Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Non valido per Win32

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Re: Non valido per Win32

Postdi rackbelt » 31/05/08 11:06

Ekko L'info Sat

Sat May 31 12:01:15 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat May 31 12:01:28 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4093
Nº Total de Ficheros: 30201
Nº de Ficheros Analizados: 8976
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Sponsor
 

Re: Non valido per Win32

Postdi Luke57 » 31/05/08 11:23

Ciao , ok, prova adesso a reistallare i programmi per la sicurezza (generalmente il bagle corrompe gli eseguibili)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi rackbelt » 31/05/08 16:47

tt ok...grz 3000 :P
rackbelt
Newbie
 
Post: 7
Iscritto il: 30/05/08 16:44

Re: Non valido per Win32

Postdi hunter 77 » 04/06/08 09:31

Scusate, ma io ho avuto gli stessi problemi con il virus bagle, potreste aiutarmi? Ho fatto la scansione del virus con Kaspersky on-line ed effettivamente ho virus nel computer. Fra poco vi invierò il rapporto di kaspersky :!:
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi hunter 77 » 04/06/08 09:34

X favore aiutatemi :!: Ditemi cosa fare


Tuesday, June 03, 2008 11:52:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 825827


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 50439
Number of viruses found 9
Number of infected objects 83
Number of suspicious objects 0
Duration of the scan process 05:42:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.rc skipped

C:\Documents and Settings\User\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\ApplicationHistory\ePower_DMC .exe.d93c5e0a.ini.inuse Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Perflib_Perfdata_768.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\Perflib_Perfdata_eb0.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1208140452.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1298436054.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1640165678.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1782902912.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1841764407.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1921679748.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1948186329.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r1995524687.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r2331116693.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r2520898860.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r2700814990.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r2702348129.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r288723029.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r3319871482.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r4071893055.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\r795963693.exe Infected: Trojan.Win32.Dialer.bgu skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF56EC.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF6301.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF6C69.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZEUYGX0\b64_1[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZEUYGX0\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.vr skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\4ZEUYGX0\b64_2[2].jpg Infected: Email-Worm.Win32.Bagle.vr skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\E2I4SVEI\b64_1[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\E2I4SVEI\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.vr skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\E2I4SVEI\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64_1[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.vr skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64_2[2].jpg Infected: Email-Worm.Win32.Bagle.vr skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\SQ3AARSR\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\Z67L07UB\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\Z67L07UB\b64[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\Z67L07UB\b64_1[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped

C:\Programmi\eMule\Temp\001.part Object is locked skipped

C:\Programmi\eMule\Temp\002.part Object is locked skipped

C:\Programmi\eMule\Temp\003.part Object is locked skipped

C:\Programmi\eMule\Temp\004.part Object is locked skipped

C:\Programmi\eMule\Temp\005.part Object is locked skipped

C:\Programmi\eMule\Temp\006.part Object is locked skipped

C:\Programmi\eMule\Temp\008.part Object is locked skipped

C:\Programmi\eMule\Temp\009.part Object is locked skipped

C:\Programmi\eMule\Temp\012.part Object is locked skipped

C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.dt skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021167.exe Infected: Trojan-Downloader.Win32.Bagle.qv skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021217.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021250.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021256.exe Infected: Trojan-Downloader.Win32.Bagle.qv skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021388.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021422.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021466.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021724.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021757.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021794.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021840.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021925.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021958.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP137\A0021970.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP138\A0022321.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022345.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022393.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022394.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022456.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022464.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022495.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP139\A0022547.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0022665.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0022689.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023690.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023692.exe Infected: Trojan-Downloader.Win32.Bagle.qv skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023693.exe Infected: Trojan-Downloader.Win32.Bagle.qv skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023755.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023855.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023874.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0023947.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0024043.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0024063.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025095.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025114.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025126.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025127.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025128.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025237.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025254.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025279.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025286.bat Object is locked skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP141\A0025287.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025445.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025448.bat Object is locked skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025449.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025508.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025516.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025517.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025518.bat Object is locked skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025519.exe Infected: Email-Worm.Win32.Bagle.of skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025563.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\A0025565.bat Object is locked skipped

C:\System Volume Information\_restore{3B42C326-2B5B-4E5C-81E1-64007B75999D}\RP142\change.log Object is locked skipped

C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped

Scan was interrupted by user!
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi Luke57 » 04/06/08 11:06

Ciao, per prima cosa disattiva il ripristino configurazione di sistema (nel forum troverai come fare), poi vai qui:
http://www.mediafire.com/?3c93tgzyvcm
scarica il file.zip, scompattalo nel desktop, avvia il file avenger.exe
premi il tasto Input script manually, poi sull'icona della lente d'ingrandimento, nel box bianco copia e incolla lo script seguente:

Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\mdelk.exe

Folders to delete:
C:\WINDOWS\system32\drivers\downld
C:\Documents and Settings\User\Dati applicazioni\m
C:\WINDOWS\system32\drivers\down
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5
C:\Documents and Settings\User\Impostazioni locali\Temp
C:\windows\temp

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA


fatto questo premiamo sul tasto “Done” e poi sull’icona del semaforo e ai due avvisi che compaiono in seguito dai il consenso all’esecuzione(Ok o Invio)

A questo punto Avenger riavvierà il sistema (se non lo facesse, fallo tu), posta il report rialsciato in C:\avenger.txt.

Poi scarica elibagla da qui:
http://www.zonavirus.com/datos/descarga ... ibagla.asp
è in fondo alla pagina.
avvia EliBaglA, spunta la casella "eliminar ficheros automaticamente", e fai la scansione.
Posta anche il report di elibagla che trovi in C:/InfoSat.txt .

Poi scarica questo antivirus:
http://us1.filseclab-res.com/down/twister_en.zip
Estrai Twister zip Antivirus (è immune da beagle) installalo aggiornalo (IMPORTANTE) scansioni tutto il disco e elimini quello che trova.

Ora disinstalla Twister e prova a reinstallare il tuo antivirus
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi hunter 77 » 04/06/08 11:45

Grazie mille, inanzitutto. Scusa ma nn riesco a scaricare i primi due file che mi hai detto. Per ora ho scaricato solo il twister. Potresti aiutarmi, sai nn sono molto esperto
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi hunter 77 » 04/06/08 12:16

Ciao, scusami ma come si fa a disattivare il ripristino di sistema? A e poi sto scaricando avenger da qui wikifotio, il sito che hai citato nelle risposte precedenti, fa lo stesso?
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi Luke57 » 04/06/08 12:33

Ciao, ti allego avenger.exe rinominato con il tuo nome.
Segui in ordine le cose che ti ho suggerito, magari stampa la pagina, il bagle è un'infezione complessa
1) disattiva il ripristino (click tasto dx su risorse del computer>proprietà>ripristino configurazione di sistema>metti la spunta a "disattiva.......">OK

2) utilizza avenger.exe come ti ho suggerito

3) solo al riavvio di windows, causato da avenger, scarica elibagla nel link che ti ho dato.

4) Utilizza elibagla

5) Posta i report di avenger e di elibagla già indicati nel mio post precedente

5) fai la scansione con twister
Allegati

[L’estensione zip è stata disattivata e non puó essere visualizzata.]

Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi hunter 77 » 04/06/08 13:03

grazie mille. nn so cm ringraziarti. ti farò sapere fra qualche giorno.
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi hunter 77 » 07/06/08 14:26

è normale che mi escono un sacco di scritte che scorrono un sacco di scritte quando riavvio windows con avenger?
:roll:
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi hunter 77 » 07/06/08 14:29

quello di avenger dovrebbe essere questo.
ogfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pwavauvx

*******************

Script file located at: \??\C:\WINDOWS\system32\apiokimv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\WINDOWS\system32\drivers\mdelk.exe deleted successfully.
Folder C:\WINDOWS\system32\drivers\downld deleted successfully.
Folder C:\Documents and Settings\User\Dati applicazioni\m deleted successfully.


Folder C:\WINDOWS\system32\drivers\down not found!
Deletion of folder C:\WINDOWS\system32\drivers\down failed!

Could not process line:
C:\WINDOWS\system32\drivers\down
Status: 0xc0000034

Folder C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Folder C:\Documents and Settings\User\Impostazioni locali\Temp deleted successfully.
Folder C:\windows\temp deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi hunter 77 » 07/06/08 14:42

Questo è il report di Elibagla. è tutto OK :?:
Sat Jun 07 15:30:29 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat Jun 07 15:30:58 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4298
Nº Total de Ficheros: 50284
Nº de Ficheros Analizados: 9251
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Jun 07 15:35:52 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4298
Nº Total de Ficheros: 50286
Nº de Ficheros Analizados: 9251
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Jun 07 15:39:28 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Jun 07 15:39:35 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4298
Nº Total de Ficheros: 50286
Nº de Ficheros Analizados: 9251
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi hunter 77 » 07/06/08 18:23

Scusa ora l' antivirus mi parte. Ho messo avast! ma mi dice dice che trova un malware: C:\DOCUME~1\User\IMPOST~1\Temp\TWIEX2A2\avenger\Content.IE5\IW54Q2R2\b64_3[1].jpg
e nn me lo cancella. che faccio :?: E posso cancellare la cartella backup di avenger :?:
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi Luke57 » 07/06/08 19:11

Ciao, ma hai eseguito avenger come file temporaneo, senza scaricarlo?
Elimina il file e la cartella di backup.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi hunter 77 » 09/06/08 10:29

Iol'ho scaricato sul mio computer. Ho fatto qualcosa di grave o irreparabile? Posso risolvere il problema? Se, sì potresti dirmi cosa fare, per favore.
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi Luke57 » 09/06/08 11:31

Ciao, no no, scarica ATF cleaner o ccleaner per eliminare i file temp. Con la funzione cerca, individuali nel forum.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi hunter 77 » 09/06/08 12:36

Grazie mille, nn so come ringraziarti. Credo di aver finalmente risolto il problema, solo se me lo potessi confermare anche tu.
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

Re: Non valido per Win32

Postdi Luke57 » 09/06/08 15:31

Ciao, nell'infezione da bagle la prova del nove è la possibilità di reinstallare l'antivirus. A te, questa operazione è riuscita, quindi.... ;)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Non valido per Win32

Postdi hunter 77 » 11/06/08 14:49

Grazie 300 mila volte :!: :D
hunter 77
Utente Junior
 
Post: 12
Iscritto il: 04/06/08 09:19

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Non valido per Win32":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti