Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

come creare MegaLabCD?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

come creare MegaLabCD?

Messaggioda fedebertola » lun mar 24, 2008 4:14 pm

Ciao, sono alle prese con un virus bagle, ho letto i topic già postati tuttavia non ho capito come si crea il megalabcd, ho scaricato il megalabcdutility lo ho decompresso e ho eseguito l'eseguibile che mi ha creato una cartella megalabcd nella quale compare quella dei plugin.
A questo punto cosa devo fare per creare il cd?

Dimenticavo, io ho windows vista quindi, se ho capito bene, avenger non funziona e devo per forza creare il cd
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda crazy.cat » lun mar 24, 2008 4:56 pm

Avenger 2 funziona (quasi sempre) con vista
http://www.MegaLab.it/2656/5
quindi procedi con la scansione online e poi facciamo lo script adatto
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda fedebertola » lun mar 24, 2008 5:15 pm

Ok provo, grazie.
Mentre aspetto che finisca kaspersky ti faccio un'altra domada, io sul pc ho anche ubuntu, posso eliminare i file infetti da lì o è troppo semplice [:)] ?
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm


Messaggioda crazy.cat » lun mar 24, 2008 5:20 pm

Se li vedi tutti, perché ci sono delle componenti rootkit, li puoi eliminare anche da linux.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda fedebertola » lun mar 24, 2008 5:22 pm

E per quanto riguarda le chiavi di registro? Le devo eliminare prima di passare a ubuntu?
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda crazy.cat » lun mar 24, 2008 5:28 pm

si può fare tutto con avenger, file e chiavi di registro comprese.
Al limite le togli dopo il riavvio, dopo aver eliminato i file altrimenti il virus te le ricrea.
Proviamo con lo script di avenger prima.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda fedebertola » lun mar 24, 2008 5:38 pm

ok, grazie 1000.
Non appena finisco la scansione ti posto il log.
Spero che vada tutto a buon fine [;)]
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda fedebertola » lun mar 24, 2008 8:16 pm

Ecco finalmente i risulati dello scan con kaspersky.
Infected Object Name Virus Name Last Action
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18 Infected: Trojan-Downloader.Win32.Bagle.ma skipped
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup Infected: Trojan-Downloader.Win32.Bagle.ma skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIUDD43.txt Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.185.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.185.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010029.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy100.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfE87A.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfE87B.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-03-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\SystemRestore\FRStaging\WINDOWS\bthservsdp.dat Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU99DCW\b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU99DCW\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU99DCW\b64_2[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW14H1L3\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW14H1L3\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHC7T0CH\b64_1[1].jpg Infected: Trojan.Win32.Pakes.ciw skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHC7T0CH\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHC7T0CH\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\UsrClass.dat{8edda681-12a3-11dc-8c88-001636e8f88c}.TM.blf Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\UsrClass.dat{8edda681-12a3-11dc-8c88-001636e8f88c}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\proprietario\AppData\Local\Microsoft\Windows\UsrClass.dat{8edda681-12a3-11dc-8c88-001636e8f88c}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\proprietario\AppData\Local\Mozilla\Firefox\Profiles\hhx3ny6f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\proprietario\AppData\Local\Mozilla\Firefox\Profiles\hhx3ny6f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\proprietario\AppData\Local\Mozilla\Firefox\Profiles\hhx3ny6f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\proprietario\AppData\Local\Mozilla\Firefox\Profiles\hhx3ny6f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\proprietario\AppData\Local\Mozilla\Firefox\Profiles\hhx3ny6f.default\XUL.mfl Object is locked skipped
C:\Users\proprietario\AppData\Local\Temp\JET4B80.tmp Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\cert8.db Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\foxmarks.log Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\history.dat Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\key3.db Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\parent.lock Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\search.sqlite Object is locked skipped
C:\Users\proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\hhx3ny6f.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\proprietario\AppData\Roaming\stickies\store.ldb Object is locked skipped
C:\Users\proprietario\AppData\Roaming\stickies\store.mdb Object is locked skipped
C:\Users\proprietario\Desktop\avenger.exe Object is locked skipped
C:\Users\proprietario\Desktop\MegaLabcd\Plugin\Password\Lcp\Files\lcp.zip/Data/pwdump2-orig/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\MegaLabcd\Plugin\Password\Lcp\Files\lcp.zip/Data/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\MegaLabcd\Plugin\Password\Lcp\Files\lcp.zip ZIP: infected - 2 skipped
C:\Users\proprietario\Desktop\utility.exe/MegaLabcd/Plugin/Password/Lcp/Files/lcp.zip/Data/pwdump2-orig/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.exe/MegaLabcd/Plugin/Password/Lcp/Files/lcp.zip/Data/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.exe/MegaLabcd/Plugin/Password/Lcp/Files/lcp.zip Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.exe 7-Zip: infected - 3 skipped
C:\Users\proprietario\Desktop\utility.zip/utility.exe/MegaLabcd/Plugin/Password/Lcp/Files/lcp.zip/Data/pwdump2-orig/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.zip/utility.exe/MegaLabcd/Plugin/Password/Lcp/Files/lcp.zip/Data/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.zip/utility.exe/MegaLabcd/Plugin/Password/Lcp/Files/lcp.zip Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.zip/utility.exe Infected: not-a-virus:PSWTool.Win32.PWDump.k skipped
C:\Users\proprietario\Desktop\utility.zip ZIP: infected - 4 skipped
C:\Users\proprietario\NTUSER.DAT Object is locked skipped
C:\Users\proprietario\ntuser.dat.LOG1 Object is locked skipped
C:\Users\proprietario\ntuser.dat.LOG2 Object is locked skipped
C:\Users\proprietario\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\proprietario\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\proprietario\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\sam.log Object is locked skipped
C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\WINDOWS\System32\config\RegBack\DEFAULT Object is locked skipped
C:\WINDOWS\System32\config\RegBack\SAM Object is locked skipped
C:\WINDOWS\System32\config\RegBack\SECURITY Object is locked skipped
C:\WINDOWS\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\WINDOWS\System32\config\RegBack\SYSTEM Object is locked skipped
C:\WINDOWS\System32\config\SAM Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTumstartup.etl Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\WINDOWS\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\WINDOWS\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\WINDOWS\System32\SMI\Store\Machine\SCHEMA.DAT Object is locked skipped
C:\WINDOWS\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped
C:\WINDOWS\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped
C:\WINDOWS\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\WINDOWS\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\WINDOWS\System32\wfp\wfpdiag.etl Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe Object is locked skipped
D:\System Volume Information\Desktop.ini Object is locked skipped
D:\System Volume Information\Folder.htt Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\Protect.ed Object is locked skipped
G:\usr\src\linux-headers-2.6.22-14-generic\include\config\w1\con.h Object is locked skipped
Scan process completed.


Ho scaricato avenger 2.0 ma quando lo lancio ho l'errore: non è un'applicazione win32 valida
Cosa è meglio fare?
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda ste_95 » mar mar 25, 2008 7:26 am

Prova a lasciare Avenger nell'archivio e a lanciarlo direttamente da lì, altrimenti usa la vecchia versione modificata come descritto qui.

Questo è il tuo script:

Disabilita il ripristino configurazione di sistema.

Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nella box bianca che si è aperta:

Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU99DCW\b64_1[1].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU99DCW\b64_2[1].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU99DCW\b64_2[2].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW14H1L3\b64_1[1].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW14H1L3\b64_31[1].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHC7T0CH\b64_1[1].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHC7T0CH\b64_31[1].jpg
C:\Users\proprietario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHC7T0CH\b64_31[2].jpg

Folders to delete:
C:\WINDOWS\system32\drivers\down
C:\Muestras

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Riscarica gli installer dei programmi di sicurezza e prova a reinstallare un antivirus.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fedebertola » mar mar 25, 2008 9:50 am

Purtroppo nulla di fatto con entrambe le versioni di avenger, così li ho eliminati uno ad uno dalla partizione ubuntu.
Ma ora ho il seguente problema: all'avvio non riesce a caricare il mio profilo e ne lancia uno provvisorio sul quale non mantiene eventuali modifiche.
Cosa posso fare?
Grazie ancora del supporto
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda ste_95 » mar mar 25, 2008 10:01 am

Non capisco perché, prova dal profilo provvisorio a eliminare le chiavi di registro:

HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fedebertola » mar mar 25, 2008 10:03 am

Ho provato con windows in uso ma non me le fa eliminare ...cosa mi suggerite?
Tra l'altro nella confezione del pc, quando l'ho acquistato, non c'era il cd di installazione e così ho solo i dischi di ripristino che mi ero creata allora; quindi se formatto o ci installo qualcos'altro oppure mi annienta anche la partizione ubuntu e mi riporta il pc in condizioni di fabbrica.
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda ste_95 » mar mar 25, 2008 10:10 am

Con avenger, esegui questo script:

Codice: Seleziona tutto
Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fedebertola » mar mar 25, 2008 10:26 am

avenger non mi parte
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda ste_95 » mar mar 25, 2008 10:36 am

Scarica GMER, poi segui i seguenti passaggi:

--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.

--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fedebertola » mar mar 25, 2008 10:39 am

Mi è capitato un imprevisto, provando ad installare avg il sistema è andato in crash e ora non mi permette più di avviare windows [V] .
Mi porta cioè alla schermata di log on ma poi quando mi logo mi disconnette!!!
Sigh[cry+] !!!
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm

Messaggioda ste_95 » mar mar 25, 2008 10:47 am

Se non hai necessità di salvare la tua configurazione attuale, ti consiglierei una formattazione.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
Avatar utente
ste_95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 17271
Iscritto il: lun ago 06, 2007 11:19 am

Messaggioda fedebertola » mar mar 25, 2008 10:49 am

Il fatto è che, oltre a voler conservare i dati, non ho il cd/dvd di installazione di vista, ho solo i dischi di ripristino e questi mi eliminerebbero anche la partizione ubuntu...uffi, se è l'unica alternativa però non ho molta scelta [V]
Grazie ancora per il prezioso aiuto
Avatar utente
fedebertola
Aficionado
Aficionado
 
Messaggi: 30
Iscritto il: dom mar 23, 2008 2:48 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising