Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Win32:rootkit-gen. Cosa fare?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 12/06/08 22:34

Salve a tutti! Oggi l'Avast mi ha segnalato la presenza di win32:rootkit-gen. Ho fatto un pò di pulizie generali, ho fatto la scansione con l'antivirus e ho spostato la "porcheria" nel cestino. Ho fatto un pò di ricerche sul web per capire cosa fosse e... ho iniziato a preoccuparmi seriamente. Ho fatto la scansione con Hijackthis, ho fatto il controllo on line, eliminato due voci che mi sembravano sospette (speriamo di non aver fatto pasticci!), ho rifatto la scansione e vi posto il log, chiedendovi di darci una controllata e di dirmi se devo fare altro, perchè temo che la "porcheria" sia una cosa seria. Grazie mille!!!

Logfile of HijackThis v1.99.1
Scan saved at 23.08.13, on 12/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\NVATray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Cicciog\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\ljJDSkKB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Programmi\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDAE2679-C1B3-4972-9F4B-7E960F479922}: NameServer = 212.216.172.62,195.31.190.31
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6261\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljJDSkKB - C:\WINDOWS\SYSTEM32\ljJDSkKB.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - D:\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6261\SAService.exe
Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Sponsor
 

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 13/06/08 07:41

Ciao, il malware è sempre presente, scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se le icone del desktop spariscono è normale)
Segui le istruzioni e alla fine verrà generato un log.
collegati e posta il report (C:\combofix.txt)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 13/06/08 10:48

Ciao luke! Ho fatto come mi hai detto, digito 1 ma non succede nulla, è lì fermo con la sua schermata blu da parecchi minuti (naturalmente sto scrivendo da un altro computer). E' normale? Cosa faccio?
Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 13/06/08 11:14

Ciao, devi attendere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 13/06/08 23:09

Ciao luke. Scrivo inseguita dai pop up di un certo winpcalmeglio.com che chissà cosa vuole farmi installare. Ho aspettato 2 ore e 10 ma non è successo nulla. Inoltre da Start sono spariti tutti i programmi. Cosa devo fare? Chiudo perchè queste finestrelle non mi fanno scrivere.
Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 14/06/08 09:48

Ciao, segui questa procedura:

1)scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe , lascia selezionata solo la voce "scan for rookits", nello spazio bianco incolli le scritte seguenti:

Files to delete:
C:\WINDOWS\System32\ljJDSkKB.dll

Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\13F20E4F-F379-41EA-8F80-CCAAE787362A}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJDSkKB


Premi il tasto Execute.
Il computer si riavvierà, se non lo facesse riavvialo tu manualmente.
Allega il report C:\avenger.txt.

2)scarica system scan.
http://www.suspectfile.com/systemscan
salvalo sul desktop.
Disconnettiti da internet e disattiva tutti i programmi in background(antivirus compreso).
avvialo, spunta la casellina, premi su proceed.
Spunta tutte le caselline metti su 60 gg Recent files days old(dipende da quanto hai il malware) e premi scan now.
poi allega il file zip presente nella cartella suspectfile nel desktop, Il file zip ha ora e giorno della scansione, se tale file fosse troppo grande per essere ammesso come allegato, vai in un sito di hosting (wikifortio, easyshare, ecc), fai l'upload del file .zip e indichi, in un prossimo post, il link per poterlo vedere (generalmente il primo che ti sarà fornito dopo il download).
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 14/06/08 11:36

Prima di tutto grazie 1000!
Allora, tra un pop up e l'altro, ti posto il report di Avenger e in allegato il file zippato di SuspectFile:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ysaovmhh

*******************

Script file located at: \??\C:\Program Files\akhoxlle.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\SrvRjh deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9713AED6-5B85-BC22-461F-F171773A079D} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|qbay1.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\ljJDSkKB.dll" deleted successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\13F20E4F-F379-41EA-8F80-CCAAE787362A}" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\13F20E4F-F379-41EA-8F80-CCAAE787362A}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJDSkKB" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Allegati

[L’estensione zip è stata disattivata e non puó essere visualizzata.]

Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 14/06/08 12:01

Ciao, riavvia avenger.exe e inserisci nello spazio questo script:

Files to delete:
C:\WINDOWS\system32\nykxfifc.dll
C:\WINDOWS\system32\lrcfvoue.ini
C:\WINDOWS\system32\gfbktajg.dll
C:\WINDOWS\system32\lklgullp.dll
C:\WINDOWS\system32\ giknqtwa.ini2
C:\WINDOWS\system32\ giknqtwa.ini
C:\WINDOWS\system32\ gjatkbfg.ini
C:\WINDOWS\system32\ byXRkHWp.dll
C:\WINDOWS\system32\awtqnkig.dll

Folders to delete:
C:\DOCUME~1\Cicciog\IMPOST~1\Temp
C:\WINDOWS\tasks

Files to move:
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe | C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | BMe3578395
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | e064b009

Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{13F20E4F-F379-41EA-8F80-CCAAE787362A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{EE43D0C2-A6E1-44EA-BA88-583057BC62D3}


Premi Execute
Posta il solito report.
Un consiglio, aggiorna a sp2 almeno e naviga con firefox, almeno un malware non lo beccavi.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 14/06/08 13:13

Ok, fatto. Ecco il report:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\nykxfifc.dll" deleted successfully.
File "C:\WINDOWS\system32\lrcfvoue.ini" deleted successfully.
File "C:\WINDOWS\system32\gfbktajg.dll" deleted successfully.
File "C:\WINDOWS\system32\lklgullp.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\ giknqtwa.ini2" not found!
Deletion of file "C:\WINDOWS\system32\ giknqtwa.ini2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\ giknqtwa.ini" not found!
Deletion of file "C:\WINDOWS\system32\ giknqtwa.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\ gjatkbfg.ini" not found!
Deletion of file "C:\WINDOWS\system32\ gjatkbfg.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\ byXRkHWp.dll" not found!
Deletion of file "C:\WINDOWS\system32\ byXRkHWp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\awtqnkig.dll" deleted successfully.
Folder "C:\DOCUME~1\Cicciog\IMPOST~1\Temp" deleted successfully.
Folder "C:\WINDOWS\tasks" deleted successfully.
File move operation "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe" completed successfully.
File move operation "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe" completed successfully.
File move operation "C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe" completed successfully.
File move operation "C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe|C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe" completed successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BMe3578395" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|e064b009" deleted successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{13F20E4F-F379-41EA-8F80-CCAAE787362A}" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{13F20E4F-F379-41EA-8F80-CCAAE787362A}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{EE43D0C2-A6E1-44EA-BA88-583057BC62D3}" not found!
Deletion of registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object\{EE43D0C2-A6E1-44EA-BA88-583057BC62D3}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 17/06/08 07:50

Ciao, scusa il ritardo, fai una nuova scansione con systemscan e allega il nuovo report (come hai fatto in precedenza)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 17/06/08 11:00

Ciao luke! Ti posto in allegato il nuovo report. Incrocio le dita!
Allegati

[L’estensione zip è stata disattivata e non puó essere visualizzata.]

Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 17/06/08 12:07

Ciao, ccleaner poui utilizzarlo tranquillamente.
Riutilizza avenger con questo script:

files to delete:
C:\WINDOWS\system32\gjatkbfg.ini
C:\WINDOWS\system32\giknqtwa.ini2
C:\WINDOWS\system32\giknqtwa.ini
C:\WINDOWS\system32\byXRkHWp.dll

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CC0D417-D4FA-4C42-AE27-F4C149ADCA9D


Posta il solito report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 17/06/08 14:59

Ciao! Ora provo a vedere come funziona il ccleaner nella speranza di non buttare via cose che non devo. :oops:
Ecco il report che mi hai chiesto, come ti sembra ora????

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\gjatkbfg.ini" deleted successfully.
File "C:\WINDOWS\system32\giknqtwa.ini2" deleted successfully.
File "C:\WINDOWS\system32\giknqtwa.ini" deleted successfully.
File "C:\WINDOWS\system32\byXRkHWp.dll" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}" deleted successfully.

Error: registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{8CC0D417-D4FA-4C42-AE27-F4C149ADCA9D" not found!
Deletion of registry key

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{8CC0D417-D4FA-4C42-AE27-F4C149ADCA9D" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished!
Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 17/06/08 15:04

Ciao, adesso ha eliminato le voci dello script, tranne questa per un mio errore di scrittura (una parentesi graffa in meno)

Riavvia avenger con questo script:

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CC0D417-D4FA-4C42-AE27-F4C149ADCA9D}


Poi non avevo visto altgro.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Win32:rootkit-gen. Cosa fare?

Postdi Angie6 » 17/06/08 16:38

Ti posto quest'ultimo report, che sembra proprio pulito. Ho usato anche il CCleaner, lasciando tutte le impostazioni di default. Dici che ora posso rimettere in rete il computer??? O devo fare ancora qualche altra operazione???
Ancora mille+mille grazie per la tua disponibilità e il tuo prezioso aiuto!!!!!

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{8CC0D417-D4FA-4C42-AE27-F4C149ADCA9D}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Angie6
Utente Junior
 
Post: 37
Iscritto il: 26/10/06 23:47

Re: Win32:rootkit-gen. Cosa fare?

Postdi Luke57 » 18/06/08 15:03

Ciao, adesso sì.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Win32:rootkit-gen. Cosa fare?":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti