Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

schermata blu, virus e modem!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

schermata blu, virus e modem!

Postdi klama » 07/01/07 19:31

Salve a tutti,
da un paio di giorni mi compare l'antipaticissima schermata blu ed oggi quasi ogni cinque minuti. Ieri ho notato che mi succede quasi esclusivamente quando sono su internet.
Ho anche notato (da qualche settimana) che ogni tanto la connessione ad internet cade (ho l'adsl) e le freccette dello stato dell'adsl diventano rosse, quindi come se non fosse collegato alla porta(ovviamente lo è). Inoltre mi è successo ogni tanto che accendendo la stampante mentre stavo navigando la connessione cadesse.
Ho letto diversi topic e non riesco a trovare una soluzione, poichè combatto da un paio di mesi con vari virus (quasi tutti eliminati grazie al vostro aiuto) ho pensato che magari potrebbero averci messo lo zampino.

Questo è quello che ho fatto:
- aggiornato i drivers della stampante
- disinstallato ed installato il modem
- scansione con antivirus
- scansione con registry mechanic

Il messaggio della schermata blu è più o meno:

Si è verificato un problema e Windows è stato arrestato per impedire danni al computer, ecc....
....................
Informazioni tecniche:
***STOP: 0X0000007F (0X00000008, 0X80042000, 0X00000000, 0X00000000)

Invece il log di Hijackthis è:

Logfile of HijackThis v1.99.1
Scan saved at 19.26.59, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Programmi\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1785761128
O17 - HKLM\System\CCS\Services\Tcpip\..\{552E88AC-9CA6-40E1-A2FF-E86A3755FD7D}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{552E88AC-9CA6-40E1-A2FF-E86A3755FD7D}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Avete opinioni?
grazie
klama
Utente Junior
 
Post: 42
Iscritto il: 27/09/06 08:34
Località: Messina

Sponsor
 

Postdi klama » 07/01/07 22:11

Ho tentato di fare una scansione completa con gmer ma non ho fatto in tempo perchè è comparsa la schermata. Mi diceva però, dopo averlo lanciato, di fare attenzione perchè c'era una modifica di sistema e suppongo si riferisse a questo (era scritto in rosso):
Service C:\WINDOWS\system32:lzx32.sys (***hidden***) [SYSTEM] pe386


il log è:


GMER 1.0.11.11384 - http://www.gmer.net
Autostart 2007-01-07 22:11:04
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DLLName = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.EXE
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
@UpdRegC:\WINDOWS\Updreg.exe = C:\WINDOWS\Updreg.exe
@Register MediaRing TalkC:\Programmi\MediaRing Talk\register.exe = C:\Programmi\MediaRing Talk\register.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@CrazyTalk Serverundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile 1 ??? ??????| ? ???x ?D?|p??|???|?D?|?5?|?C?| ? ?@? ????b?? 0???' ??? ???|b?? *? ? ??????? ? `?? ? ?0? ???? ? ?? ???| ? ??? ??’| = rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile 1 ??? ??????| ? ???x ?D?|p??|???|?D?|?5?|?C?| ? ?@? ????b?? 0???' ??? ???|b?? *? ? ??????? ? `?? ? ?0? ???? ? ?? ???| ? ??? ??’|
@SunJavaUpdateSched"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@JeticoPFStartup"C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe" = "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
@DSLSTATEXEC:\Program Files\Libero\Adsl\dslstat.exe icon /*file not found*/ = C:\Program Files\Libero\Adsl\dslstat.exe icon /*file not found*/
@DSLAGENTEXEC:\Program Files\Libero\Adsl\dslagent.exe = C:\Program Files\Libero\Adsl\dslagent.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Programmi\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BF05BB6E-442C-428B-8025-82280B7BC26C} /*Zen Micro Media Explorer*/C:\Programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll = C:\Programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0812.00.dll
@{2E9FFF5C-4375-494d-951F-098BAA42239E} /*Spy Emergency Extension*/(null) =
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
SpyEmergency@{2E9FFF5C-4375-494d-951F-098BAA42239E} =
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
SpyEmergency@{2E9FFF5C-4375-494d-951F-098BAA42239E} =
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
SpyEmergency@{2E9FFF5C-4375-494d-951F-098BAA42239E} =
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP1\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll = C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar1.dll = c:\programmi\google\googletoolbar1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssflwbox.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.libero.it/ = http://www.libero.it/
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.11 ----
klama
Utente Junior
 
Post: 42
Iscritto il: 27/09/06 08:34
Località: Messina

Postdi dany » 08/01/07 00:03

infotecnonews
by by dany(Daniela)
Avatar utente
dany
Reporter
 
Post: 2239
Iscritto il: 17/07/04 14:19
Località: San Francesco al Campo

Postdi Luke57 » 08/01/07 08:28

Ciao, scarica questo tool da qui:
http://www.suspectfile.com/upload/files ... stbfix.exe
avvialo e segui le istruzioni.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi klama » 08/01/07 11:54

Ciao dany, ciao luke..

dany: ho visto qualcosa, ho anche cercato il codice dell'errore su internet (quando riesco a collegarmi) ed ho trovato possibili cause del kernel, insomma non ci ho capito molto! Quello che forse bisognerebbe fare è fare una scansione della ram ma prima volevo seguire il sospetto di gmer.

luke: ho seguito le istruzioni ecco i log (dopo il riavvio mi si segnalava riavvio in seguito ad errore grave)

************************* Rustock.b-fix -- By ejvindh *************************
08/01/2007 11.40.53,82


******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....
Examine the Avenger-logfile in order to assess the success of the unload-procedure

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 68944
Total size: 68944 bytes.
Attempting to remove ADS...
system32: deleted 68944 bytes in 1 streams.


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************************* End of Logfile ********************************


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qudadnel

*******************

Script file located at: \??\C:\WINDOWS\huqkccmi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.
klama
Utente Junior
 
Post: 42
Iscritto il: 27/09/06 08:34
Località: Messina

Postdi dany » 08/01/07 12:10

Hai un rootkit, ti lascio in mano di Luke57, visto che non conosco il funzionamneto del tool che ti ha suggerito. ;)
infotecnonews
by by dany(Daniela)
Avatar utente
dany
Reporter
 
Post: 2239
Iscritto il: 17/07/04 14:19
Località: San Francesco al Campo

Postdi Luke57 » 08/01/07 12:10

Ciao, rifai la scansione con Gmer per verificare se il file lo trova sempre, abilitando la dunzione ADS. Una volta individuato clicchi con il tasto dx e scegli "delete".
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi klama » 08/01/07 12:37

Grazie lo stesso dany... ;)

Ho lanciato gmer ed in effetti non mi dà più l'avviso (warning...) di ieri e non c'è più la riga scritta in rosso.
Non so se ho sbagliato ma la scansione l'ho fatta dalla prima schermata, sotto rootkit...
Ecco quello che appare:

GMER 1.0.11.11384 - http://www.gmer.net
Rootkit 2007-01-08 12:37:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwConnectPort
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreatePort
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreateThread
SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwWriteVirtualMemory

---- Files - GMER 1.0.11 ----

ADS C:\Documents and Settings\All Users\Dati applicazioni\TEMP:2A81F9CE
ADS ...

---- EOF - GMER 1.0.11 ----
klama
Utente Junior
 
Post: 42
Iscritto il: 27/09/06 08:34
Località: Messina

Postdi klama » 08/01/07 12:42

ah, non ho cancellato nulla perchè quello in rosso di ieri non c'è più ed il resto non so...
klama
Utente Junior
 
Post: 42
Iscritto il: 27/09/06 08:34
Località: Messina

Postdi Luke57 » 08/01/07 13:23

Ciao, è stato eliminato dal tool.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi klama » 08/01/07 13:30

Perfetto!!
Infatti non ho più schermate blu, ieri erano ogni dieci minuti. Era un po' invasivo questo rootkit...
Fantastico, come sempre.

Grazie. molte.
klama
Utente Junior
 
Post: 42
Iscritto il: 27/09/06 08:34
Località: Messina


Torna a Sicurezza e Privacy


Topic correlati a "schermata blu, virus e modem!":

Schermata iniziale
Autore: Peterox
Forum: Software Windows
Risposte: 31

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti