Esegui Deve essere una nuova versione del virus...
Inoltre su task Manager non compare il file HLDRRR.exe, ma solamente il file WINEMP.exe
Ho Windows Xp Sp2
AIUTO!!!!
-
- Annuncio Pubblicitario
AIUTO PER IL TROJAN BAGLE
13 messaggi
• Pagina 1 di 1
AIUTO PER IL TROJAN BAGLE
da alexnofx » gio mar 06, 2008 7:55 pm
Deve essere una nuova versione del virus...
Inoltre su task Manager non compare il file HLDRRR.exe, ma solamente il file WINEMP.exe
Ho Windows Xp Sp2
AIUTO!!!!
-
alexnofx - Neo Iscritto
- Messaggi: 11
- Iscritto il: gio mar 06, 2008 7:51 pm
- Località: Simaxis (OR)
da ste_95 » gio mar 06, 2008 8:04 pm
Leggere e applicare fino in fondo:
http://www.MegaLab.it/forum/viewtopic.php?t=34966
http://www.MegaLab.it/forum/viewtopic.php?t=34966
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
da alexnofx » ven mar 07, 2008 11:21 am
ecco il log di Kaspersky..
Friday, March 07, 2008 11:19:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/03/2008
Kaspersky Anti-Virus database records: 605235
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
F:\
Scan Statistics
Total number of scanned objects 107966
Number of viruses found 3
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 07:02:04
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alex\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Cronologia\History.IE5\MSHist012008030620080307\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temp\~DF16D8.tmp Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temp\~DF16DD.tmp Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alex\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080306-191830.log Object is locked skipped
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Programmi\DAP\History\Alex\_lasthist.dat Object is locked skipped
C:\Programmi\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Programmi\PeerGuardian2\history.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S769EB6C5.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2gdr\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\c1c60e0ed5b3d23c2baea5a7885756c0\sp2gdr\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\c1c60e0ed5b3d23c2baea5a7885756c0\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
Friday, March 07, 2008 11:19:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/03/2008
Kaspersky Anti-Virus database records: 605235
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
F:\
Scan Statistics
Total number of scanned objects 107966
Number of viruses found 3
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 07:02:04
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alex\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Cronologia\History.IE5\MSHist012008030620080307\index.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temp\~DF16D8.tmp Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temp\~DF16DD.tmp Object is locked skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alex\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080306-191830.log Object is locked skipped
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Programmi\DAP\History\Alex\_lasthist.dat Object is locked skipped
C:\Programmi\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Programmi\PeerGuardian2\history.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S769EB6C5.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2gdr\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\c1c60e0ed5b3d23c2baea5a7885756c0\sp2gdr\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\c1c60e0ed5b3d23c2baea5a7885756c0\sp2qfe\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
-
alexnofx - Neo Iscritto
- Messaggi: 11
- Iscritto il: gio mar 06, 2008 7:51 pm
- Località: Simaxis (OR)
da crazy.cat » ven mar 07, 2008 11:27 am
Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330
Scarica Avenger nuova versione http://swandog46.geekstogo.com/avenger.zip
Se non dovesse funzionare (Applicazione non valida) utilizzate questi
http://www.MegaLab.it/forum/viewtopic.p ... 172#325172
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:
Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
Dopo prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.
Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.
http://www.MegaLab.it/2330
Scarica Avenger nuova versione http://swandog46.geekstogo.com/avenger.zip
Se non dovesse funzionare (Applicazione non valida) utilizzate questi
http://www.MegaLab.it/forum/viewtopic.p ... 172#325172
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:
- Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\trusted.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_2[1].jpg
C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_31[1].jpg
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
folders to delete:
c:\WINDOWS\system32\drivers\down
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
Dopo prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.
Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da crazy.cat » ven mar 07, 2008 11:40 am
Se stai usando la nuova versione di avenger prova ad usare la vecchia che trovi qui http://www.mediafire.com/?fhm3pr2292r
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da crazy.cat » ven mar 07, 2008 11:47 am
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla lo script nella box bianca che si è aperta:
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla lo script nella box bianca che si è aperta:
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da alexnofx » ven mar 07, 2008 11:55 am
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not initiate system shutdown.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ihxpbhkt
*******************
Script file located at: \??\C:\Documents and Settings\jgexgsss.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_31[1].jpg deleted successfully.
File C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe deleted successfully.
Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not initiate system shutdown.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ihxpbhkt
*******************
Script file located at: \??\C:\Documents and Settings\jgexgsss.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\Alex\Impostazioni locali\Temporary Internet Files\Content.IE5\EJ1HVDWM\b64_31[1].jpg deleted successfully.
File C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe deleted successfully.
Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
alexnofx - Neo Iscritto
- Messaggi: 11
- Iscritto il: gio mar 06, 2008 7:51 pm
- Località: Simaxis (OR)
da ste_95 » ven mar 07, 2008 1:54 pm
crazy.cat ha scritto:Dopo prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.
Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
da alexnofx » ven mar 07, 2008 2:25 pm
OK ho fatto come mi hai detto e ho potuto installare AntiVir PE Classic e Comodo Firewall.
ho anche eliminato le chiavi di registro menzionate nell articolo.
Adesso sto facendo una ulteriore scansione antivirus, mi ha trovato ancora qualche file infetto dal maledetto Bagle e un file infetto da JS/Iframe.F: cos'è?
Comunque grazie mille per il supporto!
ho anche eliminato le chiavi di registro menzionate nell articolo.
Adesso sto facendo una ulteriore scansione antivirus, mi ha trovato ancora qualche file infetto dal maledetto Bagle e un file infetto da JS/Iframe.F: cos'è?
Comunque grazie mille per il supporto!
-
alexnofx - Neo Iscritto
- Messaggi: 11
- Iscritto il: gio mar 06, 2008 7:51 pm
- Località: Simaxis (OR)
13 messaggi
• Pagina 1 di 1
Chi c’è in linea
Visitano il forum: Nessuno e 18 ospiti
megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising