Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bagleeeeeeeeeeeeeeeeee...Uff..urge

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Bagleeeeeeeeeeeeeeeeee...Uff..urge

Messaggioda rikybra » ven mar 14, 2008 9:12 pm

Ciao a tutti..e complimenti per il forum perché è davvero il più fornito e il più ben fatto che io conasca...!!
comunque...il mio problema come ben potete immaginare...è rivolto a bagle....
L'ho preso circa due giorni fa...forse tre...
comunque..ho letto molte delle vostre discussioni su questo worm...

Io ho incollato questo....

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\hldrrr.exe

folders to delete:
C:\WINDOWS\system32\drivers\down

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


nella schermata di avenger che ho scaicato da

http://www.wikifortio.com/634658/Tools-Anti-Bagle.zip

ora però leggo qui....http://www.MegaLab.it/forum/viewtopic.php?t=41272

che devo incollare qui ciò che mi viene scritto in un blocco note dopo aver riavviato il pc....

a me viene scritto questo....



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\trusted.exe" not found!
Deletion of file "C:\WINDOWS\system32\trusted.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\windows\system32\drivers\hldrrr.exe" deleted successfully.
File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.
Folder "c:\WINDOWS\system32\drivers\down" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Ora che devo fare??...raga appena riuscite rispondete...grazie mille....a tutti coloro ch elo faranno...
Avatar utente
rikybra
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven mar 14, 2008 8:59 pm

Messaggioda rikybra » ven mar 14, 2008 10:12 pm

Raga...vi prego...è davvero urgente...cioè...entro qualche gg devo risolvere...altrimenti mia madre mi impicca..!!!
Avatar utente
rikybra
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven mar 14, 2008 8:59 pm

Messaggioda ste_95 » sab mar 15, 2008 7:40 am

Leggendo lì, dovrei aver visto che è necessaria la scansione online con kaspersky:

http://www.MegaLab.it/forum/viewtopic.php?t=34966
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Messaggioda rikybra » sab mar 15, 2008 1:44 pm

Si si l'ho fatta....vuoi il resoconto anche di quella..???è questo...

KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 1:41:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630343
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 204758
Number of viruses found 19
Number of infected objects 53
Number of suspicious objects 0
Duration of the scan process 14:54:47

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\eHome\EPG\1fbfefc7f2fd489e9b0ca33745ac408d.sdf Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_1962761376_10682368_12391 Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\MSDVRMM_1962761376_9240576_16024 Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempSBE\SBE3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{7464E825-BCC5-4A2D-952A-7659DFC08485}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\{8AB6FEB5-B88B-4255-8090-654C58FAA811}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\cert8.db Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\history.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\key3.db Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\parent.lock Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\search.sqlite Object is locked skipped
C:\Documents and Settings\HP_Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\keb9dwxn.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HP_Administrator\Documenti\Le mie Conversazioni\marzo 2008\Eventi Archiviati.xml Object is locked skipped
C:\Documents and Settings\HP_Administrator\Documenti\Le mie Conversazioni\marzo 2008\manu_vs_kaka@hotmail.it.txt Object is locked skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\Adrenalina.zip/Adrenalina.exe Infected: not-virus:BadJoke.Win32.Errore skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\Adrenalina.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\cacca.zip/unko.exe Infected: not-virus:BadJoke.Win32.Unko.a skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\cacca.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\dellall.zip/delall.exe Infected: not-virus:BadJoke.Win32.JepRuss skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\dellall.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\eagle.zip/eagle.exe Infected: not-virus:BadJoke.Win32.Errore skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\eagle.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\finger.zip/finger.exe Infected: not-virus:BadJoke.Win32.Finger.b skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\finger.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\giramondo.zip/giramondo.exe Infected: not-virus:BadJoke.Win32.Train skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\giramondo.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\Pene.zip/pene.exe Infected: not-virus:BadJoke.Win32.Stupen.a skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\Pene.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\regalino.zip/Regalino.exe Infected: not-virus:BadJoke.Win32.Zappa skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\regalino.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\Solveit.zip/solveit.exe Infected: not-virus:BadJoke.Win16.Aloap skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\Solveit.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\supersex.zip/supersex.exe Infected: not-virus:BadJoke.Win32.Zappa skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\supersex.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_duepassi.zip/due passi.exe Infected: not-virus:BadJoke.Win16.Aloap skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_duepassi.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_IButtonShyMouse.exe/ButtonShyMouse.exe Infected: not-virus:BadJoke.Win32.MouseShy.a skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_IButtonShyMouse.exe/ButtonShyMouse.dll Infected: not-virus:BadJoke.Win32.MouseShy.a skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_IButtonShyMouse.exe ZIP: infected - 2 skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_okbutton.zip/OKBUTTON.EXE Infected: not-virus:BadJoke.Win16.Catchme skipped
C:\Documents and Settings\HP_Administrator\Documenti\Riky\Varie\File ricevuti\s_okbutton.zip ZIP: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Cronologia\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temp\jar_cache17377.tmp Infected: Trojan.Win32.Dialer.aan skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temp\jar_cache17378.tmp Infected: Trojan.Win32.Dialer.aan skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temp\~ROMFN_0000021C Object is locked skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.sz skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_2[2].jpg Infected: Email-Worm.Win32.Bagle.sz skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_1[2].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.sz skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_2[2].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.sz skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Emule new\Avast Antivirus Pro 4.7.1298 working Key.rar/Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped
C:\Emule new\Avast Antivirus Pro 4.7.1298 working Key.rar CAB: infected - 1 skipped
C:\file scaricati (emule)\Pc - Barzellette,Giochi Scherzi E Cazzate Varie.zip/scherzetti/caliente.zip/caliente.exe Infected: not-virus:BadJoke.Win32.Zappa skipped
C:\file scaricati (emule)\Pc - Barzellette,Giochi Scherzi E Cazzate Varie.zip/scherzetti/caliente.zip Infected: not-virus:BadJoke.Win32.Zappa skipped
C:\file scaricati (emule)\Pc - Barzellette,Giochi Scherzi E Cazzate Varie.zip/scherzetti/puliscipc.zip/puliscipc.exe Infected: not-virus:BadJoke.Win32.FakeDel.h skipped
C:\file scaricati (emule)\Pc - Barzellette,Giochi Scherzi E Cazzate Varie.zip/scherzetti/puliscipc.zip Infected: not-virus:BadJoke.Win32.FakeDel.h skipped
C:\file scaricati (emule)\Pc - Barzellette,Giochi Scherzi E Cazzate Varie.zip ZIP: infected - 4 skipped
C:\file scaricati (emule)\Pc - Cdr-Win Dao v3.3D.zip/DAOKGEN.EXE Infected: Trojan-Dropper.Win32.KGen.do skipped
C:\file scaricati (emule)\Pc - Cdr-Win Dao v3.3D.zip ZIP: infected - 1 skipped
C:\Programmi\Alice ti aiuta\log\mpbtn.log Object is locked skipped
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.li skipped
C:\Programmi\HP\Digital Imaging\HPIdeas\common\content.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6DD57989-9820-408D-AD27-473521524ADB}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3453.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wmsetup.log Object is locked skipped
Scan process completed.
Avatar utente
rikybra
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven mar 14, 2008 8:59 pm

Messaggioda ste_95 » sab mar 15, 2008 1:52 pm

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_1[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_2[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_2[2].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_31[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_1[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_1[2].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_31[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_1[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_2[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_2[2].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_1[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_2[1].jpg
C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_31[1].jpg
C:\Emule new\Avast Antivirus Pro 4.7.1298 working Key.rar
C:\file scaricati (emule)\Pc - Cdr-Win Dao v3.3D.zip
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Folders to delete:
C:\WINDOWS\system32\drivers\down

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda rikybra » sab mar 15, 2008 8:22 pm

Questo è il contenuto del blocco note ste...grazie mille...ora quindi scarico di nuovo i file di installlazione e poi provo?



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\srosa.sys" deleted successfully.
File "C:\WINDOWS\system32\wintems.exe" deleted successfully.
File "C:\windows\system32\drivers\hldrrr.exe" deleted successfully.
File "C:\WINDOWS\system32\mdelk.exe" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_1[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_2[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_2[2].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\7S7AM39S\b64_31[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_1[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_1[2].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9HOESP3Z\b64_31[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_1[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_2[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\9YXVNCUE\b64_2[2].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_1[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_2[1].jpg" deleted successfully.
File "C:\Documents and Settings\HP_Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\DUXKZJCF\b64_31[1].jpg" deleted successfully.
File "C:\Emule new\Avast Antivirus Pro 4.7.1298 working Key.rar" deleted successfully.
File "C:\file scaricati (emule)\Pc - Cdr-Win Dao v3.3D.zip" deleted successfully.
File "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" deleted successfully.
Folder "C:\WINDOWS\system32\drivers\down" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Avatar utente
rikybra
Neo Iscritto
Neo Iscritto
 
Messaggi: 4
Iscritto il: ven mar 14, 2008 8:59 pm

Messaggioda ste_95 » dom mar 16, 2008 7:30 am

rikybra ha scritto:ora quindi scarico di nuovo i file di installlazione e poi provo?

Sì! [^]
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising