Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

bagle mi ha colpito

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

bagle mi ha colpito

Messaggioda Lazy85 » dom gen 13, 2008 2:27 pm

Scusate mi presento sono Marco e amo non dare ascolto ai messaggi di allerta degli antivirus perciò questo è il meritato stato in cui mi trovo.
Antivir, zonealarm, avg fuori uso!
ho seguito la guida da voi stilata ma non riesco a neutralizzare Begle con efficacia con avenger! mi potete dare una manina?


inizio con il postare il LOG di KASPESKY:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 13, 2008 9:23:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 510043
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - Folders:
C:\ACER\
C:\ATI\
C:\avenger\
C:\CanoScan\
C:\Diskeeper\
C:\DlSystem\
C:\Documents and Settings\
C:\MSOCache\
C:\Programmi\
C:\RECYCLER\
C:\System Volume Information\
C:\Temp\
C:\WINDOWS\

Scan Statistics:
Total number of scanned objects: 61979
Number of viruses found: 7
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 02:46:26

Infected Object Name / Virus Name / Last Action
C:\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.z skipped
C:\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe NSIS: infected - 1 skipped
C:\avenger\backup-13.01.2008-11.59.07,18.zip/avenger/down/37531.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-13.01.2008-11.59.07,18.zip/avenger/down/41171.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\avenger\backup-13.01.2008-11.59.07,18.zip/avenger/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped
C:\avenger\backup-13.01.2008-11.59.07,18.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\avenger\backup-13.01.2008-11.59.07,18.zip/avenger/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\avenger\backup-13.01.2008-11.59.07,18.zip ZIP: infected - 5 skipped
C:\avenger\backup-13.01.2008-12.19.09,70.zip/avenger/srosa.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\avenger\backup-13.01.2008-12.19.09,70.zip/avenger/wintems.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\avenger\backup-13.01.2008-12.19.09,70.zip ZIP: infected - 2 skipped
C:\Documents and Settings\boh\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temp\Perflib_Perfdata_fac.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\14KSZOVA\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_3[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64_1[1].jpg Infected: Trojan-PSW.Win32.LdPinch.ewq skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\boh\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4D485C57-0152-4BDD-BA6A-7203437211D5}\RP155\A0072890.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4D485C57-0152-4BDD-BA6A-7203437211D5}\RP155\A0072891.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\System Volume Information\_restore{4D485C57-0152-4BDD-BA6A-7203437211D5}\RP156\A0072912.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\14470671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14482671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\29031312.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\29033734.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\WINDOWS\system32\drivers\down\29048625.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

come devo procedere??
grazie e buona domenica!!
Ultima modifica di Lazy85 il dom gen 13, 2008 9:25 pm, modificato 1 volta in totale.
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda ste_95 » dom gen 13, 2008 2:38 pm

[ciao]

Devi eseguire la scansione online con kaspersky.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Lazy85 » dom gen 13, 2008 2:43 pm

cavolo ho letto ora un post in cui veniva detto! La sto eseguendo e dopo modifico il primo post!
Grazie comunque della risposta!
a tra poco [:)]
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet


Messaggioda Lazy85 » dom gen 13, 2008 9:27 pm

ho postato il log di Kaspersky!
Spero mi diate 2 dritte!
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda ste_95 » dom gen 13, 2008 9:45 pm

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\avenger\backup-13.01.2008-12.19.09,70.zip
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\14KSZOVA\b64_3[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_2[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_3[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_3[2].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64_1[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64_3[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[1].jpg
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Lazy85 » dom gen 13, 2008 9:53 pm

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dpdlndsd

*******************

Script file located at: \??\C:\WINDOWS\tkrrtxwd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\avenger\backup-13.01.2008-12.19.09,70.zip deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\14KSZOVA\b64_3[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_3[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_3[2].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\54RX8J4U\b64_3[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[1].jpg deleted successfully.
File C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


ho nuovi processi sconusciuti nel task manager! [uhm]
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda ste_95 » dom gen 13, 2008 10:00 pm

Per prima cosa installa un antivirus.

Quali sono questi processi?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Lazy85 » dom gen 13, 2008 10:11 pm

oddio riesco ad installare AntiVir!!!! Sei un mezzo mago o sei il creatore di questo vermazzo?!?! [:D]
WOW!!

boh prima c'era uno tipo questo 564303.exe e wintems.exe ma sono spariti.
ora c'è FLEC006.exe.
come procedo? faccio scansione ed elimino tutto quello che trovo?
inizio a ringraziarti già adesso!!
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda ste_95 » lun gen 14, 2008 7:02 am

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\Documents and Settings\boh\Dati Applicazioni\m\flec006.exe


Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Vedrai che sparirà anche flec006.exe [;)]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Lazy85 » lun gen 14, 2008 12:46 pm

Ti sono veramente grato!! [applauso+] [applauso+]
ora ho sistemato tutto. il sistema è tornato a funzionare anche meglio di prima perché molti programmi che si attivavano in avvio ora sono disabilitati!
Posso sapere come si fa a determinare quali comandi dare ad Avenger?
Vai per esperienza o esiste un metodo? una guida???
Grazie ancora!
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda crazy.cat » lun gen 14, 2008 1:08 pm

Lazy85 ha scritto:Vai per esperienza o esiste un metodo? una guida???

Più o meno tutti e tre.
Si è provato ad infettare un pc pe vedere quali file si trovavano e poi dalle decine di log che arrivano vediamo le "novità" delle ultime varianti e si aggiungono alla lista e alla guida che abbiamo scritto.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Lazy85 » lun gen 14, 2008 1:19 pm

crazy.cat ha scritto:
Lazy85 ha scritto:Vai per esperienza o esiste un metodo? una guida???

Più o meno tutti e tre.
Si è provato ad infettare un pc pe vedere quali file si trovavano e poi dalle decine di log che arrivano vediamo le "novità" delle ultime varianti e si aggiungono alla lista e alla guida che abbiamo scritto.


guida?
in quella che ho seguito io consigliava di chiedere consigli sul forum..
forse non è la stessa.. [uhm]
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda ste_95 » lun gen 14, 2008 1:54 pm

La guida, che non mi stancherò mai di leggere, è reperibile qui:

http://www.MegaLab.it/2656
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Bagle 2, il ritorno!

Messaggioda Lazy85 » ven gen 18, 2008 9:03 am

Sono riuscito a riprendermi bagle, sapete...mi mancava così tanto [cry] !!!
Questa volta ho almeno capito il perché, ho scaricato un file spacciato per una applicazione trial e dopo 10 secondi non avevo più nessuna sicurezza attiva! [devil]
questo è il risultato:

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 177930
Number of viruses found: 12
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 05:24:10

Infected Object Name / Virus Name / Last Action
C:\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.z skipped
C:\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\boh\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\boh\Desktop\Download 2007\Crack 2006\Password.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe/data0010/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe/data0010/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe/data0010/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe/data0010 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe Inno: infected - 5 skipped
C:\Documents and Settings\boh\Desktop\Download 2007\Password.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\boh\Desktop\Download 2007\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar/Lyrics Plugin 0.3.exe Infected: Trojan-Dropper.Win32.Agent.dpt skipped
C:\Documents and Settings\boh\Desktop\Download 2007\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar RAR: infected - 1 skipped
C:\Documents and Settings\boh\Desktop\RESCUEEEEEE 200777777\N70\APPLICAZIONI\INUTILI\Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDAs.zip/Loader.exe Infected: not-a-virus:RiskTool.Win32.Patcher.a skipped
C:\Documents and Settings\boh\Desktop\RESCUEEEEEE 200777777\N70\APPLICAZIONI\INUTILI\Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDAs.zip ZIP: infected - 1 skipped
C:\Documents and Settings\boh\Desktop\RESCUEEEEEE 200777777\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar/Lyrics Plugin 0.3.exe Infected: Trojan-Dropper.Win32.Agent.dpt skipped
C:\Documents and Settings\boh\Desktop\RESCUEEEEEE 200777777\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar RAR: infected - 1 skipped
C:\Documents and Settings\boh\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temp\Perflib_Perfdata_5e8.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\boh\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\boh\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\eMule Applejuice\incoming\GIF Movie Gear 4.1.2.zip/GIF Movie Gear 4.1.2.exe Infected: Trojan-Downloader.Win32.Bagle.ii skipped
C:\Programmi\eMule Applejuice\incoming\GIF Movie Gear 4.1.2.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4D485C57-0152-4BDD-BA6A-7203437211D5}\RP156\A0072912.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped
C:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP6\A0019666.exe Infected: Trojan-Dropper.Win32.Agent.dpt skipped
C:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP9\A0020452.exe Infected: Trojan-Downloader.Win32.Bagle.ii skipped
C:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\148281.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\159437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_578.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
E:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\6de09fe486bd8c9a52ef0fa3febe9b48_9779e319-82d7-46f2-b999-2e6cc2e7f3bb Object is locked skipped
E:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\e329ab65990c69963dba9af85640e087_9779e319-82d7-46f2-b999-2e6cc2e7f3bb Object is locked skipped
E:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\e8167271539fbbcea77667b7197f1e0d_9779e319-82d7-46f2-b999-2e6cc2e7f3bb Object is locked skipped
E:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Dr Watson\user.dmp Object is locked skipped
E:\Documents and Settings\boh\Desktop\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.z skipped
E:\Documents and Settings\boh\Desktop\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe NSIS: infected - 1 skipped
E:\Programmi\Vistapack\Backup\ntoskrnl.exe Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000363.exe/data0010/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000363.exe/data0010/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000363.exe/data0010/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000363.exe/data0010 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000363.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000363.exe Inno: infected - 5 skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000384.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000423.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0000984.EXE Infected: not-a-virus:Porn-Dialer.Win32.Agent.bb skipped
E:\System Volume Information\_restore{65562140-65B2-43F8-9301-B231F134690D}\RP2\A0009755.EXE Infected: not-a-virus:Porn-Dialer.Win32.Agent.bb skipped
E:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
E:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
E:\WINDOWS\system32\dllcache\ntoskrnl.exe Object is locked skipped
E:\WINDOWS\system32\ntoskrnl.exe Object is locked skipped

Scan process complete.

ho già scaricato GMER e AVENGER (dall'altra volta)..
buonagiornata!
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda crazy.cat » ven gen 18, 2008 9:55 am

Disattiva il ripristino della configurazione su c:\ ed e:\ poi riavvia il pc
http://www.MegaLab.it/2330

Qualsiasi file proveniente dal mulo (perché poi scaricare dei trial dal mulo quando si possono trovare sui siti ufficiali....) deve essere provato sul sito www.virustotal.com

Questo è il tuo script

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe
C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe
C:\Documents and Settings\boh\Desktop\Download 2007\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar
C:\Documents and Settings\boh\Desktop\RESCUEEEEEE 200777777\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_2[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[1].jpg
C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[2].jpg
C:\Programmi\eMule Applejuice\incoming\GIF Movie Gear 4.1.2.zip
E:\Documents and Settings\boh\Desktop\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda Lazy85 » ven gen 18, 2008 10:10 am

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wwmbdkdr

*******************

Script file located at: \??\C:\gonevbf^.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe deleted successfully.
File C:\Documents and Settings\boh\Desktop\Download 2007\kazaa-download-accelerator.exe deleted successfully.
File C:\Documents and Settings\boh\Desktop\Download 2007\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar deleted successfully.
File C:\Documents and Settings\boh\Desktop\RESCUEEEEEE 200777777\Windows Media Player 11 + Patch + Lyrics Plugin 0.3.rar deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\1ZV8FAIA\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[1].jpg deleted successfully.
File C:\Documents and Settings\boh\Impostazioni locali\Temporary Internet Files\Content.IE5\QATUGXAI\b64_3[2].jpg deleted successfully.
File C:\Programmi\eMule Applejuice\incoming\GIF Movie Gear 4.1.2.zip deleted successfully.
File E:\Documents and Settings\boh\Desktop\ACER\Documents and Settings\utente\Impostazioni locali\Temporary Internet Files\Content.IE5\Z6B9JV2S\YazzleActiveX[1].exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

problema

Messaggioda Lazy85 » ven gen 18, 2008 10:15 am

non riesco ad installare nessun antivirus..cavolo!
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda ste_95 » ven gen 18, 2008 1:56 pm

Nessuno o uno in particolare?
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda Lazy85 » ven gen 18, 2008 3:54 pm

Anivir si installa ma non mi attiva la protezione attiva contro i virus.
Zonelarm non riesce neanche a instalarlo.
ora provo con kaspersy.mai usato..
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet

Messaggioda Lazy85 » ven gen 18, 2008 7:00 pm

riuscito ad installare KASPERSKY [applauso+] , effettuata scansione, 202 infezioni relative a Bagle trovate ed eliminate [...] .
Nella cartella C:\Documents and Settings\boh\Dati applicazioni\m\shared\ si erano creati circa 180 files zip con nome di crack e serial di software e giochi conosciuti....
Anche Firefox è stato compromesso, bloccava tutti i download al 99% e non li finiva mai, per questo zoneAlarm non si installava! era un file incompleto!
ora ho ripristinato tutto...forse!

Grazie ancora!!
Un Bode Miller da Paura!!!
Avatar utente
Lazy85
Neo Iscritto
Neo Iscritto
 
Messaggi: 22
Iscritto il: dom gen 13, 2008 2:07 pm
Località: internet


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising