www.MegaLab.it

[spitfire10]

Ciao a tutti, ho scansionato il pc con Kaspersky on-line, vi allego il report qui sotto, se cortesemente potete spiegarmi come rimuoverlo.
Grazie per la sempre valida e cortese collaborazione.
Francesco.



KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 9:38:53 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545817


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 43065
Number of viruses found 1
Number of infected objects 17
Number of suspicious objects 0
Duration of the scan process 00:38:31

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\NeroCheck.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\WINDOWS\Temp\Perflib_Perfdata_d0.dat Object is locked skipped

C:\WINDOWS\Temp\333389903.exe Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ATK0100\HControl.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Alessandra\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Alessandra\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alessandra\Impostazioni locali\Cronologia\History.IE5\MSHist012008020220080203\index.dat Object is locked skipped

C:\Documents and Settings\Alessandra\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alessandra\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Alessandra\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Alessandra\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Alessandra\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Alessandra\UserData\index.dat Object is locked skipped

C:\Documents and Settings\Alessandra\ntuser.dat Object is locked skipped

C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Messenger\msmsgs.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\ASUS\ASUS Live Update\ALU.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\ASUS\NB Probe\NBProbe.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\ASUS\Wireless Console\wcourier.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Synaptics\SynTP\SynTPLpr.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{BD827292-5947-4D81-ACB5-39CE46F5CCEA}\RP45\A0025142.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{BD827292-5947-4D81-ACB5-39CE46F5CCEA}\RP47\change.log Object is locked skipped

Scan process completed.

[ste_95]

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\NB Probe\NBProbe.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Alcune applicazioni non ti funzioneranno più correttamente dopo la rimozione.

[spitfire10]

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\ASUS\NB Probe\NBProbe.exe
C:\Programmi\ASUS\Wireless Console\wcourier.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe
C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Alcune applicazioni non ti funzioneranno più correttamente dopo la rimozione.

Ciao Ste, ho seguito la procedura, ma alla seconda finestra di conferma dello script mi appare il seguente messaggio:
error: selected file does not appear to be a valid script.

ho confermato tutto, ma non succede niente di buono.
Grazie in anticipo

[ste_95]

Sei sicura di includere nello script anche la dicitura Files to delete:?

[spitfire10]

Sei sicura di includere nello script anche la dicitura Files to delete:?

Scusa hai ragione mi sono rincoglionito oggi. Ti allego sotto il report di avenger.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\remcwnpx

*******************

Script file located at: \??\C:\Documents and Settings\isqlwgdt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
File C:\WINDOWS\ATK0100\HControl.exe deleted successfully.
File C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe deleted successfully.
File C:\Programmi\Messenger\msmsgs.exe deleted successfully.
File C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe deleted successfully.
File C:\Programmi\ASUS\ASUS Live Update\ALU.exe deleted successfully.
File C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe deleted successfully.
File C:\Programmi\ASUS\NB Probe\NBProbe.exe deleted successfully.
File C:\Programmi\ASUS\Wireless Console\wcourier.exe deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe deleted successfully.
File C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe deleted successfully.
File C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe deleted successfully.
File C:\Programmi\Intel\Wireless\Bin\EOUWiz.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[ste_95]

Tutto dovrebbe essere a posto.

Alcune applicazioni non ti funzioneranno più correttamente dopo la rimozione.

[spitfire10]

Tutto dovrebbe essere a posto.

Alcune applicazioni non ti funzioneranno più correttamente dopo la rimozione.

Ti ringrazio per la solita gentile collaborazione. Per le applicazioni ho, circa, già capito di cosa si tratta e come operare, se dovessi trovare delle difficoltà mi rifarò vivo.
Ciao, nuovamente grazie e buon fine settimana.
Francesco

[rogernemo]

ho beccato un bagle, ho fatto un po' delle operazioni suggerite...
ho fatto la scansione con Kaspersky, ci ha impiegato quasi otto ore...
ora ho provato ad aggiungere lo script a The Avenger (2 modificato per Windows Vista).
all'inizio mi dava il problema che per cominciare The Avenger necessitava che la riga iniziale fosse un comando, dopo averla cancellata e riscritta 2 volte il problema è scomparso...

ma ci sono altri problemi:
1) Error: can't open file 'C:\cleanup.bat' (error 2: impossibile trovare il file specificato.)
2) Error: could not open cleanup batch. Aborting execution! (error 6: handle non valido.)
3) Error: cen't open file 'C:\avenger.txt' (error 2: impossibile trovare il file specificato.)
4) Error: could not log error messages to file. (error 6: handle non valido.)

non mi consente di allegarvi l'esito dello scanning di Kaspersky, quindi ve lo posto qui:
Wednesday, May 21, 2008 1:05:24 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 788187


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 78276
Number of viruses found 4
Number of infected objects 3
Number of suspicious objects 2
Duration of the scan process 07:37:25

Infected Object Name Virus Name Last Action
C:\Acer\AcerTour\Reminder.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped

C:\Acer\Empowering Technology\Logs\ETF.log Object is locked skipped

C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\34f06ceab292ba6aeebe635e24de43f5_c3cfb9a6-730b-41fc-ba94-b810d8a51d3c Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.132.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.132.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010029.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010040.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy152.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2D27.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2D28.tmp Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\SharingMetadata\pending.dat Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\SharingMetadata\Working\database_A22A_A849_2AA8_1BF3\dfsr.db Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\SharingMetadata\Working\database_A22A_A849_2AA8_1BF3\fsr.log Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\SharingMetadata\Working\database_A22A_A849_2AA8_1BF3\fsrtmp.log Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Messenger\rogernemo@msn.com\SharingMetadata\Working\database_A22A_A849_2AA8_1BF3\tmp.edb Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Y2WE6LG\Radiohead-Nude(060602)[1].mp3 Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\UsrClass.dat{8b6fa53a-b98e-11dc-bf8c-000000000000}.TM.blf Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\UsrClass.dat{8b6fa53a-b98e-11dc-bf8c-000000000000}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows\UsrClass.dat{8b6fa53a-b98e-11dc-bf8c-000000000000}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Contacts\rogernemo@msn.com\real\members.stg Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Contacts\rogernemo@msn.com\shadow\members.stg Object is locked skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Mail\Gmail (roge f38\Deleted Items\60BB16CD-00000030.eml/[From "Utente di eBay"][Date Wed, 23 Apr 2008 05:20:02 +0200]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Mail\Gmail (roge f38\Deleted Items\60BB16CD-00000030.eml Mail: suspicious - 1 skipped

C:\Users\rogernemo\AppData\Local\Temp\~DF66BB.tmp Object is locked skipped

C:\Users\rogernemo\AppData\Local\Temp\~DFE8E6.tmp Object is locked skipped

C:\Users\rogernemo\AppData\Local\Temp\~DFF71D.tmp Object is locked skipped

C:\Users\rogernemo\AppData\Local\Temp\~DFFA20.tmp Object is locked skipped

C:\Users\rogernemo\AppData\Roaming\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.pv skipped

C:\Users\rogernemo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\rogernemo\NTUSER.DAT Object is locked skipped

C:\Users\rogernemo\ntuser.dat.LOG1 Object is locked skipped

C:\Users\rogernemo\ntuser.dat.LOG2 Object is locked skipped

C:\Users\rogernemo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\rogernemo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\rogernemo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

C:\Windows\System32\drivers\sptd.sys Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\System32\wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntkrnlpa.exe Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe Object is locked skipped

Scan process completed.

questo è lo script come lo ho partorito io alle 2 e 15 di notte:

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\Acer\AcerTour\Reminder.exe
C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Mail\Gmail (roge f38\Deleted Items\60BB16CD-00000030.eml/[From "Utente di eBay"][Date Wed, 23 Apr 2008 05:20:02 +0200]/html
C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Mail\Gmail (roge f38\Deleted Items\60BB16CD-00000030.eml
C:\Users\rogernemo\AppData\Roaming\m\data.oct
C:\Users\rogernemo\AppData\Roaming\m\list.oct
C:\Users\rogernemo\AppData\Roaming\m\srvlist.oct
C:\Windows\System32\wintems.exe

Folders to delete:
C:\WINDOWS\system32\drivers\downld
C:\Users\rogernemo\AppData\Roaming\m

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

mi piacerebbe sapere dove ho sbagliato, se ho sbagliato; perché The Avenger mi da quegli errori e se c'è una soluzione possibile oppure è meglio formattare l'ambaradan!???
A presto sentirsi e grazie per l'aiuto che mi avete dato finora, per il quale ora sono connesso, posso usare la webcam e forse ho riattivato qualche altra cosa :D

[ste_95]

Lo script è corretto, ma cisto che elimini l'intera cartella m, è inutile eliminarne anche i singoli file

Codice: Seleziona tutto

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\Acer\AcerTour\Reminder.exe
C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Mail\Gmail (roge f38\Deleted Items\60BB16CD-00000030.eml/[From "Utente di eBay"][Date Wed, 23 Apr 2008 05:20:02 +0200]/html
C:\Users\rogernemo\AppData\Local\Microsoft\Windows Live Mail\Gmail (roge f38\Deleted Items\60BB16CD-00000030.eml

Folders to delete:
C:\WINDOWS\system32\drivers\downld
C:\Users\rogernemo\AppData\Roaming\m

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

Prova a riscrivere manualmente la prima riga (Files to delete:) ricordando i due punti. Se il problema persiste prova con la vecchia versione di Avenger.

[vegnone23]

mi piacerebbe sapere dove ho sbagliato

a non seguire le indicazioni per allegare i log!!! http://www.MegaLab.it/forum/viewtopic.php?t=42331

comunque a volte avenger dà quell'errore, io ho passato quello step riscrivendo un paio di volte "files to delete:", con la f minuscola e ricordando i due punti

[rogernemo]

sorry! non avendo letto quel post sul log, ho preso spunto dagli interventi di qualcun altro che avevano copiato e incollato il tutto...

comunque:
dopo aver riscritto files to delete: The avenger parte, premo due volte sì, ma poi come in precedenza i quattro errori di cui al mio precedente post continuavano a verificarsi,

1) Error: can't open file 'C:\cleanup.bat' (error 2: impossibile trovare il file specificato.)
2) Error: could not open cleanup batch. Aborting execution! (error 6: handle non valido.)
3) Error: cen't open file 'C:\avenger.txt' (error 2: impossibile trovare il file specificato.)
4) Error: could not log error messages to file. (error 6: handle non valido.)


allora ho eliminato e provato con le altre versioni, ma una non è valida per Windows Vista e l'altra non mi da segni di vita.

ora riprovo con The Avenger 2 modificata...

grazie per l'aiuto

[rogernemo]

PERMANGONO QUESTI 4 ERRORI:

1) Error: can't open file 'C:\cleanup.bat' (error 2: impossibile trovare il file specificato.)
2) Error: could not open cleanup batch. Aborting execution! (error 6: handle non valido.)
3) Error: cen't open file 'C:\avenger.txt' (error 2: impossibile trovare il file specificato.)
4) Error: could not log error messages to file. (error 6: handle non valido.)

cosa posso fare per risolvere il problema???

[vegnone23]

la soluzione del tuo caso non la so, ma ricordo di aver letto in un altro post della sezione sicurezza di gente che aveva il tuo stesso problema. magari se cerchi qualcosa trovi.
altrimenti aspetta che ti risponda gente più preparata come crazy.cat o ste_95

[rogernemo]

ho usato OTMoveIt come era consigliato in un altra sezione del forum per chi avesse riscontrato i miei stessi problemi...

vi allego il file di testo che ne è uscito, ditemi cosa devo fare ora

http://www.mediafire.com/?djzntlundbb


grazie per l'aiuto ancora.. sento che sto per giungere alla fine di questa estenuante battaglia eheheh

[stex2005]

Io il problema di cleanup.bat lo ho risolto così:

***********************
Vecchia versione di Avenger e Hijackthis.

http://www.mediafire.com/?3c93tgzyvcm
http://www.wikifortio.com/997003/Megala ... ecchio.zip
http://w16.easy-share.com/1700186673.html

Estrai Avenger in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla lo script nella box bianca che si è aperta:

Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.

[vegnone23]

grazie per l'aiuto ancora.. sento che sto per giungere alla fine di questa estenuante battaglia eheheh

aspetta a cantar vittoria... poi ci rimani male.... io sono 3 gg che ci lavoro...

buona fortuna, ti e ci aiuteranno i più preparati, questo sito/forum è eccezionale.

[stex2005]

Comunque il programmino sembra non aver funzionato granchè... failed.. failed...

io consiglio di provare a usare la versione sopra di avenger..

per come continuare segui l'articolo:

http://www.MegaLab.it/2657/4

[rogernemo]

ma a me il vecchio avenger non funziona...

ma quello che ho fatto con OTMoveIt non serve a nulla???

[stex2005]

Personalmente mi sembra non abbia funzionato perché i file di bagle ci sono ancora tutti... Io ho risolto il problema usando quello vecchio poi non so...

Proviamo a rimuovere i file con omoveit?
http://www.steven.altervista.org/files/ ... tml#tools5

anche a me crazy.cat aveva dato questo consiglio...

Non saprei come aiutarti se non di provare a scaricare tutte le versioni di avenger: vecchia e nuova modificata e non e provare con ognuna... ad alcuni con il bagle funziona anche quella non modificata!
Poi posta il risultato che diamo un occhiata!

[ste_95]

La versione vecchia da usare, è quella modificata, in quanto quella normale è stata bloccata da tempo:

http://www.MegaLab.it/forum/viewtopic.p ... 172#325172