Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bagle anche io...cavolacci

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Bagle anche io...cavolacci

Messaggioda leosurf » lun set 10, 2007 1:21 pm

Ciao Crazy,

ho letto un po di discussioni e credo di avermi preso bagle nel mio pc:

mi aiuti a capire come rimuoverlo?

Ti posto il log di Kaspersky:

KASPERSKY ONLINE SCANNER REPORT
Monday, September 10, 2007 1:30:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 10/09/2007
Kaspersky Anti-Virus database records: 410811
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\ANDREA~1.LEA\IMPOST~1\Temp\
Scan Statistics
Total number of scanned objects 17184
Number of viruses found 1
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:19:00

Infected Object Name Virus Name Last Action
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\exefld\283016.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\WINDOWS\exefld\347610487.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\WINDOWS\exefld\4232425.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Logfiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib6 Object is locked skipped
C:\WINDOWS\Temp\ib7 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_dc8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.

AIUTO PERFAVORE !!!

QUALE SCRIPT DEVOO USARE CON AVENGER?
Avatar utente
leosurf
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun set 10, 2007 12:54 pm
Top

Messaggioda crazy.cat » lun set 10, 2007 1:31 pm

Non fare il controllo solo della cartella windows ma di tutto il disco, i file infetti sono di solito sparsi in molti posti.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda leosurf » lun set 10, 2007 1:43 pm

Rilancio su tutto e riposto il log crazy !!!

Spero in un tuo aiuto per rimuoverlo...

Grazie.
Avatar utente
leosurf
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun set 10, 2007 12:54 pm
Top
Top

Messaggioda leosurf » mar set 11, 2007 7:43 am

Ecco il log definitivo, mi aiuti ora crazy? Grazie.

KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 11, 2007 8:43:05 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 10/09/2007
Kaspersky Anti-Virus database records: 410811
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
H:\
Z:\
Scan Statistics
Total number of scanned objects 167604
Number of viruses found 5
Number of infected objects 20
Number of suspicious objects 0
Duration of the scan process 05:21:28

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\andrea.leandro\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\m\flec006.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\cert8.db Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\flashgot.log Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\formhistory.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\history.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\key3.db Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\parent.lock Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\search.sqlite Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\andrea.leandro\Dati applicazioni\URSoft\Your Uninstaller 2006\yu.log Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\default.18i\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Temporary Internet Files\Content.IE5\RAH41JFR\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.devo skipped
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Temporary Internet Files\Content.IE5\XIF5TQCU\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.devo skipped
C:\Documents and Settings\andrea.leandro\ntuser.dat Object is locked skipped
C:\Documents and Settings\andrea.leandro\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS018172CF-2F4C-4C53-9BBB-637594DB3879.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0475238D-6AE5-45C2-9237-2D6233ECD7A4.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS049CB773-097F-4209-94F6-A01D673445F5.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS05BAAADF-2D33-4B3E-BC7C-1E76E309AE64.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS07B298F3-97F5-48F9-899A-C3017F734754.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0E94947A-4179-4B71-A552-D7F59CECFBB3.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0ED19ABB-CE99-4610-9C6B-805D3B6A4FF8.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS149A2C55-CC89-4CAB-841E-FBF957292BFD.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1A1B165A-0F95-4226-B1CF-AB1A449AAF68.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1DF7E4B2-E069-4770-8FEA-BBE1989177F5.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1E2C3850-B484-4863-8165-777B11BC1ECE.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS21550BD0-7909-4A6C-A803-B3DA86A6AC98.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS23CCDBD1-FE30-4DA2-872B-399326D018BA.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS268D6FC6-B3FA-40AD-99F5-0610C757E2CA.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2A2A328E-C2AA-4F00-A290-0DA540672450.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2BA9B8C4-9DE0-44CA-8B9A-7B1ACD15918F.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2DBEA686-A5A6-4578-8E9F-9585BD928195.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2E5B0EAF-496E-4203-BEB2-5429F670581B.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS36913AFE-91FE-4AD5-99D7-4F194C748D1B.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS3D3D4934-7927-4D15-87B5-1659DFDBB725.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS3DEF45EC-315D-461B-87B8-6B0F7B365F0C.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS420BD1EC-1622-4039-8FAF-74E86CDEFE01.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS42220E00-F4B6-4B21-AF6F-22A8720CF9BE.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS47688D16-D63F-4237-B6E3-0D5777A45FB5.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4F4805BA-DD74-4C16-8CC0-D28FAB2EA311.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4FDBFDFE-7D5B-4E9E-A6EE-813750018F5D.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS511940FE-8E1B-46C7-8E7B-17DB6FA6B5F5.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS55D9A68B-EB6D-4419-912C-DB02386DED2F.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS56947ECD-7784-4CA8-BD41-F55172E930E8.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5C4D41ED-063C-4DCF-B61D-0D6029E3696E.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5EA5BCD4-8AEA-4B13-86DA-3A17CE974922.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS648C5B81-166D-4EA8-B34E-D9D6343CE79F.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6E91A5E6-ED65-4A5A-B787-ED7C78382CC3.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS719ABAFF-30EC-4618-9BEE-7BF0D71EE74E.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS72619BCE-1DD3-416A-90B8-F7198452A89F.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS765625CF-A665-4088-80D5-1A6123395397.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS82E6CAA2-8F9B-4A29-A24B-DFB5577BC108.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS83A3CE7E-3DBD-424E-A068-BA6A6E899C6A.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS85573C60-6937-4560-B9ED-683FAC5089F5.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS85A7951E-B299-4A26-AD68-6CA15353D98D.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8732B8EB-DF10-4EE1-96FA-6641AF193CA7.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8770B121-84FA-4CBE-A131-BBCF299CB85F.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS881EB6EA-ABDF-4513-9953-C535AC87BBE9.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8E403673-01F1-4E8D-A3DE-EA6CCF2A5908.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8E97BF64-29A0-4922-8C5E-86BA4CF587D0.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS98D95CEB-5F39-46CC-9BB6-635ADC397877.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS994F6EA3-4D35-4F0A-B443-4E408BB2A1BE.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9DBD231C-C87D-45C0-8D4B-F05FCE688012.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA0A13BC3-DF94-4410-84B7-713DE9A72F64.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA3BBBA41-95F4-46DB-80CA-7D24802FD613.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA694486D-31D7-4146-89F4-8A2FCAD53BD2.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA7920C23-82F5-416C-BD12-8C57A5D46F26.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA7A16605-C80B-4E29-A158-6563626914E3.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAD7CAE87-A026-43FB-A8A6-4B61A6A1FADA.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB01C5FAE-88C4-45F6-965F-CB5B2C895862.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB286C310-87E2-4EED-845D-23CF49EBB1D4.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB653BA54-B0E8-4F52-9752-136BF53CF5B0.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC37C624B-5B7B-42A5-9003-8B07D404EB29.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC53D0940-2FA4-4264-8D3C-9302D1C8CD9C.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD1C2C5DF-0DFB-48C3-973C-0AD4DFCED8FD.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD47149A4-C9A5-41D1-B2A1-1E3EC49F4B75.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD7792304-E18E-4BF4-ADB2-F7264E89C9DF.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD943D0CE-96DE-4E46-ACA8-C595BE40DAB9.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE1DBAC90-EEC4-41F1-A41B-BA3B47E0A711.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE4ADEA39-3F19-4019-92E4-43BD0E9A5CCF.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF01087F4-782E-4C82-A3C7-6ABC0FDCE6F4.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF5F88C3B-3C41-479D-9C9E-80A8133E2A9E.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF79034D7-03B5-4D8E-BB1B-12E46731B62F.tmp Object is locked skipped
C:\Documents and Settings\postgres\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF7B3426F-8EBC-4055-B6D3-EEC489B49CEF.tmp Object is locked skipped
C:\Documents and Settings\postgres\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\postgres\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\postgres\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\postgres\ntuser.dat.LOG Object is locked skipped
C:\leo_notebook\installazioni\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\leo_notebook\installazioni\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\leo_notebook\installazioni\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\leo_notebook\installazioni\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\leo_notebook\installazioni\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\leo_notebook\installazioni\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\leo_notebook\installazioni\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\leo_notebook\installazioni\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
C:\Programmi\Apache Software Foundation\Apache2.2\logs\access.log Object is locked skipped
C:\Programmi\Apache Software Foundation\Apache2.2\logs\error.log Object is locked skipped
C:\Programmi\MySQL\MySQL Server 4.1\data\ibdata1 Object is locked skipped
C:\Programmi\MySQL\MySQL Server 4.1\data\ib_logfile0 Object is locked skipped
C:\Programmi\MySQL\MySQL Server 4.1\data\ib_logfile1 Object is locked skipped
C:\Programmi\MySQL\MySQL Server 4.1\data\pd68.err Object is locked skipped
C:\Programmi\PostgreSQL\8.2\data\pg_log\postgresql-2007-09-10_122145.log Object is locked skipped
C:\Programmi\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Programmi\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Programmi\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Programmi\WatchGuard\logs\controld.log Object is locked skipped
C:\Programmi\Your Uninstaller 2006\uruninstaller.exe.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\exefld\283016.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\WINDOWS\exefld\347610487.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\WINDOWS\exefld\4232425.exe Infected: Trojan-Downloader.Win32.Bagle.df skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Logfiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib6 Object is locked skipped
C:\WINDOWS\Temp\ib7 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_dc8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
Avatar utente
leosurf
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun set 10, 2007 12:54 pm
Top

Messaggioda leosurf » mar set 11, 2007 7:50 am

Ho messo questo come script in avenger, va bene???
Posso riavviare con questo script?
NB: chiaramente non mi funziona nemmeno la modalita' provvisoria e ho gia' disabilitato il ripristino automatico....!!!!

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\Documents and Settings\andrea.leandro\Dati applicazioni\m\flec006.exe
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Temporary Internet Files\Content.IE5\RAH41JFR\mxd[1].jpg
C:\Documents and Settings\andrea.leandro\Impostazioni locali\Temporary Internet Files\Content.IE5\XIF5TQCU\mxd[1].jpg
C:\leo_notebook\installazioni\tightvnc-1.2.9-setup.exe
C:\leo_notebook\installazioni\vnc-4_1_2-x86_win32.exe
C:\Programmi\RealVNC\VNC4\vncconfig.exe
C:\Programmi\RealVNC\VNC4\wm_hooks.dll
C:\Programmi\TightVNC\VNCHooks.dll
C:\Programmi\TightVNC\WinVNC.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Avatar utente
leosurf
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun set 10, 2007 12:54 pm
Top

bagle...

Messaggioda leosurf » mar set 11, 2007 9:56 am

Sono riuscito ad installare Kaspersky 7, vedo quindi qualcosa ha fatto avenger...
pero' ancora non mi entra in modalita' provvisoria, e ci mette tantissimo ad entrare con il mio user in rete...ma circa 2 minuti....tantoooo

Ora faccio girare kaspersky e vediamo cosa dice...
Avatar utente
leosurf
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun set 10, 2007 12:54 pm
Top

Messaggioda crazy.cat » mar set 11, 2007 10:09 am

Per la modalità provvisoria leggi l'articolo su bagle, c'è un file in allegato che risolve il problema.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda leosurf » gio set 13, 2007 12:00 pm

Sono riuscito ad entrare in modalita' provvisoria con msconfig, settando safeboot....

Adesso ho lanciato Avfast 4.7 e Kaspersky 7...

Avfast ha terminato rimuovendo ancora qualcosa, un trojan...

Ora vediamo cosa trova Kaspersky.

La cosa che mi e' rimasta molto lenta sul computer e':

quando premo tasto destro sopra un file per fare ad es. copia/incolla...ci mette una vita...

Ho gia' provato a disabilitare tutti i context-menu, ma non cambia nulla.

Stessa cosa se cancello un file....

Ma una lentezza quasi di 1 minuto per qualsiasi tipo di file txt, pdf e di qualsiasi dimensione.

Se entro come Administrator invece e' velocissimo....

Quindi sembra che dipenda dall'utente in rete che utilizzo..quindi qualcosa su HKCU ?????

Non riesco a capire dove sta il problema...

AIUTOOOOO !!!
Avatar utente
leosurf
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun set 10, 2007 12:54 pm
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 18 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising