Problemi con VBstat-c

[frasamper]

Ciao, ho da un po di tempo dei problemi con questo trojan VBstat-c che ogni volta che avvio il pc si ripropone. Avast lo elimina puntualmente ma nn cambia assolutamente nulla. Inoltre ogni qual volta che aprsofto un Browser si aprono pubblicità di software antivirus.
Leggendo una discussione ho visto che il moderatore Luke57 ha già affrontato il problema. Ho scaricato SystemScan... e ho trovato il file report.txt compressato in formato zip. L'ho inserito in easy-share e l'URL è:

http://w13.easy-share.com/1232691.html

da questo punto in poi nn ho capito più nulla riguardo le procedure da eseguire per cercare di epurare il mio pc da questi maledetti trojan!
Aiutatemi, vi prego!!

Grazie

[Luke57]

Ciao, oggi purtroppo non ho molto tempo,
Scarica VundoFix
http://www.atribune.org/ccount/click.php?id=4
Avvia il file Vundofix.exe
Clicca su "Scan for Vundo"
Attendi la fine della scansione, nel caso venga rilevato qualcosa clicca su "Remove vundo"
Clicca su Yes, alla domanda se vuoi eliminare i files
Durante la rimozione il desktop scompare (è normale)
Finita la rimozione ti chiederà se vuoi riavviare, clicca su Yes

Al riavvio posta il contenuto del file:
C:\Vundofix.txt

Poi fai un'altra scansione con systemscan, postando il log nel solito sito di hosting.

[frasamper]

devo dire che fino ad ora nn ho avuto segnali di Virus; posto qui il contenuto del file VundoFix.txt:



VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 0.44.23 22/06/2007

Listing files found while scanning....

C:\windows\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.tmp
C:\windows\system32\addpxhgp.exe
C:\windows\system32\bjtjlmfu.exe
C:\windows\system32\blpwomfe.ini
C:\WINDOWS\system32\brcnevey.dll
C:\windows\system32\cqxfnhdp.dll
C:\WINDOWS\system32\ddaba.dll
C:\windows\system32\efmowplb.dll
C:\windows\system32\exnkuhrn.ini
C:\windows\system32\hcklshln.dll
C:\windows\system32\hggfcdd.dll
C:\WINDOWS\system32\ixnnqqic.dll
C:\WINDOWS\system32\iyqaqwhp.dll
C:\windows\system32\kpkadubj.dll
C:\windows\system32\nkumlkho.dll
C:\windows\system32\nnnooll.dll
C:\windows\system32\nrhuknxe.dll
C:\windows\system32\ohklmukn.ini
C:\windows\system32\ohklmukn.tmp
C:\windows\system32\oqstv.ini
C:\windows\system32\pyuxyxrh.dll
C:\WINDOWS\system32\rqrrsst.dll
C:\windows\system32\saivfkyx.ini
C:\windows\system32\sgjkregu.dll
C:\windows\system32\spaieigw.dll
C:\windows\system32\tbvxuoxu.dll
C:\windows\system32\uxouxvbt.ini
C:\windows\system32\vtsqo.dll
C:\windows\system32\wuepfeac.dll
C:\WINDOWS\system32\xykfvias.dll
C:\WINDOWS\system32\yaestdfi.dll

Beginning removal...

Attempting to delete C:\windows\system32\abadd.bak1
C:\windows\system32\abadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\abadd.tmp
C:\WINDOWS\system32\abadd.tmp Has been deleted!

Attempting to delete C:\windows\system32\addpxhgp.exe
C:\windows\system32\addpxhgp.exe Has been deleted!

Attempting to delete C:\windows\system32\bjtjlmfu.exe
C:\windows\system32\bjtjlmfu.exe Has been deleted!

Attempting to delete C:\windows\system32\blpwomfe.ini
C:\windows\system32\blpwomfe.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\brcnevey.dll
C:\WINDOWS\system32\brcnevey.dll Has been deleted!

Attempting to delete C:\windows\system32\cqxfnhdp.dll
C:\windows\system32\cqxfnhdp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddaba.dll Has been deleted!

Attempting to delete C:\windows\system32\efmowplb.dll
C:\windows\system32\efmowplb.dll Has been deleted!

Attempting to delete C:\windows\system32\exnkuhrn.ini
C:\windows\system32\exnkuhrn.ini Has been deleted!

Attempting to delete C:\windows\system32\hcklshln.dll
C:\windows\system32\hcklshln.dll Has been deleted!

Attempting to delete C:\windows\system32\hggfcdd.dll
C:\windows\system32\hggfcdd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixnnqqic.dll
C:\WINDOWS\system32\ixnnqqic.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iyqaqwhp.dll
C:\WINDOWS\system32\iyqaqwhp.dll Has been deleted!

Attempting to delete C:\windows\system32\kpkadubj.dll
C:\windows\system32\kpkadubj.dll Has been deleted!

Attempting to delete C:\windows\system32\nkumlkho.dll
C:\windows\system32\nkumlkho.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnooll.dll
C:\windows\system32\nnnooll.dll Has been deleted!

Attempting to delete C:\windows\system32\nrhuknxe.dll
C:\windows\system32\nrhuknxe.dll Has been deleted!

Attempting to delete C:\windows\system32\ohklmukn.ini
C:\windows\system32\ohklmukn.ini Has been deleted!

Attempting to delete C:\windows\system32\ohklmukn.tmp
C:\windows\system32\ohklmukn.tmp Has been deleted!

Attempting to delete C:\windows\system32\oqstv.ini
C:\windows\system32\oqstv.ini Has been deleted!

Attempting to delete C:\windows\system32\pyuxyxrh.dll
C:\windows\system32\pyuxyxrh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrrsst.dll
C:\WINDOWS\system32\rqrrsst.dll Could not be deleted.

Attempting to delete C:\windows\system32\saivfkyx.ini
C:\windows\system32\saivfkyx.ini Has been deleted!

Attempting to delete C:\windows\system32\sgjkregu.dll
C:\windows\system32\sgjkregu.dll Has been deleted!

Attempting to delete C:\windows\system32\spaieigw.dll
C:\windows\system32\spaieigw.dll Has been deleted!

Attempting to delete C:\windows\system32\tbvxuoxu.dll
C:\windows\system32\tbvxuoxu.dll Has been deleted!

Attempting to delete C:\windows\system32\uxouxvbt.ini
C:\windows\system32\uxouxvbt.ini Has been deleted!

Attempting to delete C:\windows\system32\vtsqo.dll
C:\windows\system32\vtsqo.dll Has been deleted!

Attempting to delete C:\windows\system32\wuepfeac.dll
C:\windows\system32\wuepfeac.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xykfvias.dll
C:\WINDOWS\system32\xykfvias.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rqrrsst.dll
C:\WINDOWS\system32\rqrrsst.dll Has been deleted!

Performing Repairs to the registry.
Done!

[frasamper]

ecco il link per verificare il file del report di systemscan:

http://w13.easy-share.com/1234482.html

aspetto vostre notizie

[Luke57]

Ciao, se non l’hai, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (Ctrl+V) le scritte in neretto:


registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {289FFB76-562E-49A7-8A2A-E20A60A84359}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5E3EB89E-1AE4-4DC1-B338-D0EAEC474C4c}


Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | j0231531


Files to delete:
C:\WINDOWS\system32\bjqmynae.exe
C:\WINDOWS\system32\hrmmmfjm.exe
C:\WINDOWS\system32\sotymtic.exe
C:\WINDOWS\system32\hrvhpvbe.exe
C:\WINDOWS\system32\ihkpukbt.exe
C:\WINDOWS\system32\raovdade.exe
C:\WINDOWS\system32\cxmlowba.exe
C:\WINDOWS\system32\piccffxy.exe
C:\WINDOWS\system32\esjhtyds.exe
C:\WINDOWS\system32\mudbptpf.exe
C:\WINDOWS\system32\kpsvdgih.exe
C:\WINDOWS\system32\j0231531.dll


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.


Apri il registro di sistema (start>esegui>regedit>OK)

cliccando sul segno + accanto alle singole voci segui questo percorso
HKEY_CLASSES_ROOT
CLSID
{289FFB76-562E-49A7-8A2A-E20A60A84359}
Click tasto dx sull’ultima vocee scegli elimina.

2)HKCR
CLSID
{5E3EB89E-1AE4-4DC1-B338-D0EAEC474C4c}
Click tasto dx sull’ultima voce e scegli elimina.

[frasamper]

Ecco il risultato dell' Avenger; per il resto ho eliminato dal registro quello che mi avevi chiesto.
Il prossimo passo?

ciao


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nqkyyinc

*******************

Script file located at: \??\C:\Program Files\egodwnus.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\bjqmynae.exe deleted successfully.
File C:\WINDOWS\system32\hrmmmfjm.exe deleted successfully.
File C:\WINDOWS\system32\sotymtic.exe deleted successfully.
File C:\WINDOWS\system32\hrvhpvbe.exe deleted successfully.
File C:\WINDOWS\system32\ihkpukbt.exe deleted successfully.
File C:\WINDOWS\system32\raovdade.exe deleted successfully.
File C:\WINDOWS\system32\cxmlowba.exe deleted successfully.
File C:\WINDOWS\system32\piccffxy.exe deleted successfully.
File C:\WINDOWS\system32\esjhtyds.exe deleted successfully.
File C:\WINDOWS\system32\mudbptpf.exe deleted successfully.
File C:\WINDOWS\system32\kpsvdgih.exe deleted successfully.


File C:\WINDOWS\system32\j0231531.dll not found!
Deletion of file C:\WINDOWS\system32\j0231531.dll failed!

Could not process line:
C:\WINDOWS\system32\j0231531.dll
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {289FFB76-562E-49A7-8A2A-E20A60A84359} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {289FFB76-562E-49A7-8A2A-E20A60A84359} failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5E3EB89E-1AE4-4DC1-B338-D0EAEC474C4c} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5E3EB89E-1AE4-4DC1-B338-D0EAEC474C4c} failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|j0231531 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Luke57]

Ciao, hai ancora problemi?

[frasamper]

no... di nessun tipo, sembra tutto sistemato.

Ti ringrazio tantissimo. Solo per curiosità, dal momento che sono veramente ignorante in materia... ma cos'era questo virus che mi faceva trovare sempre nuovi Trojan e mi apriva finestre explorer con pubblicità?

ciao

[Luke57]

Ciao, è il malware Vundo e varianti, attento a non ribeccarlo, è solito recidivare

[frasamper]

Ma dal momento che, nonostante la presenza dell'Avast, il mio pc è stato comunque infettato, quale antivirus mi consiglio di utilizzare per evitare di incorrere nuovamente in questo Vundo?
Grazie ancora e scusami per il disturbo.

Ciao