Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

maledetto virus bagle, chiedo script per avenger!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

maledetto virus bagle, chiedo script per avenger!

Messaggioda lucaam86 » sab gen 26, 2008 8:50 am

Salve a tutti, da qualche giorno mi sono accorto di avere il pc pieno di virus bagle che mi impediscono di installare qualsiasi antivirus e anche di entrare in modalità provvisoria.
Ho fatto la scansione on line con KASPERSKY che adesso vi posto affinchè qualcuno di Voi molto gentilmente possa darmi lo script da dare ad Avenger per cercare di eliminare il virus!!!

La scansione con Kaspersky è la seguente:

Friday, January 25, 2008 11:15:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532201


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 221793
Number of viruses found 10
Number of infected objects 109
Number of suspicious objects 0
Duration of the scan process 09:33:06

Infected Object Name Virus Name Last Action
C:\Avenger\backup.zip/avenger/wintems.exe-ren-244 Infected: Email-Worm.Win32.Bagle.of skipped

C:\Avenger\backup.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.ip skipped

C:\Documents and Settings\User\Dati applicazioni\MySpace\IM\Logs\MySpaceIM-20080125-122306.log Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\call256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\callmember256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chat4096.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chat512.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatsync\2b\2bef387335ea1c0a.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\chatsync\92\92a28caafee8a21d.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\index2.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\profile4096.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\transfer1024.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\transfer256.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\transfer512.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\user1024.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\user16384.dbb Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Skype\luca.dono\user4096.dbb Object is locked skipped

C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe Infected: Backdoor.Win32.Agent.duj skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\dfsr.db Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\fsr.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\fsrtmp.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\xxapiedinudixx@hotmail.it\SharingMetadata\Working\database_72D0_77F5_D077_BDC3\tmp.edb Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\xxapiedinudixx@hotmail.it\real\members.stg Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\xxapiedinudixx@hotmail.it\shadow\members.stg Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe Infected: Backdoor.Win32.Agent.duj skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF8A7.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF8AC.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF91E5.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DFBDE9.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DFC099.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\0JI3I4G2\UserStatusChange[2].html Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\ntuser.dat Object is locked skipped

C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped

C:\Muestras\FLEC006.EXE.Muestra EliBagle v10.91 Infected: Email-Worm.Win32.Bagle.of skipped

C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip/ShopFactory Professional 6.46.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped

C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip ZIP: infected - 1 skipped

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.ht skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\down\104203.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\109015.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\109859.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\111000.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\120875.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped

C:\WINDOWS\system32\drivers\down\124062.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\128750.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\130453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\137750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\139500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\141390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14616171.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14626984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14633562.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped

C:\WINDOWS\system32\drivers\down\146343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14639875.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14645609.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14647937.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14654281.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14655265.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14673656.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14676812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14677453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14678484.exe Infected: Trojan.Win32.Pakes.bwy skipped

C:\WINDOWS\system32\drivers\down\14686328.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14692921.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14705500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14719765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14721562.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14788718.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14800390.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14801625.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\14847359.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14977218.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\14987421.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15005671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15021468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\151593.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\15191906.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15202968.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\15207578.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\15216453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\157812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\163890.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\167796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\18447843.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29148750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29162562.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29180968.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29190796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29228015.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29237656.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29262078.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29267140.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29271343.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29284453.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29309015.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29324234.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29333203.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29394984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29412562.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29420468.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29420859.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29664046.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29681875.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29827953.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29839687.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29926984.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\29936343.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\29942812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\30972390.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\33206531.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\33233156.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped

C:\WINDOWS\system32\drivers\down\43702125.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43707734.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43718671.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43871500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43873500.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43877875.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43886062.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43896687.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43903015.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\43910281.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\43915390.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44354375.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44379640.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44403750.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44414906.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\44437765.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\44548812.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\47786953.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\47796312.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\58450781.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\58457906.exe Infected: Trojan-PSW.Win32.Agent.xd skipped

C:\WINDOWS\system32\drivers\down\58488671.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\77796.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\drivers\down\85968.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\WINDOWS\system32\oleacc32.dll Infected: not-a-virus:AdWare.Win32.Stud.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.




GRAZIE INIFITE A TUTTI...
Avatar utente
lucaam86
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: sab gen 26, 2008 8:46 am

Messaggioda crazy.cat » sab gen 26, 2008 9:14 am

Questo è lo script, dopo il riavvio del pc prova a reinstallare l'antivirus
Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.ex_
C:\WINDOWS\system32\mdelk.exe
C:\Avenger\backup.zip
C:\Documents and Settings\User\Dati applicazioni\m\data.oct
C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe
C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe
C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe
C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\oleacc32.dll

folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Muestras

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Con questo sistemi la modalità provvisoria
http://www.MegaLab.it/3250
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

script eseguito ma..

Messaggioda lucaam86 » sab gen 26, 2008 9:29 am

Innanzitutto grazie mille per la risposta cosi tempestiva. Ho messo lo script che mi hai consigliato in avenger e al riavvio mi ha dato questo file *.txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dkgltymc

*******************

Script file located at: \??\C:\windows\system32\lkmrctce.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\windows\system32\drivers\hldrrr.exe deleted successfully.


File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034

File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Avenger\backup.zip deleted successfully.
File C:\Documents and Settings\User\Dati applicazioni\m\data.oct deleted successfully.


File C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe not found!
Deletion of file C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe failed!

Could not process line:
C:\Documents and Settings\User\Desktop\HuntingUnl4-dm.exe
Status: 0xc0000034



File C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe not found!
Deletion of file C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe failed!

Could not process line:
C:\Documents and Settings\User\Desktop\installer-61501-15-F-Secure-BlackLight-Italian.exe
Status: 0xc0000034



Could not open file C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe for deletion
Deletion of file C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe failed!

Could not process line:
C:\Documents and Settings\User\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\69ZJCDR4\installer-61501-15-F-Secure-BlackLight-Italian[1].exe
Status: 0xc000003a



File C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip not found!
Deletion of file C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip failed!

Could not process line:
C:\Programmi\eMule\Incoming\ShopFactory Professional 6.46.zip
Status: 0xc0000034



File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe not found!
Deletion of file C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000034



File C:\WINDOWS\system32\oleacc32.dll not found!
Deletion of file C:\WINDOWS\system32\oleacc32.dll failed!

Could not process line:
C:\WINDOWS\system32\oleacc32.dll
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\Muestras deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Vedo che su alcuni voci dice "failed" perché secondo te????
Avatar utente
lucaam86
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: sab gen 26, 2008 8:46 am

Messaggioda ste_95 » sab gen 26, 2008 10:13 am

Non tutti i file devono per forza essere presenti, nelle ultimi varianti alcuni non sono più presenti.

Prova a reinstallare un antivirus.

Ripristina la modalità provvisoria utilizzando questo file.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

RISOLTO!!

Messaggioda lucaam86 » sab gen 26, 2008 10:53 am

Grazie a questo forum ho risolto il problema con il virus Bagle. Utilizzando avenger con lo script fornito dal redattore di questo forum ho eliminato BAGLE dal mio pc e vi assicuro che sembrava una cosa irrisolvibile e stavo per formattare.
Invece con avenger e con lo script per avenger fornitomi qui sul forum ho risolto. Poi ho REinstallato Avast e tutto funziona alla perfezione!
Grazia a a chi mi ha fornito aiuto
Luca
Avatar utente
lucaam86
Neo Iscritto
Neo Iscritto
 
Messaggi: 8
Iscritto il: sab gen 26, 2008 8:46 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising