www.MegaLab.it

da **lan@celot** » ven feb 22, 2008 10:34 am

Intanto grazie a tutti per l'aiuto.
Ho provato varie cose da voi suggerite, ma non ho ancora risolto il problema. Intanto - circa la impossibilità di installare Avenger - vorrei segnalare quanto da me trovato, fate così e l'installazione di Avenger funzionerà:
andate al sito
http://swandog46.geekstogo.com/
quando appare la schermata andate al capitolo e leggete 1)

The Tools

1) The Avenger – a full-scriptable, kernel-level driver designed to remove highly persistent files and registry keys/values protected by entrenched malware. It works ONLY for Windows 2000 and XP. See here for usage and release notes. If the ZIP compression format poses a problem, a non-compressed EXE is available here.

Cliccando su “here” si apre Avenger non zippato e si installa immediatamente.
Questa è già una soluzione (funzionava fino a tre minuti fa).

Mi permetto di inviare il listato di Karspensky sotto forma di documento Word (chiedo perdono ma non riesco a fare altrimenti)

Infected Object Name Virus Name Last Action
C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/100687.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/100781.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/101187.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/104031.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/106453.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/107359.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/108328.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/109218.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/111109.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/111640.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/115859.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/116250.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/118312.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/119296.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/120125.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/125218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/130109.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/131843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/139640.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/72890.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/74890.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/76218.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/77312.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/80359.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/82640.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/84515.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/85453.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/88500.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/89265.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/89500.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/89765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/90375.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/90390.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/94171.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/95609.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/95718.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/96296.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/98046.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/down/99734.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\avenger\backup-20.02.2008-23.53.26,60.zip ZIP: infected - 42 skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy19.gthr Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_750.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\call256.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\callmember256.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\chat512.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\index2.dat Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\profile4096.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\transfer512.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\user1024.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\user16384.dbb Object is locked skipped

C:\Documents and Settings\user\Dati applicazioni\Skype\angcusol\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\MSHist012008022020080221\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Cronologia\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbdam Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbdao Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbeam Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbeao Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbm Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\fii.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\fiih.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\hp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\rpm.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\rpm1m.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\rpm1mh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-black-enchashm.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-black-urlm.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-black-urlmh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-malware-domainm.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-white-domainm.cf1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Google\Google Desktop\1c836597395d\safeweb\goog-white-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temp\~DFB21F.tmp Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\setupxv[1].exe/AntiSpywareBot/AntiSpywareBot.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.g skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\setupxv[1].exe/AntiSpywareBot/AntiSpywareBot.srv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.e skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\setupxv[1].exe 7-Zip: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\setupxv[1].exe UPX: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V\setupxv[1].exe PE_Patch.UPX: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8\setupxv[1].exe/AntiSpywareBot/AntiSpywareBot.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.g skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8\setupxv[1].exe/AntiSpywareBot/AntiSpywareBot.srv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.e skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8\setupxv[1].exe 7-Zip: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8\setupxv[1].exe UPX: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8\setupxv[1].exe PE_Patch.UPX: infected - 2 skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX\b64_1[3].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX\b64_1[4].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VK7231RF\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\UserData\index.dat Object is locked skipped

C:\Programmi\Alice ti aiuta\SmartBridge\AlertFilter.log Object is locked skipped

C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log Object is locked skipped

C:\Programmi\Alice ti aiuta\SmartBridge\SmartBridge.log Object is locked skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped

C:\sti.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP1\A0000018.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP2\A0000184.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0000210.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001212.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001300.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001304.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001305.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001418.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001422.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001423.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001437.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001461.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001465.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001466.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001467.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001470.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001472.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001476.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001478.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001480.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001484.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001485.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001490.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001491.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001495.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001498.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001511.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001518.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001521.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001548.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001801.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001802.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001803.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001804.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001805.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001807.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001809.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001810.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001813.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001814.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001815.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001816.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001817.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001818.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001821.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001824.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001825.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001826.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001828.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001831.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001832.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001833.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001834.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001839.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001850.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001851.reg Infected: Trojan-Downloader.Win32.Bagle.hp skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001860.sys Infected: Trojan-Downloader.Win32.Bagle.jx skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001862.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\A0001863.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{91853E40-5B47-48C3-8D0C-05B30022C995}\RP3\change.log Object is locked skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\$@sdntvt_optimize.tmp Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\$@sdntvt_optimize.tmp Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\terraa\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Vi prego di volermi dare delle giuste dritte, se no mi vedrò costretto a formattare e l'idea non mi piace affatto.

Vorrei aggiungere una cosa: questo virus è la deblacle di tutti quelli che producono antivirus.
Grazie a tutti - resto in attesa

da **crazy.cat** » ven feb 22, 2008 11:53 am

lan@celot ha scritto:Cliccando su “here” si apre Avenger non zippato e si installa immediatamente.
Questa è già una soluzione (funzionava fino a tre minuti fa).

Il problema è che non funziona con tutte le varianti del virus, alcune appena apri il file zip riescono a danneggiare avanger rendendolo inutile.
Per quello abbiamo messo a disposizione una versione modificata che per il momento riesce a resistere agli attacchi.

Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330

Scarica Avenger http://www.MegaLab.it/forum/viewtopic.p ... 172#325172
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto: Files to delete: C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe C:\WINDOWS\system32\trusted.exe C:\WINDOWS\system32\drivers\pci32.sys C:\windows\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe C:\avenger\backup-20.02.2008-23.53.26,60.zip C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped folders to delete: c:\WINDOWS\system32\drivers\down C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VK7231RF C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8 C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25 C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA registry keys to delete: HKLM\SYSTEM\CurrentControlSet\Services\srosa HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà e prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.

Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.

da **lan@celot** » ven feb 22, 2008 1:20 pm

Grazie faccio subito la prova ma mi sono sempre dimenticato di riferire che io ho avuto anche il blocco del lettrore DVD e del masterizzatore che non leggono più i supporti. Anche la chiavetta USB non funziona più.
E' successo a qualcun altro?
Ho guardato nel BIOS ma è tutto a posto e anche da "proprietà" di gestione risorse i drivers appaiono in ordine.
Volevo dire un'ultima cosa: se non dovesse funzionare la cancellazione dei files con Avenger (per es. non si installa l'antivirus perché risulta file di Win32 non valido), c'è qualcos'altro che posso tentare o devo formattare ?
Grazie ancora

da **crazy.cat** » ven feb 22, 2008 1:33 pm

lan@celot ha scritto:E' successo a qualcun altro?

No.
Risolviamo prima il virus e poi, in caso, apri una discussione a parte nella sezione hardware.

lan@celot ha scritto:Volevo dire un'ultima cosa: se non dovesse funzionare la cancellazione dei files con Avenger (per es. non si installa l'antivirus perché risulta file di Win32 non valido)

Intanto prova a farlo, per il momento è quasi sempre andata bene.

Per il file win32 non valido dovrai

crazy.cat ha scritto:Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.

da **lan@celot** » ven feb 22, 2008 4:59 pm

Ho reinstallato Kaspersky ma, al solito, non parte "file win32.exe" non valido.
Questo è il logfile di Avenger che ha impiegato più tempo del solito nell'esecuzione e mi ha fatto sperare.
Il PC non si avvia in modalità provvisoria.
Non mi resta che formattare?
Grazie a tutti

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aaipmmdn

*******************

Script file located at: \??\C:\Documents and Settings\ijbqlcgk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.

File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.

File C:\avenger\backup-20.02.2008-23.53.26,60.zip not found!
Deletion of file C:\avenger\backup-20.02.2008-23.53.26,60.zip failed!

Could not process line:
C:\avenger\backup-20.02.2008-23.53.26,60.zip
Status: 0xc0000034

File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped not found!
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.jw skipped
Status: 0xc0000034

Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VK7231RF deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8 deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25 deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **crazy.cat** » ven feb 22, 2008 5:34 pm

Mio errore nel fare lo script, riprova questo e poi riscarica kaspersky

Codice: Seleziona tutto: Files to delete: C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe C:\WINDOWS\system32\trusted.exe C:\windows\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe C:\avenger\backup-20.02.2008-23.53.26,60.zip C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe folders to delete: c:\WINDOWS\system32\drivers\down C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VK7231RF C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8 C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25 C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA registry keys to delete: HKLM\SYSTEM\CurrentControlSet\Services\srosa HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

da **lan@celot** » ven feb 22, 2008 7:17 pm

Rimando il listato di avenger dopo le modifiche.
Non ha trovato Googletoolbarnotifier - che è uno spyware - perché l'avevo cancellata da regedit - voce per voce.

Adesso Internet riparte a razzo mentre prima era lentissimo. Ho anche reinstallato la barra di Google che cancellando i valori di registro era sparita(e solo quella).
Quello che non trova è
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Però vedo che hdlrrr e arosa si riformano sempre perché li cancella ogni volta.

Kaspersky non ne vuole sapere di installarsi sempre per il win32.exe non valido.

Ho trovato un programma free che si chiama Superantispyware che si è installato (per es. Spybot S&D non funziona per lo stesso motivo di win32 non valido) che inizia la scansione, ad un certo punto dice di aver trovato 25 traking cookies ed a quel punto avviene un crash del sistema, con riavvio.
Bei misteri
Grazie ancora. Se hai qualche altra idea te ne sono grato. Non ho troppa voglia di formattare.
Allego il nuovo listato di avenger.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vrdcqtea

*******************

Script file located at: \??\C:\WINDOWS\uqlvyaac.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.

File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.

File C:\avenger\backup-20.02.2008-23.53.26,60.zip not found!
Deletion of file C:\avenger\backup-20.02.2008-23.53.26,60.zip failed!

Could not process line:
C:\avenger\backup-20.02.2008-23.53.26,60.zip
Status: 0xc0000034

Could not open file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe for deletion
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc000003a

Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VK7231RF deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8 deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25 deleted successfully.
Folder C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

da **ste_95** » ven feb 22, 2008 7:32 pm

Disabilita il ripristino configurazione di sistema.

Crea il MegaLabCD e fai il boot da quello all'avvio. Dopo che lo hai avviato apri il menù Start -> Gestione Risorse -> A43 Management. Elimina ora i seguenti file e cartelle dal disco C:\ come se fossi nel tuo computer:

C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\VK7231RF
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\UX1WA1UX
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\TXWF9BK8
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\MOVW355V
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LXWYXECM
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\LUHYF8RD
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\G1ZGGH25
C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\7P71D2ZA
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Miraccomando, non tralasciarne nessuno, altrimenti al riavvio sarai punto da capo!
NB: Alcuni file potrebbero non essere presenti.

Poi da Start -> Registro -> Remote Regedit e cancella le seguenti chiavi come se fossi all'interno del registro configurazione di Windows:

HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Torna in modalità normale e prova a installare un antivirus.

da **lan@celot** » sab feb 23, 2008 11:27 am

Intanto più che grazie per la tua cortesia e sollecitudine.
Nell'attesa di leggere la tua risposta e dopo aver - per l'ennesima volta - installato Kaspersky senza successo, gironzolando nel forum vedo una statistica degli antivirus più votati. Vedo che Avira va forte e per fare qualcosa, scarico ed installo la versione free (che a quanto pare non è più free) e la faccio andare.
Intanto questo antivirus ha una funzione che impedisce a virus, worm ecc. di bloccarne il funzionamento.
Ebbene e per farla breve: ha trovato e rimosso ben 215 schifezze che erano quelle responsabili - insieme a molti tipi di Bagle - del malfunzionamnto del PC e tutto si è messo a funzionare perfettamente.
Dopo ho scaricato SpyBot S&D, che questa volta si è finalmente installato anche lui, che a sua volta ha trovato 1 altro worm Bagle.
Adesso funzionano il masterizzatore ed il lettore ed anche la chiavetta USB. I programmi sono tornati arzilli così come internet.
Io mi ritengo mediamente esperto però ho notato che anche per la fatica (ci sono voluti quattro giorni e tantissime ore davanti al computer) si può sbagliare nell'eseguire tutte le procedure.
Senza voler fare complimenti trovo che i tuoi consigli siano chiarissimi e utilizzabili anche da persone con la mia normale esperienza.
Alla fin fine una considerazione:
Forse io sono stato fortunato ma, come prima cosa, si potrebbe provare con AntiVir: se va male allora iniziare tutta la procedura.
Comunque grazie di cuore - senza il tuo persistente sostegno non ce l'avrei fatta - e se passi da Messina sai come trovarmi.
Ciao

da **ste_95** » sab feb 23, 2008 11:29 am

lan@celot ha scritto:Forse io sono stato fortunato ma, come prima cosa, si potrebbe provare con AntiVir: se va male allora iniziare tutta la procedura.

E' questa la cosa strana, teoricamente non avrebbe neanche dovuto installarsi [boh]

da **lan@celot** » sab feb 23, 2008 11:40 am

E' vero, però la funzione che impedisce a virus, worm ecc. di bloccarne il funzionamento è l'unico antivirus che ce l'ha e che sembra l'uovo di colombo per combattere questo tipo di infezione. Altrimenti è assurdo - e ne fa perdere la funzione precipua - che un antivirus si faccia bloccare .......dal virus.
ciao

da **ste_95** » sab feb 23, 2008 11:43 am

Forse ho capito. Quando avevi riprovato a reinstallare Kaspersky, avevi riscaricato l'installer?

da **lan@celot** » sab feb 23, 2008 11:47 am

Ho rifatto una scansione con AntiVir accendendo anche un Hard Disk esterno Firewire dove faccio i bakup: anche lì ha trovato altre due cose.
Ti invio, se può servire il listato

AntiVir PersonalEdition Classic
Report file date: sabato 23 febbraio 2008 10:40

Scanning for 1120425 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: USER-OTPGR72U5N

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:37:03
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:37:03
ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 18:37:03
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 22/02/2008 18:37:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/02/2008 18:37:04
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: O:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: sabato 23 febbraio 2008 10:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'SYSDOC32.EXE' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'carpserv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
Scan process 'NOPDB.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'O:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Dati>
Begin scan in 'E:\' <Personale Angelo>
Begin scan in 'F:\' <Maxtor 250A>
Begin scan in 'G:\' <Maxtor 250B>
Begin scan in 'H:\' <Editing >
Begin scan in 'O:\' <Volume>
O:\Documenti C\Angelo\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\adJS.jar-76eee0b6-61108ae9.zip
[0] Archive type: ZIP
-->

HiPointInstallShieldJS.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
[INFO] The file was deleted!
O:\Documenti C\Angelo\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eJS.jar-59f3d009-621c830f.zip
[0] Archive type: ZIP
-->

HiPointInstallShieldJS.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
[INFO] The file was deleted!

End of the scan: sabato 23 febbraio 2008 11:37
Used time: 56:59 min

The scan has been done completely.

9416 Scanning directories
424470 Files were scanned
0 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
424470 Files not concerned
4031 Archives were scanned
2 Warnings
0 Notes

da **ste_95** » sab feb 23, 2008 11:51 am

Nulla di pericoloso, non era Bagle.

Forse ho capito. Quando avevi riprovato a reinstallare Kaspersky, avevi riscaricato l'installer?

www.MegaLab.it

virus Bagle

virus Bagle

Re: virus Bagle

Chi c’è in linea