Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bagle(?!?)

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Bagle(?!?)

Messaggioda RaFFoLo » dom ott 26, 2008 3:34 pm

Problemino che si presenta da qualche giorno...

1) Avira e comodo hanno cominciato a divenire moooolto instabili;

2) Se tento di avviare una scansione antivirus/antispyware/antimalware o chi per essa, dopo una decina di minuti, lo schermo diventa nero ed il pc si riavvia. Stessa cosa con Kaspersky Online;

3) Gmer non mi ha rilevato nulla;

4) Non so dove sbattere la testa... Consigli?;
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"
Top

Re: Bagle(?!?)

Messaggioda Amantide » dom ott 26, 2008 3:38 pm

Non è detto che sia un problema virale [uhm]
Intanto scarica il ComboFix da qui ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.
E guarda anche se c'è qualcosa di sospetto nel registro eventi.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: Bagle(?!?)

Messaggioda RaFFoLo » mar ott 28, 2008 10:29 am

In effetti non avevo provato combofix, sebbene lo avessi già sul pc [:D]
Comunque, dopo averne seguito tutta la procedura, tra errori di puntamento nel file "xxx" - tipici di virus e affini - mi sono finalmente convinto e ho reinstallato xp; ho scansionato il pc con la ricerca malware del comodo - 96 file infetti - e dell'avg, che però non è riuscita a terminare, forse perché era già attiva quella del comodo, non saprei [acc2]

Per adesso, la situazione è stazionaria. Ho temuto il peggio, quando al logon di xp, mi da va errore in svchost.exe e winlogon.exe, che tempo addietro risaliva a un infezione da bagle...

La storia è conclusa con: avevo tutti i peggiori virus/trojan, ma non il bagle... Meglio così, in fin dei conti [rotolo]

Grazie mille della risposta ^^
Ciao!!
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"
Top

Re: Bagle(?!?)

Messaggioda RaFFoLo » mar ott 28, 2008 6:43 pm

Questo è quanto riporta ComboFix:

ComboFix 08-10-25.01 - RAFFAELE 2008-10-27 11.53.30.1 - NTFSx86

Eseguito da: C:\Documents and Settings\RAFFAELE.CELERON\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\RAFFAELE.CELERON\Impostazioni locali\Temporary Internet Files\SuggestedSites.dat
C:\InfoSat.txt
C:\services.exe
C:\WINXP\Downloaded Program Files\setup.inf
C:\WINXP\IE4 Error Log.txt
C:\WINXP\system32\drivers\npf.sys
C:\WINXP\system32\Packet.dll
C:\WINXP\system32\pthreadVC.dll
C:\WINXP\system32\WanPacket.dll
C:\WINXP\system32\wfxhelp22.dll
C:\WINXP\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Creati Da 2008-09-27 al 2008-10-27 )))))))))))))))))))))))))))))))))))
.

2008-10-27 11:32 . 2008-10-27 11:32 <DIR> d-------- C:\VundoFix Backups
2008-10-26 18:34 . 2008-10-26 18:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-26 15:28 . 2008-10-26 15:28 97,928 --a------ C:\WINXP\system32\drivers\avgldx86.sys
2008-10-26 15:28 . 2008-10-26 15:28 10,520 --a------ C:\WINXP\system32\avgrsstx.dll
2008-10-26 15:27 . 2008-10-27 11:24 <DIR> d-------- C:\WINXP\system32\drivers\Avg
2008-10-26 14:52 . 2008-10-26 14:52 <DIR> d-------- C:\Programmi\AVG
2008-10-26 14:35 . 2008-10-26 14:35 <DIR> d-------- C:\20cf4a28cdb0ac3719
2008-10-26 14:31 . 2007-09-17 15:53 21,632 --a------ C:\WINXP\system32\drivers\pccsmcfd.sys
2008-10-26 14:19 . 2008-10-26 18:46 1,488 --a------ C:\WINXP\Sandboxie.ini
2008-10-26 13:14 . 2008-10-27 12:14 1,897,760 --ahs---- C:\WINXP\system32\drivers\fidbox.dat
2008-10-26 13:14 . 2008-10-27 12:14 29,144 --ahs---- C:\WINXP\system32\drivers\fidbox.idx
2008-10-26 13:12 . 2008-10-26 13:12 <DIR> d--hs---- C:\found.000
2008-10-26 11:20 . 2008-07-09 09:05 75,248 --a------ C:\WINXP\zllsputility.exe
2008-10-26 11:20 . 2008-07-09 09:05 54,672 --a------ C:\WINXP\system32\vsutil_loc0410.dll
2008-10-26 11:20 . 2008-07-09 09:05 42,384 --a------ C:\WINXP\zllsputility_loc0410.dll
2008-10-26 11:20 . 2008-07-09 09:05 21,904 --a------ C:\WINXP\system32\imsinstall_loc0410.dll
2008-10-26 11:20 . 2008-07-09 09:05 17,808 --a------ C:\WINXP\system32\imslsp_install_loc0410.dll
2008-10-26 11:20 . 2004-04-27 04:40 11,264 --a------ C:\WINXP\system32\SpOrder.dll
2008-10-26 11:20 . 2008-10-26 13:51 4,212 ---h----- C:\WINXP\system32\zllictbl.dat
2008-10-26 11:19 . 2008-10-26 11:19 <DIR> d-------- C:\Programmi\Zone Labs
2008-10-25 18:56 . 2008-10-27 12:59 <DIR> d-------- C:\WINXP\Internet Logs
2008-10-25 17:51 . 2008-10-25 17:51 <DIR> d-------- C:\Programmi\BillP Studios
2008-10-25 13:35 . 2008-10-25 13:35 <DIR> d-------- C:\73b2a9a6476110240c12cb40
2008-10-25 11:48 . 2008-10-25 16:02 <DIR> d-------- C:\Documents and Settings\RAFFHELL\Contacts
2008-10-25 11:42 . 2007-11-21 16:30 <DIR> d--h----- C:\Documents and Settings\RAFFHELL\Risorse di stampa
2008-10-25 11:42 . 2007-11-21 16:30 <DIR> d--h----- C:\Documents and Settings\RAFFHELL\Risorse di rete
2008-10-25 11:42 . 2008-10-25 11:43 <DIR> dr------- C:\Documents and Settings\RAFFHELL\Preferiti
2008-10-25 11:42 . 2007-11-21 15:38 <DIR> d--h----- C:\Documents and Settings\RAFFHELL\Modelli
2008-10-25 11:42 . 2007-11-21 16:30 <DIR> dr------- C:\Documents and Settings\RAFFHELL\Menu Avvio
2008-10-25 11:42 . 2008-10-27 12:05 <DIR> d--h----- C:\Documents and Settings\RAFFHELL\Impostazioni locali
2008-10-25 11:42 . 2008-10-25 16:04 <DIR> dr------- C:\Documents and Settings\RAFFHELL\Documenti
2008-10-25 11:42 . 2008-10-25 16:39 <DIR> dr-h----- C:\Documents and Settings\RAFFHELL\Dati applicazioni
2008-10-25 11:42 . 2008-10-26 15:28 <DIR> d-------- C:\Documents and Settings\RAFFHELL
2008-10-24 23:34 . 2008-10-24 23:34 0 --a------ C:\ARK2.tmp
2008-10-23 21:27 . 2008-10-23 21:27 <DIR> d-------- C:\Programmi\Artificial Dynamics
2008-10-23 20:57 . 2008-10-26 14:19 <DIR> d-------- C:\Programmi\Sandboxie
2008-10-23 20:44 . 2008-10-23 20:44 206 --a------ C:\WINXP\EurekaLog.ini
2008-10-23 20:08 . 2008-10-23 20:08 <DIR> d-------- C:\Programmi\DAEMON Tools
2008-10-22 06:15 . 2008-10-22 06:18 <DIR> d-------- C:\Documents and Settings\RAFFAELE.CELERON\EurekaLog
2008-10-21 19:28 . 2008-10-21 19:28 <DIR> d-------- C:\Programmi\Gnokii
2008-10-21 15:06 . 2008-10-21 15:06 <DIR> d-------- C:\Programmi\Microsoft Phone Data Manager
2008-10-19 11:24 . 2008-10-19 11:24 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-10-18 23:09 . 2008-05-07 06:39 1,419,232 --a------ C:\WINXP\system32\wdfcoinstaller01005.dl_
2008-10-18 22:17 . 2008-05-07 06:38 90,624 --a------ C:\WINXP\system32\nmwcdcls.dll
2008-10-18 21:56 . 2008-10-18 21:56 19 --a------ C:\WINXP\SoundConverter.INI
2008-10-17 19:56 . 2008-10-17 20:31 <DIR> d-------- C:\Programmi\Jetico
2008-10-17 19:02 . 2008-10-17 19:06 19,911,383 --a------ C:\WINXP\system32\KBHWM
2008-10-16 13:12 . 2008-10-16 13:12 268 --ah----- C:\sqmdata18.sqm
2008-10-16 13:12 . 2008-10-16 13:12 244 --ah----- C:\sqmnoopt18.sqm
2008-10-15 18:04 . 2008-10-24 21:13 593 --a------ C:\WINXP\imsins.BAK
2008-10-15 17:40 . 2008-09-15 16:24 1,846,400 --------- C:\WINXP\system32\dllcache\win32k.sys
2008-10-15 17:26 . 2008-09-08 11:41 333,824 --------- C:\WINXP\system32\dllcache\srv.sys
2008-10-15 11:57 . 2008-10-15 11:59 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-10-14 21:41 . 2008-10-14 21:41 <DIR> d-------- C:\Programmi\K-Lite Codec Pack
2008-10-04 17:13 . 2008-10-04 17:16 <DIR> d-------- C:\Programmi\ACE-HIGH MP3 WAV WMA OGG Converter
2008-10-04 17:13 . 2001-08-08 20:00 40,960 --a------ C:\WINXP\system32\DGPNorm.ocx
2008-10-04 16:48 . 2008-10-04 16:48 <DIR> d-------- C:\Programmi\TagScanner
2008-10-03 05:33 . 2008-10-16 13:13 <DIR> d-------- C:\Documents and Settings\BABBO.CELERON\Contacts
2008-09-29 00:50 . 2008-10-09 17:21 <DIR> d-------- C:\WINXP\system32\inf32
2008-09-29 00:50 . 2008-10-09 17:30 <DIR> d-------- C:\Programmi\GPSoftware
2008-09-28 19:11 . 2008-10-24 19:39 <DIR> d-------- C:\Programmi\XnView
2008-09-28 17:14 . 2008-09-28 17:14 268 --ah----- C:\sqmdata16.sqm
2008-09-28 17:14 . 2008-09-28 17:14 244 --ah----- C:\sqmnoopt16.sqm
2008-09-28 17:14 . 2008-09-28 17:14 136 --ah----- C:\sqmnoopt17.sqm
2008-09-28 17:14 . 2008-09-28 17:14 136 --ah----- C:\sqmdata17.sqm
2008-09-28 16:00 . 2008-09-30 20:12 <DIR> d-------- C:\Documents and Settings\BABBO.CELERON\Tracing
2008-09-28 13:27 . 2008-09-28 13:27 <DIR> d-------- C:\Programmi\Oxygen
2008-09-28 06:12 . 2008-10-03 05:46 <DIR> d-------- C:\Programmi\Opera
2008-09-27 20:19 . 2008-09-27 20:19 <DIR> d-------- C:\Programmi\JPEG Collager
2008-09-27 20:15 . 2008-09-27 20:15 <DIR> d-------- C:\Programmi\WPanorama
2008-09-27 13:16 . 2008-09-27 13:16 <DIR> d-------- C:\Programmi\TrueLaunchBar
2008-09-27 13:11 . 2008-09-28 09:53 <DIR> d-------- C:\Programmi\ShellExView
2008-09-27 13:11 . 2008-09-27 13:11 39,424 --a------ C:\WINXP\zipinst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 11:14 1,585,664 ----a-w C:\WINXP\Internet Logs\xDB1.tmp
2008-10-27 05:25 --------- d-----w C:\Programmi\WinAmp
2008-10-26 18:56 --------- d-----w C:\Programmi\PeerGuardian2
2008-10-26 18:47 --------- d-----w C:\Programmi\eMule Applejuice
2008-10-26 18:37 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-10-26 14:28 --------- d-----w C:\Programmi\AdunanzA
2008-10-26 14:07 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-10-26 13:25 3,662 --sha-w C:\WINXP\system32\KGyGaAvL.sys
2008-10-25 17:23 --------- d-----w C:\Programmi\Comodo
2008-10-25 11:27 --------- d-----w C:\Programmi\ATI Technologies
2008-10-25 11:08 --------- d-----w C:\Programmi\RocketDock
2008-10-25 10:35 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-10-24 18:56 --------- d-----w C:\Programmi\Corel
2008-10-24 18:27 --------- d-----w C:\Programmi\File comuni\Corel
2008-10-23 14:31 --------- d-----w C:\Programmi\Nero
2008-10-22 17:37 --------- d-----w C:\Programmi\File comuni\Nokia
2008-10-21 14:15 --------- d-----w C:\Programmi\Oxygen Software
2008-10-21 07:50 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-10-19 12:10 355,584 ----a-w C:\WINXP\system32\TuneUpDefragService.exe
2008-10-19 10:24 --------- d-----w C:\Programmi\QuickTime
2008-10-19 10:23 --------- d-----w C:\Programmi\Apple Software Update
2008-10-18 21:11 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-10-15 16:36 337,408 ----a-w C:\WINXP\system32\dllcache\netapi32.dll
2008-10-11 12:29 --------- d-----w C:\Programmi\Er Finestra
2008-10-02 19:11 --------- d-----w C:\Programmi\Windows Live
2008-09-28 08:53 --------- d-----w C:\Programmi\RadarSync
2008-09-28 08:53 --------- d-----w C:\Programmi\Fast Explorer
2008-09-28 08:00 --------- d-----w C:\Programmi\Virtual Earth 3D
2008-09-26 17:56 --------- d-----w C:\Programmi\DreaMule
2008-09-24 18:00 304,160 ----a-w C:\StiImg.dat
2008-09-24 05:12 --------- d-----w C:\Programmi\GetRight
2008-09-23 13:43 --------- d-----w C:\Programmi\OfficePowerT
2008-09-23 13:24 --------- d-----w C:\Programmi\LopeSoft
2008-09-22 19:43 --------- d-----w C:\Programmi\Windows Sidebar
2008-09-21 16:23 33,856 ----a-w C:\WINXP\system32\drivers\oreans32.sys
2008-09-20 16:00 --------- d-----w C:\Programmi\DriverGuide Toolkit
2008-09-19 10:29 --------- d-----w C:\Programmi\OutlookFiller
2008-09-19 10:25 --------- d-----w C:\Programmi\Microsoft Office Outlook Connector
2008-09-18 13:20 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-09-16 23:04 --------- d-----w C:\Programmi\Spegni Pc
2008-09-16 22:13 6,583,808 ----a-w C:\WINXP\system32\logonuiX.exe
2008-09-16 13:13 --------- d-----w C:\Programmi\File comuni\stardock
2008-09-16 12:19 --------- d-----w C:\Programmi\LinVista
2008-09-15 23:02 7,840 ----a-w C:\WINXP\system32\mcdmsg5.dll
2008-09-15 15:24 1,846,400 ----a-w C:\WINXP\system32\win32k.sys
2008-09-15 12:02 --------- d-----w C:\Programmi\HyperSnap 6
2008-09-15 10:59 --------- d-----w C:\Programmi\ViStart
2008-09-14 22:01 --------- d-----w C:\Programmi\AltSwitch
2008-09-14 20:39 --------- d-----w C:\Programmi\Xentient
2008-09-14 18:50 --------- d-----w C:\Programmi\Talisman 3
2008-09-14 11:14 --------- d-----w C:\Programmi\Java
2008-09-13 21:39 --------- d-----w C:\Programmi\Serials 2005
2008-09-13 07:37 --------- d-----w C:\Programmi\Alky for Applications
2008-09-12 19:51 --------- d-----w C:\Programmi\Universal Extractor
2008-09-12 17:31 --------- d-----w C:\Programmi\smartision
2008-09-12 14:00 95,888 ----a-w C:\WINXP\system32\drivers\VBoxDrv.sys
2008-09-12 14:00 41,680 ----a-w C:\WINXP\system32\drivers\VBoxUSBMon.sys
2008-09-12 13:08 --------- d-----w C:\Programmi\CCleaner
2008-09-12 10:50 --------- d-----w C:\Programmi\Andy Warhol Replicator
2008-09-12 10:46 --------- d-----w C:\Programmi\TeraCopy
2008-09-12 10:22 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-09-12 09:29 --------- d-----w C:\Programmi\Windows Desktop Search
2008-09-12 08:38 --------- d-----w C:\Programmi\IMAPSize
2008-09-12 00:19 --------- d-----w C:\Programmi\MSECACHE
2008-09-11 14:40 --------- d-----w C:\Programmi\Creative
2008-09-11 13:24 685,816 ----a-w C:\WINXP\system32\drivers\sptd.sys
2008-09-11 08:44 --------- d-----w C:\Programmi\Microsoft.NET
2008-09-08 10:41 333,824 ----a-w C:\WINXP\system32\drivers\srv.sys
2008-09-07 10:36 --------- d-----w C:\Programmi\Stardock
2008-09-01 21:12 --------- d-----w C:\Programmi\WinHTTrack
2008-09-01 21:09 --------- d-----w C:\Programmi\WebSite eXtractor
2008-08-30 16:53 --------- d-----w C:\Programmi\IconForge7
2008-08-29 16:12 85 ----a-w C:\587.bat
2008-08-28 17:46 --------- d-----w C:\Programmi\ActivIcons
2008-08-28 15:25 --------- d-----w C:\Programmi\Microsoft Tablet PC Platform SDK
2008-08-28 09:07 25,992 ----a-w C:\WINXP\system32\pgdfgsvc.exe
2008-08-28 01:38 --------- d-----w C:\Programmi\SoftwareDoctor
2008-08-27 17:33 --------- d-----w C:\Programmi\Styler
2008-08-22 01:16 637,984 ----a-w C:\WINXP\system32\dllcache\iexplore.exe
2008-08-22 01:09 5,699,584 ----a-w C:\WINXP\system32\dllcache\mshtml.dll
2008-08-22 01:08 878,592 ----a-w C:\WINXP\system32\wininet.dll
2008-08-22 01:08 878,592 ----a-w C:\WINXP\system32\dllcache\wininet.dll
2008-08-22 01:08 43,008 ----a-w C:\WINXP\system32\licmgr10.dll
2008-08-22 01:08 43,008 ----a-w C:\WINXP\system32\dllcache\licmgr10.dll
2008-08-22 01:08 236,544 ----a-w C:\WINXP\system32\dllcache\webcheck.dll
2008-08-22 01:08 1,206,784 ----a-w C:\WINXP\system32\dllcache\urlmon.dll
2008-08-22 01:07 755,200 ----a-w C:\WINXP\system32\dllcache\vgx.dll
2008-08-22 01:07 193,536 ----a-w C:\WINXP\system32\dllcache\msrating.dll
2008-08-22 01:07 116,224 ----a-w C:\WINXP\system32\dllcache\occache.dll
2008-08-22 01:07 105,984 ----a-w C:\WINXP\system32\dllcache\url.dll
2008-08-22 01:05 70,656 ----a-w C:\WINXP\system32\dllcache\mshtmled.dll
2008-08-22 01:05 630,272 ----a-w C:\WINXP\system32\dllcache\mstime.dll
2008-08-22 01:05 48,640 ------w C:\WINXP\system32\PrivacIE.dll
2008-08-22 01:05 48,128 ----a-w C:\WINXP\system32\mshtmler.dll
2008-08-22 01:05 48,128 ----a-w C:\WINXP\system32\dllcache\mshtmler.dll
2008-08-22 01:05 45,056 ----a-w C:\WINXP\system32\dllcache\pngfilt.dll
2008-08-22 01:05 35,840 ----a-w C:\WINXP\system32\imgutil.dll
2008-08-22 01:05 35,840 ----a-w C:\WINXP\system32\dllcache\imgutil.dll
2008-08-22 01:05 346,624 ----a-w C:\WINXP\system32\dllcache\dxtmsft.dll
2008-08-22 01:05 217,088 ----a-w C:\WINXP\system32\dllcache\dxtrans.dll
2008-02-08 04:50 8 --sh--r C:\WINXP\system32\1594771C56.sys
2007-11-21 16:24 8 --sh--r C:\WINXP\system32\1F0A4024D5.sys
2008-05-02 17:19 32,768 --sha-w C:\WINXP\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050220080503\index.dat
.
Codice: Seleziona tutto
<pre>
----a-w        10,011,784 2003-05-07 14:07:00  C:\Documenti\RAFFAELE\Programmi\Microsoft and 3rd Parts\Windows Media\WM Encoder (9 and above) .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"AltSwitch"="C:\Programmi\AltSwitch\AltSwitch.exe" [2008-09-14 23:01 334654]
"xkill4win"="C:\Documenti\RAFFAELE\Da sistemare\xkill4win-0.0.1_alpha2.bin\xkill4win-0.0.1_alpha2.bin\Xkill4win.exe" [2006-07-18 21:46 542720]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-09-02 12:58 495616]
"Directory Opus Desktop Dblclk"="C:\Programmi\GPSoftware\Directory Opus\dopusrt.exe" [2008-02-23 14:12 275952]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [2008-04-13 18:14 15360]
"SandboxieControl"="C:\Programmi\Sandboxie\SbieCtrl.exe" [2008-09-02 13:33 716800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"AVG8_TRAY"="C:\PROGRA~3\AVG\AVG8\avgtray.exe" [2008-10-26 15:27 1234712]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2008-08-04 00:02 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 18:14 110592 C:\WINXP\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [2008-04-13 18:14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-22 02:06 128512 C:\WINXP\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)


Tuttavia, anche nella nuova installazione di xp, nessun antivirus riesce a completare la sua scansione e si riavvia... Provato con Avira, Avg, ClamAv, ZoneAlarm.
A 'sto punto, non saprei dire di che infezioni si tratti... Potrei risolvere qualcosa con avenger? Magari con qualche stringa ben impostata, sapendo quali sono esattamente i file infetti/danneggiati o cos'altro...
Powered by AMD Athlon II X2 3 Ghz | Geforce 8300 | 2 gb DDR-2 1000 Mhz | 300 Gb ATA-100 | Via HD Audio | Windows Seven x64 / OpenSUSE 11
Avatar utente
RaFFoLo
Silver Member
Silver Member
 
Messaggi: 1144
Iscritto il: dom ago 19, 2007 3:16 pm
Località: "(Un)eXPerienced Land"
Top

Re: Bagle(?!?)

Messaggioda Amantide » mar ott 28, 2008 7:42 pm

Scarica The Avenger, estrailo in una cartella ed avvia il file avenger.exe.
Incolla il seguente spript nello spazio bianco sotto alla voce Input script here, togli la spunta alla voce Scan for rootkits e clicca su Execute.

Codice: Seleziona tutto
Files to delete:

C:\ARK2.tmp
C:\WINXP\system32\drivers\oreans32.sys
C:\WINXP\system32\1594771C56.sys
C:\WINXP\system32\1F0A4024D5.sys


Il pc dovrebbe riavviarsi, se così non fosse, riavvialo manualmente.
Al riavvio dovrebbe apparire il log avenger.txt, posta qui il suo contenuto.

Controlla i seguenti file su http://www.virustotal.com
Codice: Seleziona tutto
C:\WINXP\system32\mcdmsg5.dll
C:\587.bat
C:\WINXP\system32\DGPNorm.ocx


Sai che cartelle sono queste?
Codice: Seleziona tutto
C:\73b2a9a6476110240c12cb40
C:\20cf4a28cdb0ac3719


Postami lo stesso i log Autostart e Rootkit di Gmer.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising