Condividi:        

worm bagle duro a morire

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

worm bagle duro a morire

Postdi bioxxx » 11/02/08 19:58

ciao a tutti ragazzi,
scrivo a voi perche sono arrivato davvero allo stremo. Vi spiego cosa è successo. Ho scaricato un .exe da emule e stupidamente lo ho avviato senza prima effettuare una scansione...il risultato??? beh firewall e antivirus non funzionanti. Cosi ho provato a disinstallarli e reinstallarli ma nulla da fare. Addirittura si blocca l'installazione. Allora ho provato a utilizzare un antivirus online ma con scarso scuccesso in quanto non ha risolto il problema. Successivamente girando un po su internet ho trovato lo STRUMENTO DI RIMOZIONE MALWARE della microsoft aggiornato al gennaio del 2008 e questo accade: se effetttuo una scansione approfondita si blocca se invece ne effettuo una rapida la porta a termine ma con parziale successo dato che il messaggio è il seguente: "Trojan:WinNT/Bagle.gen rimosso parzialmente, TrojanProxy:Win32/Mitglieder.gen!A rimosso parzialmente, Worm:Win32/Bagle.gen!C rimosso parzialmente". Pensavo che almeno sapevo di cosa si trattava e mi sono rimboccato le maniche e ho fatto qlc ricerca in modo tale da vedere i programmi che consigliavano per eliminare tutta sta popo di roba. Beh vi dico, ho provato davvero di tutto: antivirus, antimalware, antispyware, pacchettia pposta per i bagle...non c'è verso rimane tutto piantato li!!!inoltre qualcuno fra questi programmi mi ha incasinato ancora qlc altro visto k adesso in tutte le cartelle visualizzo il file DESKTOP.INI che è piuttosto fastidioso. questo è tutto. Spero che qlc anima pia fra voi saprà consigliarmi e guidarmi alla risoluzione del mio problema. Un ringraziamento anticipato a tutti coloro che mi aiuteranno. fabio :cry:
bioxxx
Utente Senior
 
Post: 122
Iscritto il: 27/11/05 12:34

Sponsor
 

Re: worm bagle duro a morire

Postdi Luke57 » 12/02/08 08:33

Ciao, devi fare uno scan on line con kaspersky a questo punto:

http://www.kaspersky.com/service?chapter=161739400
1.Clicca su Kaspersky Online Scanner
2.Scarica un componente ActiveX da Kaspersky, Clicca su "Yes."
3.Attendi la fine del download
4.Clicca su "Next"
5.Clicca su "Scan Settings"
6.Assicurati che siano spuntate le seguenti voci
Scan using the following Anti-Virus database:
Extended
spunta le voci di "Scan options"
Scan Archives
Scan Mail Bases
7.Clicca su "OK"
8.Scegli "My computer"
Attendi la fine della scansione,se viene rilevato qualcosa salva il rapporto cliccando su "Save as Text"

Incolla il report dello scan.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: worm bagle duro a morire

Postdi bioxxx » 12/02/08 11:39

per ora grazie mille luke...adesso ho fatto partire lo scan ma ho l'impressione k sarà una cosa lunga :lol: ...ti faccio sapere appena ha finito...mi sapresti per caso dare un consiglio anke per evitare di vedere le icone dei desktop.ini?
grazie ancora...
bioxxx
Utente Senior
 
Post: 122
Iscritto il: 27/11/05 12:34

Re: worm bagle duro a morire

Postdi bioxxx » 12/02/08 18:13

allora dopo una girnata di scan il risultato è questo:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 12, 2008 6:10:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/02/2008
Kaspersky Anti-Virus database records: 558211
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 89937
Number of viruses found: 6
Number of infected objects: 122
Number of suspicious objects: 0
Duration of the scan process: 07:38:12

Infected Object Name / Virus Name / Last Action
C:\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\drivers\down\3067281.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\3085000.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\3091343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\351765.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\92671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\103375.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\107812.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\91656.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\110953.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\126140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\95625.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\123656.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14626953.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14647640.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\14651859.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\29189109.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\29196718.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\29202015.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\78578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\83046.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\87296.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\148921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\150140.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\153281.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\338375.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\340828.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\342953.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\24853578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\24857968.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\24860984.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\92000.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\94562.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\96343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14501828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\14502000.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\14502156.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\28906687.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\28906750.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\28907359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\43311718.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\43311734.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\43311812.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\169144421.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\169144781.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\169147156.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\107562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\108765.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\110500.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\113531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\100500.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\104031.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\107031.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\109062.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\116609.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\101437.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\14512296.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\14514578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\29090343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\43592750.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\43600031.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\58120921.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS\system32\drivers\down\58128609.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\58131359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\dllcache\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_f8.dat Object is locked skipped
C:\WINDOWS\Temp\ASHeuristic\MDELK.EXE Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\3067281_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\3091343_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\92671_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\107812_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\91656_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\126140_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\95625_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\123656_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\WINTEMS_EXE.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[1]_jpg.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[2]_jpg.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[3]_jpg.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[1]_jpg.vir0 Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[2]_jpg.vir0 Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[3]_jpg.vir0 Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\ASHeuristic\b64_3[4]_jpg.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\Temp\Perflib_Perfdata_e6c.dat Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Fabio PC\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Fabio PC\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DF8C24.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\Free Download Manager\tic119.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\Free Download Manager\tic11A.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DF8C37.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DF4E01.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DF4E28.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DFA24B.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DFA254.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\~DF16D0.tmp Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\Perflib_Perfdata_bf8.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp\Perflib_Perfdata_88c.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Cronologia\History.IE5\MSHist012008021220080213\index.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\WTIO546O\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\WTIO546O\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\WTIO546O\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\WTIO546O\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\WTIO546O\mxd[1].jpg Infected: Trojan-Downloader.Win32.Bagle.jo skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\IVIU7DSC\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\IVIU7DSC\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\IVIU7DSC\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_3[4].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\6S09E35O\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_3[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_3[5].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_1[2].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\7ZBMYJW7\b64_1[3].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\5AO9KUGF\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\1A2MV34E\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\1A2MV34E\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\LZVWE32L\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\A9200XX5\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\A9200XX5\b64[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temporary Internet Files\Content.IE5\A9200XX5\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\ApplicationHistory\ePresentation.exe.e70224e9.ini.inuse Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\Cri-Cri3@hotmail.it\real\members.stg Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\Microsoft\Windows Live Contacts\Cri-Cri3@hotmail.it\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Fabio PC\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Documenti\Le mie Conversazioni\febbraio 2008\fra_golina_spilu@hotmail.it.html Object is locked skipped
C:\Documents and Settings\Fabio PC\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Fabio PC\Dati applicazioni\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.jp skipped
C:\Documents and Settings\Fabio PC\.housecall6.6\Quarantine\A0073872.EXE.bac_a02960 Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Fabio PC\.housecall6.6\Quarantine\A0073873.exe.bac_a02960 Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Fabio PC\.housecall6.6\Quarantine\A0074202.exe.bac_a02960 Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\Fabio PC\.housecall6.6\Quarantine\b64_2[1].jpg.bac_a03196 Infected: Trojan.Win32.Pakes.bwy skipped
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.ig skipped
C:\system volume information\_restore{3FF126B1-2F60-469A-B5D6-DC99B8481860}\RP283\A0079265.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\system volume information\_restore{3FF126B1-2F60-469A-B5D6-DC99B8481860}\RP283\A0079268.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\system volume information\_restore{3FF126B1-2F60-469A-B5D6-DC99B8481860}\RP284\change.log Object is locked skipped
C:\system volume information\_restore{3FF126B1-2F60-469A-B5D6-DC99B8481860}\RP284\A0079542.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\system volume information\_restore{3FF126B1-2F60-469A-B5D6-DC99B8481860}\RP284\A0079543.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\system volume information\_restore{3FF126B1-2F60-469A-B5D6-DC99B8481860}\RP284\A0079544.exe Infected: Email-Worm.Win32.Bagle.of skipped

Scan process completed.


bene....consigli sul da farsi ora?ch ecosa elimino?
grazie fabio
bioxxx
Utente Senior
 
Post: 122
Iscritto il: 27/11/05 12:34

Re: worm bagle duro a morire

Postdi Luke57 » 12/02/08 19:59

Ciao, click tasto dx del computer su esplora risorse>proprietà>ripristino configurazione di sistema>metti la spunta a "disattiva......">OK


POi scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\Temp
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente e togli la spunta a "disattiva ripristino...." precedentemente immessa.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: worm bagle duro a morire

Postdi bioxxx » 12/02/08 20:20

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wkwgqvvy

*******************

Script file located at: \??\C:\Documents and Settings\ebcrlmvw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034



Folder C:\WINDOWS\exefld not found!
Deletion of folder C:\WINDOWS\exefld failed!

Could not process line:
C:\WINDOWS\exefld
Status: 0xc0000034

Folder C:\WINDOWS\system32\drivers\down deleted successfully.
Folder C:\WINDOWS\Temp deleted successfully.
Folder C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Folder C:\Documents and Settings\Fabio PC\Impostazioni locali\Temp deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
bioxxx
Utente Senior
 
Post: 122
Iscritto il: 27/11/05 12:34

Re: worm bagle duro a morire

Postdi Luke57 » 12/02/08 21:09

Ciao, tutti i file infetti che ha trovato sono stati eliminati.
Prova a reistallare l'antivirus (sicuramente l'eseguibile è corrotto e va reistallato).
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: worm bagle duro a morire

Postdi bioxxx » 13/02/08 12:26

:) :) :) :) fantastico!!!!grazie mille luke tutto è andato cm mi hai detto...a presto! ;)
bioxxx
Utente Senior
 
Post: 122
Iscritto il: 27/11/05 12:34


Torna a Sicurezza e Privacy


Topic correlati a "worm bagle duro a morire":

Worm Dorkbot
Autore: gallico
Forum: Sicurezza e Privacy
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron