Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Giona Rotanzi\Documenti\BitTorrent Downloads\Pro.Evolution.Soccer.6.Crack+Iso.Torrent.rar
C:\Documents and Settings\Giona Rotanzi\Documenti\File ricevuti\linerider-undo.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Programmi\BitDownload\ZM\minime.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\verifier32.dll
Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\Giona Rotanzi\Dati applicazioni\Joy store type
Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Fred ha scritto:Disabilita il ripristino configurazione di sistema.
Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:
- Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Giona Rotanzi\Documenti\BitTorrent Downloads\Pro.Evolution.Soccer.6.Crack+Iso.Torrent.rar
C:\Documents and Settings\Giona Rotanzi\Documenti\File ricevuti\linerider-undo.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Programmi\BitDownload\ZM\minime.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\verifier32.dll
Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\Giona Rotanzi\Dati applicazioni\Joy store type
Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
P.S.: Chiedo scusa a Ste_95 per avergli copiato la guida
Fred ha scritto:I virus hanno più o meno sempre la stessa struttura, se è beagle, questo lo fa fuori (almeno dovrebbe)
ste_95 ha scritto:Fred ha scritto:I virus hanno più o meno sempre la stessa struttura, se è beagle, questo lo fa fuori (almeno dovrebbe)
Assolutamente no. Se fai caso negli script che io e crazy.cat costruiamo, vedrai che sono sempre diversi, pertanto è necessaria in primis la scansione online con Kaspersky.
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\Riccardo\azrpywif.exe
C:\Documents and Settings\Riccardo\Desktop\desktop1\Nuova cartella (2)\Whois 2.5.exe
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\3UUZCOMK\b64_31[1].jpg
C:\Documents and Settings\Riccardo\kgmvybsh.exe
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\3UUZCOMK\b64_31[2].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\3UUZCOMK\b64_31[3].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\9BX9AEUA\b64_31[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\A4XM97X0\b64_1[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\A85EA1S0\b64_1[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\GPG6ZM0R\b64_2[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\JCNXRKY2\b64_1[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\KIOL6N5B\b64_31[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\LGYOROUW\b64_2[1].jpg
C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\ZU4TQA7Q\b64_2[1].jpg
C:\Documents and Settings\Riccardo\vanlgyij.exe
C:\Documents and Settings\Riccardo\ywwsgwnq.exe
C:\Programmi\eMule\Incoming\BeeThink IP Address WhoIs 1.0.zip
C:\Programmi\eMule\Incoming\Active Whois plugin for Firefox 1.0.2.zip
C:\Programmi\eMule\Incoming\Whois 2.5.zip
C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
C:\Programmi\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Muestras
C:\Programmi\ShoppingReport
Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.
File "C:\windows\system32\drivers\hldrrr.exe" deleted successfully.
File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.
File "C:\Documents and Settings\Riccardo\azrpywif.exe" deleted successfully.
File "C:\Documents and Settings\Riccardo\Desktop\desktop1\Nuova cartella (2)\Whois 2.5.exe" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\3UUZCOMK\b64_31[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\kgmvybsh.exe" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\3UUZCOMK\b64_31[2].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\3UUZCOMK\b64_31[3].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\9BX9AEUA\b64_31[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\A4XM97X0\b64_1[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\A85EA1S0\b64_1[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\GPG6ZM0R\b64_2[1].jpg" deleted successfully.
Error: file "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\JCNXRKY2\b64_1[1].jpg" not found!
Deletion of file "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\JCNXRKY2\b64_1[1].jpg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\KIOL6N5B\b64_31[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\LGYOROUW\b64_2[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\Impostazioni locali\Temporary Internet Files\Content.IE5\ZU4TQA7Q\b64_2[1].jpg" deleted successfully.
File "C:\Documents and Settings\Riccardo\vanlgyij.exe" deleted successfully.
File "C:\Documents and Settings\Riccardo\ywwsgwnq.exe" deleted successfully.
File "C:\Programmi\eMule\Incoming\BeeThink IP Address WhoIs 1.0.zip" deleted successfully.
File "C:\Programmi\eMule\Incoming\Active Whois plugin for Firefox 1.0.2.zip" deleted successfully.
File "C:\Programmi\eMule\Incoming\Whois 2.5.zip" deleted successfully.
File "C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe" deleted successfully.
File "C:\Programmi\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide" deleted successfully.
Folder "C:\WINDOWS\system32\drivers\down" deleted successfully.
Folder "C:\Muestras" deleted successfully.
Folder "C:\Programmi\ShoppingReport" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Visitano il forum: Nessuno e 22 ospiti
megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising