected:

Trojan-Downloader.Win32.VB.caw skipped

C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ir3\duw1drvr3.exe Infected:

Trojan-Downloader.Win32.Small.hml skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\rf1\aroblcidr2.exe Infected:

Trojan-Downloader.Win32.Small.buy skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.



Mi potete dare gli script per avenger sperando che finisca il tutto in quanto ho avast sparito e tutte le applicazioni exe e collegamenti che mi dicono che non e' un'applicazione di win32 valida.....Grazie mille
Ultima modifica di rolcia2 il dom feb 03, 2008 6:11 pm, modificato 1 volta in totale.
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda ste_95 » dom feb 03, 2008 10:31 am

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ardCo03\ardCo031064.exe
C:\WINDOWS\system32\ir3\duw1drvr3.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\6PW6D2FG
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\9AYCHL9B
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\N37NLS86
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\VW6Y5618
C:\Muestras
C:\TEMP

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Ora, se tutto è andato a buon fine, dovresti riuscire a reinstallare un valido antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda rolcia2 » dom feb 03, 2008 12:19 pm

Ottimo vi allego il report di avenger....



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xghnynws

*******************

Script file located at: \??\C:\oksgvufl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.


File C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe not found!
Deletion of file C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe failed!

Could not process line:
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ardCo03\ardCo031064.exe not found!
Deletion of file C:\WINDOWS\system32\ardCo03\ardCo031064.exe failed!

Could not process line:
C:\WINDOWS\system32\ardCo03\ardCo031064.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ir3\duw1drvr3.exe not found!
Deletion of file C:\WINDOWS\system32\ir3\duw1drvr3.exe failed!

Could not process line:
C:\WINDOWS\system32\ir3\duw1drvr3.exe
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.


Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet not found!
Deletion of folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet failed!

Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Status: 0xc0000034



Could not open folder Files\Content.IE5\6PW6D2FG for deletion
Deletion of folder Files\Content.IE5\6PW6D2FG failed!

Could not process line:
Files\Content.IE5\6PW6D2FG
Status: 0xc000003a



Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet not found!
Deletion of folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet failed!

Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Status: 0xc0000034



Could not open folder Files\Content.IE5\9AYCHL9B for deletion
Deletion of folder Files\Content.IE5\9AYCHL9B failed!

Could not process line:
Files\Content.IE5\9AYCHL9B
Status: 0xc000003a



Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet not found!
Deletion of folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet failed!

Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Status: 0xc0000034



Could not open folder Files\Content.IE5\N37NLS86 for deletion
Deletion of folder Files\Content.IE5\N37NLS86 failed!

Could not process line:
Files\Content.IE5\N37NLS86
Status: 0xc000003a



Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet not found!
Deletion of folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet failed!

Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Status: 0xc0000034



Could not open folder Files\Content.IE5\VW6Y5618 for deletion
Deletion of folder Files\Content.IE5\VW6Y5618 failed!

Could not process line:
Files\Content.IE5\VW6Y5618
Status: 0xc000003a

Folder C:\Muestras deleted successfully.
Folder C:\TEMP deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Firewall riattivabile e rimane sempre aperto e reinstallato avast funzionante alla perfezione..Grazie.
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top
Top

Messaggioda ste_95 » dom feb 03, 2008 12:25 pm

Esegui ancora questo script con Avenger:

Folders to delete:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\6PW6D2FG
Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\9AYCHL9B
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet Files\Content.IE5\N37NLS86
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet Files\Content.IE5\VW6Y5618

Ripristina la modalità provvisoria utilizzando questo file.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda rolcia2 » dom feb 03, 2008 12:38 pm

Eseguito secondo script come sopra,ovviamente al riavvio avast mi ha trovato un worm win32 in c:avenger ecc.. jpg,,cancellato e poi di seguito riporto il secondo report dopo il riavvio e cancellazione..


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tthmpovd

*******************

Script file located at: \??\C:\Documents and Settings\wkvgfepg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet not

found!
Deletion of folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary

Internet failed!

Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Status: 0xc0000034



Could not open folder Files\Content.IE5\6PW6D2FG for deletion
Deletion of folder Files\Content.IE5\6PW6D2FG failed!

Could not process line:
Files\Content.IE5\6PW6D2FG
Status: 0xc000003a



Folder Could not process line: not found!
Deletion of folder Could not process line: failed!

Could not process line:
Could not process line:
Status: 0xc0000034



Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet not

found!
Deletion of folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary

Internet failed!

Could not process line:
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Status: 0xc0000034



Could not open folder Files\Content.IE5\9AYCHL9B for deletion
Deletion of folder Files\Content.IE5\9AYCHL9B failed!

Could not process line:
Files\Content.IE5\9AYCHL9B
Status: 0xc000003a

Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\N37NLS86 deleted successfully.
Folder C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet

Files\Content.IE5\VW6Y5618 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda ste_95 » dom feb 03, 2008 12:42 pm

Elimina manualmente le cartelle seguenti:


C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\6PW6D2FG
C:\Documents and Settings\Rolex\Impostazioni locali\Temporary Internet
Files\Content.IE5\9AYCHL9B
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda rolcia2 » dom feb 03, 2008 12:48 pm

La cartella content ie la trovo solo su defalt user e comunque non trovo quelle cartelle da te citate,comunque in rolex ho cancellato tutti i temporaney internet files ,dimenticavo che il safe boot e stato ripristinato con quel file e funge bene penso con f8 con la scheda qdi ,inoltre quando abbiamo finito qui avrei un problemino leggero con un notebook simile...Grazie.
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda rolcia2 » dom feb 03, 2008 1:30 pm

Per il secondo problema riguarda un notebook con avast e firewall attivato ma con problemi nell'installazioni di applicazioni dicendo handle non corretto e se si klikka su un collegamento mi dice handle non trovato.
Queste sono solo alcune directory dove kasper le trova infette.Le altre non le posto senno sono troppe.Thanks.



C:\Documents and Settings\sergio lucia\Application Data\Pop One Mapi\uegzrawt.exe Infected: Trojan.Win32.Inject.sp skipped

C:\Documents and Settings\sergio lucia\Temporary Internet Files\Content.IE5\KNJ2OLW4\MessengerSkinner_setup[1].exe Infected: Trojan-Dropper.Win32.Agent.dtk skipped

C:\Documents and Settings\sergio lucia\Temporary Internet Files\Content.IE5\UA3G8REY\InternetGameBox_setup[1].exe Infected: Trojan-Dropper.Win32.Agent.eaf skipped

C:\Programmi\Circle Developement\Uninstall.exe Infected: Trojan.Win32.Obfuscated.mt skipped

C:\Programmi\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped


C:\Programmi\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

C:\Programmi\RealVNC\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

C:\Programmi\RealVNC\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

C:\Programmi\RealVNC\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

C:\Programmi\Servizi in linea\IT\Interfree\HP-easy.exe/data0003 Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped

C:\Programmi\Servizi in linea\IT\Interfree\HP-easy.exe Inno: infected - 1 skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.2\porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.3\porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.4\porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.5\porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\WINDOWS\Downloaded Program Files\porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\WINDOWS\Temp\NSIS_install_msgskinner.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.NaviPromo.cf skipped

C:\WINDOWS\Temp\NSIS_install_msgskinner.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.cf skipped

C:\WINDOWS\Temp\NSIS_install_msgskinner.exe NSIS: infected - 2 skipped
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda crazy.cat » dom feb 03, 2008 1:37 pm

rolcia2 ha scritto:Le altre non le posto senno sono troppe.

Togliere solo metà dei virus non risolve il problema.
Allega il file di report alla discussione
http://www.MegaLab.it/forum/viewtopic.p ... 130#327130
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda rolcia2 » dom feb 03, 2008 1:55 pm

ecco fatto
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda ste_95 » dom feb 03, 2008 2:57 pm

E' una lista di 100 000 e passa voci, se la devo leggere in txt ci vengo pazzo. Segui le istruzioni del post segnalato da Crazy.cat.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda rolcia2 » dom feb 03, 2008 11:27 pm

Vi allego lo scan di scanspyware e trovato ancora bagle e cancellato.



Application Information

=======================



Application Version: ScanSpyware v3.8 build 3.8.0.4

Original Database: pests12-19-04.db

Updated Database: ssdb020208.db

Current Date: Sunday, February 03, 2008 11:27:47 PM

__________________________________________________



Directories recognized:

=======================



__________________________________________________



Files recognized:

=================



[MalwareAlarm]

C:\WINDOWS\downloaded program files\setup.inf



__________________________________________________



Registry keys recognized:

=========================



[Bagle.CU]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SROSA



__________________________________________________



Registry values recognized:

===========================



__________________________________________________



Cookies recognized:

===================



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@127.0.0[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@ad.yieldmanager[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@adrevolver[1].txt



[Adserver]

c:\documents and settings\rolex\cookies\rolex@adserver[1].txt



[DSE]

c:\documents and settings\rolex\cookies\rolex@adserver[1].txt



[Serv]

c:\documents and settings\rolex\cookies\rolex@adserver[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@adserver[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@adtech[1].txt



[Advertising.com]

c:\documents and settings\rolex\cookies\rolex@advertising[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@advertising[1].txt



[Serv]

c:\documents and settings\rolex\cookies\rolex@bs.serving-sys[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@bs.serving-sys[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@cgi-bin[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@doubleclick[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@fastclick[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@media.adrevolver[1].txt



[Starware]

c:\documents and settings\rolex\cookies\rolex@overture[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@overture[1].txt



[Lama]

c:\documents and settings\rolex\cookies\rolex@programaseducativos-salamanca[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@realmedia[1].txt



[Serv]

c:\documents and settings\rolex\cookies\rolex@serviceswitching[1].txt



[VX2]

c:\documents and settings\rolex\cookies\rolex@serviceswitching[1].txt



[Serv]

c:\documents and settings\rolex\cookies\rolex@serving-sys[2].txt



[Pport]

c:\documents and settings\rolex\cookies\rolex@support.microsoft[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@traceics.com[1].txt



[TradeDoubler]

c:\documents and settings\rolex\cookies\rolex@tradedoubler[1].txt



[TradeDoubler]

c:\documents and settings\rolex\cookies\rolex@tradedoubler[1].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@tribalfusion[1].txt



[Verify]

c:\documents and settings\rolex\cookies\rolex@verify[2].txt



[Tracking Cookies]

c:\documents and settings\rolex\cookies\rolex@www.comprabanner[1].txt



[Zedo]

c:\documents and settings\rolex\cookies\rolex@zedo[2].txt



[Zedo]

c:\documents and settings\rolex\cookies\rolex@zedo[2].txt



__________________________________________________
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda ste_95 » lun feb 04, 2008 6:58 am

Non ha trovato un tubo....

E' così difficile postare il log di kaspersky seguendo le istruzioni che ti ho dato?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda rolcia2 » lun feb 04, 2008 11:37 pm

Forse ho capito,vi scrivo quello che ha scansionato kasper...


Monday, February 04, 2008 11:31:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 548131


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 102531
Number of viruses found 5
Number of infected objects 18
Number of suspicious objects 0
Duration of the scan process 01:18:00


Infected Object Name Virus Name Last Action
C:\Avenger\backup.zip/avenger/porno1.exe Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\Avenger\backup.zip/avenger/porno1.exe-ren-262 Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\Avenger\backup.zip/avenger/porno1.exe-ren-265 Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\Avenger\backup.zip/avenger/porno1.exe-ren-267 Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\Avenger\backup.zip/avenger/porno1.exe-ren-270 Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\Avenger\backup.zip/avenger/porno1.exe-ren-272 Infected: Trojan-Clicker.Win32.Agent.ok skipped

C:\Avenger\backup.zip ZIP: infected - 6

C:\WINDOWS\Temp\NSIS_install_msgskinner.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.NaviPromo.cf skipped

C:\WINDOWS\Temp\NSIS_install_msgskinner.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.cf skipped

C:\WINDOWS\Temp\NSIS_install_msgskinner.exe NSIS: infected - 2 skipped
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda ste_95 » mar feb 05, 2008 8:08 am

...seguendo queste istruzioni per postarlo:

http://www.MegaLab.it/forum/viewtopic.p ... 130#327130
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top

Messaggioda rolcia2 » mar feb 05, 2008 8:41 am

Grazie Ste ma non so dove postarlo,aprire un nuovo topic oppure dove postarlo,io ho seguito le istruzioni ma non saprei dove postarlo.Grazie.
Avatar utente
rolcia2
Aficionado
Aficionado
 
Messaggi: 35
Iscritto il: dom feb 03, 2008 10:13 am
Top

Messaggioda ste_95 » mar feb 05, 2008 8:44 am

vi invitiamo a salvare il log della scansione e comprimerlo in formato zip, quindi allegarlo a un post utilizzando l'apposita funzione Carica un file.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising