Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

help bagle!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

help bagle!

Messaggioda alek007 » sab gen 12, 2008 9:57 pm

salve a tutti! potreste aiutarmi con lo script per avenger? grazie in anticipo. la scansione di kaspersky:


KASPERSKY ONLINE SCANNER REPORT
Saturday, January 12, 2008 8:31:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/01/2008
Kaspersky Anti-Virus database records: 508316
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 67351
Number of viruses found 6
Number of infected objects 12
Number of suspicious objects 0
Duration of the scan process 10:59:12

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users.WINXP\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINXP\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\pc1\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\pc1\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc1\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc1\Impostazioni locali\Temporary Internet Files\Content.IE5\RNTGWCJG\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\pc1\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pc1\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pc1\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Mail\Hotmail (al da2\Posta inviata\69222905-0000001C.eml/[From Alessandro Cantini ][Date Mon, 12 Feb 2007 13:12:35 +0100]/SkyBattle/ButtonShyMouse.exe Infected: not-virus:BadJoke.Win32.MouseShy.a skipped
C:\Documents and Settings\pc1\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Mail\Hotmail (al da2\Posta inviata\69222905-0000001C.eml/[From Alessandro Cantini ][Date Mon, 12 Feb 2007 13:12:35 +0100]/SkyBattle Infected: not-virus:BadJoke.Win32.MouseShy.a skipped
C:\Documents and Settings\pc1\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Mail\Hotmail (al da2\Posta inviata\69222905-0000001C.eml Mail: infected - 2 skipped
C:\Documents and Settings\pc1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pc1\ntuser.dat Object is locked skipped
C:\WINXP\system32\config\SECURITY.LOG Object is locked skipped
C:\WINXP\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINXP\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINXP\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINXP\system32\config\SAM.LOG Object is locked skipped
C:\WINXP\system32\config\AppEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SecEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SysEvent.Evt Object is locked skipped
C:\WINXP\system32\config\DEFAULT Object is locked skipped
C:\WINXP\system32\config\SECURITY Object is locked skipped
C:\WINXP\system32\config\SOFTWARE Object is locked skipped
C:\WINXP\system32\config\SYSTEM Object is locked skipped
C:\WINXP\system32\config\SAM Object is locked skipped
C:\WINXP\system32\config\Internet.evt Object is locked skipped
C:\WINXP\system32\drivers\sptd.sys Object is locked skipped
C:\WINXP\system32\drivers\down\71843.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\WINXP\system32\drivers\down\66781.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINXP\system32\drivers\down\39203.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\WINXP\system32\drivers\srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINXP\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINXP\system32\CatRoot2\edb.log Object is locked skipped
C:\WINXP\system32\h323log.txt Object is locked skipped
C:\WINXP\Debug\PASSWD.LOG Object is locked skipped
D:\MULTIMEDIA!!!\Scherzi PC\ButtonShyMouse.exe Infected: not-virus:BadJoke.Win32.MouseShy.a skipped
D:\MULTIMEDIA!!!\Win-Spy\LicenseBackup.exe Infected: HackTool.Win32.Freezer.c skipped
D:\MULTIMEDIA!!!\Win-Spy\Win-Spy Eval Setup.exe/Setup1.exe Infected: Trojan-Spy.Win32.WinSpy.cz skipped
D:\MULTIMEDIA!!!\Win-Spy\Win-Spy Eval Setup.exe ZIP: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Avatar utente
alek007
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: ven gen 11, 2008 10:27 pm
Località: Milano

Messaggioda ste_95 » sab gen 12, 2008 10:04 pm

[ciao]

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\Documents and Settings\pc1\Impostazioni locali\Temporary Internet Files\Content.IE5\RNTGWCJG\b64_2[1].jpg

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda alek007 » sab gen 12, 2008 10:25 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hcnxoocx

*******************

Script file located at: \??\C:\WINXP\system32\ujqpfwty.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\srosa.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\srosa.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\srosa.sys
Status: 0xc0000034



File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!

Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



File C:\windows\system32\drivers\hldrrr.exe not found!
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\Documents and Settings\pc1\Impostazioni locali\Temporary Internet Files\Content.IE5\RNTGWCJG\b64_2[1].jpg deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034



Folder C:\WINDOWS\system32\drivers\down not found!
Deletion of folder C:\WINDOWS\system32\drivers\down failed!

Could not process line:
C:\WINDOWS\system32\drivers\down
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
alek007
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: ven gen 11, 2008 10:27 pm
Località: Milano

Messaggioda alek007 » sab gen 12, 2008 10:37 pm

ha funzionato! grazie 1000!
Avatar utente
alek007
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: ven gen 11, 2008 10:27 pm
Località: Milano


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising