Condividi:        

trojan wint/bagle.gen bis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

trojan wint/bagle.gen bis

Postdi mancar53 » 25/02/08 18:12

Scusate nel mio messaggio ho allegato una scansione errata!

Questa è quella giusta

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 25, 2008 3:59:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/02/2008
Kaspersky Anti-Virus database records: 578402
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 137071
Number of viruses found: 7
Number of infected objects: 93
Number of suspicious objects: 0
Duration of the scan process: 23:04:32

Infected Object Name / Virus Name / Last Action
C:\0f5366217dc5062f57be5f43c69acecc\msxml4-KB927978-enu.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\0742896bec4a516b1974862df9bf536d_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\4b8ec040b91cfe6be6147efd6d462674_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\6c5a3677a2b607bae8e32b84626c8a12_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\6d47c258c66529a39f24f0a09143525e_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\93dcf873c89a9b0b6847be0ec7a1bfa0_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\946223e5f34b97ee779d20d24c0adfbd_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\9729ac477d7a68939c129efad19323fa_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\b0ed3037f385c9c0b791406930d1ffd3_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\b300b46ce546787f9d10e49a83b3e2d3_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\dd5917a53ec13ba631740d08501a0e14_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Crypto\RSA\MachineKeys\ef94c8dea5ed927a7655f8b0802ab621_384266a4-2c0d-4054-b70d-cd24e2a0ed31 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS.0\Dati applicazioni\Symantec\LiveUpdate\2008-02-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\m\data.oct Infected: Trojan-Downloader.Win32.Bagle.kd skipped
C:\Documents and Settings\Manlio.PC-HOME\Documenti\ELISTARA.25012008.EXE Infected: Trojan-Downloader.Win32.IstBar.qr skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Cronologia\History.IE5\MSHist012008022420080225\index.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Identities\{8E549894-1CEA-4B2E-A374-51CE2C716830}\Microsoft\Outlook Express\Posta in arrivo.dbx Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temp\Perflib_Perfdata_594.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files\Content.IE5\385PY3KT\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files\Content.IE5\GOCTCLJ9\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Manlio.PC-HOME\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Mirc 6.2 ita\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Mirc 6.2 ita\TuttoIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Programmi\Alice ti aiuta\SmartBridge\AlertFilter.log Object is locked skipped
C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log Object is locked skipped
C:\Programmi\Alice ti aiuta\SmartBridge\SmartBridge.log Object is locked skipped
C:\Programmi\Comodo\BackUp\CmdBkpSvc.log Object is locked skipped
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe Object is locked skipped
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS.0\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS.0\SchedLgU.Txt Object is locked skipped
C:\WINDOWS.0\Sti_Trace.log Object is locked skipped
C:\WINDOWS.0\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS.0\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS.0\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS.0\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\default Object is locked skipped
C:\WINDOWS.0\system32\config\default.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS.0\system32\config\SAM Object is locked skipped
C:\WINDOWS.0\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\SECURITY Object is locked skipped
C:\WINDOWS.0\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\software Object is locked skipped
C:\WINDOWS.0\system32\config\software.LOG Object is locked skipped
C:\WINDOWS.0\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS.0\system32\config\system Object is locked skipped
C:\WINDOWS.0\system32\config\system.LOG Object is locked skipped
C:\WINDOWS.0\system32\drivers\down\113296.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\124453.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\144359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14481328.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14497109.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14619140.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14626203.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14628265.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14654859.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14673125.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14688609.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14697484.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14724359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14726515.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14753328.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14753343.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14791406.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14808562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14811671.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14845531.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14864703.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14877937.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14890265.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14894875.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\14939468.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\14961078.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\15194687.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\15197531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\15205859.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\15212359.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\163921.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\16493390.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\17102578.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\173968.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\199843.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\20671265.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\213125.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\230203.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29120953.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29145234.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29283312.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29298343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29311312.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29317296.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29318921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29378625.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29410296.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29418718.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29502812.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29511796.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29517515.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29764562.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29770609.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29772562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\29776093.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\29808562.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\30009125.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\304343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\306453.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\31094000.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\31097078.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\43655359.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\43679453.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\43716531.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\43908968.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\43921906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\44118093.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\44120531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\44159062.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\44179640.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\44181312.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\44331203.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\44335937.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\44361500.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\58630843.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\58637859.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\624421.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\639906.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\drivers\down\73163093.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\drivers\down\99578.exe Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\WINDOWS.0\system32\h323log.txt Object is locked skipped
C:\WINDOWS.0\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS.0\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS.0\wiadebug.log Object is locked skipped
C:\WINDOWS.0\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\documentiback\DPE\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
E:\documentiback\DPE\Nero 8.1.1.0b ITA + MultiLang Incl. Keygen by Controller Programmi\Nero-8.1.1.0b_ita_trial.exe 7-Zip: infected - 1 skipped
E:\documentiback\ELISTARA.25012008.EXE Infected: Trojan-Downloader.Win32.IstBar.qr skipped
E:\documentiback\Mirc v6.16 + crack.zip/Mirc v6.16 + crack/mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
E:\documentiback\Mirc v6.16 + crack.zip/Mirc v6.16 + crack/mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
E:\documentiback\Mirc v6.16 + crack.zip ZIP: infected - 2 skipped

Scan was interrupted by user!
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Sponsor
 

Re: trojan wint/bagle.gen bis

Postdi Luke57 » 25/02/08 19:08

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip

Decomprimi l'archivio
Disconnettiti da internet, disattiva antivirus e firewall
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte seguenti:

files to delete:
C:\WINDOWS.0\system32\drivers\hidr.exe
C:\WINDOWS.0\system32\drivers\srosa.sys
C:\WINDOWS.0\system32\wintems.exe
C:\WINDOWS.0\system32\hldrrr.exe
C:\WINDOWS.0\system32\trusted.exe
C:\WINDOWS.0\system32rivers\pci32.sys
C:\WINDOWS.0\system32\drivers\hldrrr.exe
C:\Mirc 6.2 ita\mirc.exe
C:\Mirc 6.2 ita\TuttoIRC.exe
C:\WINDOWS.0\system32\mdelk.exe

folders to delete:
C:\WINDOWS.0\exefnd
C:\WINDOWS.0\exefld
C:\WINDOWS.0\system32\drivers\down
C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\m
C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files
E:\documentiback\Mirc v6.16 + crack.zip

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi ok e poi yes.
Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.


Se non ti funzionase avenger, scaricalo da qui:
http://www.wikifortio.com/630243/AntiBagle.zip
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: trojan wint/bagle.gen bis

Postdi mancar53 » 26/02/08 13:12

allego il report di Avenger

grazie

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vkseetjb

*******************

Script file located at: \??\C:\WINDOWS.0\woemcmaw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS.0\system32\drivers\hidr.exe not found!
Deletion of file C:\WINDOWS.0\system32\drivers\hidr.exe failed!

Could not process line:
C:\WINDOWS.0\system32\drivers\hidr.exe
Status: 0xc0000034

File C:\WINDOWS.0\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS.0\system32\wintems.exe deleted successfully.


File C:\WINDOWS.0\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS.0\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS.0\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS.0\system32\trusted.exe not found!
Deletion of file C:\WINDOWS.0\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS.0\system32\trusted.exe
Status: 0xc0000034



Could not open file C:\WINDOWS.0\system32rivers\pci32.sys for deletion
Deletion of file C:\WINDOWS.0\system32rivers\pci32.sys failed!

Could not process line:
C:\WINDOWS.0\system32rivers\pci32.sys
Status: 0xc000003a

File C:\WINDOWS.0\system32\drivers\hldrrr.exe deleted successfully.
File C:\Mirc 6.2 ita\mirc.exe deleted successfully.
File C:\Mirc 6.2 ita\TuttoIRC.exe deleted successfully.
File C:\WINDOWS.0\system32\mdelk.exe deleted successfully.


Folder C:\WINDOWS.0\exefnd not found!
Deletion of folder C:\WINDOWS.0\exefnd failed!

Could not process line:
C:\WINDOWS.0\exefnd
Status: 0xc0000034



Folder C:\WINDOWS.0\exefld not found!
Deletion of folder C:\WINDOWS.0\exefld failed!

Could not process line:
C:\WINDOWS.0\exefld
Status: 0xc0000034

Folder C:\WINDOWS.0\system32\drivers\down deleted successfully.
Folder C:\Documents and Settings\Manlio.PC-HOME\Dati applicazioni\m deleted successfully.
Folder C:\Documents and Settings\LocalService.NT AUTHORITY\Impostazioni locali\Temporary Internet Files\Content.IE5 deleted successfully.
Folder C:\Documents and Settings\Manlio.PC-HOME\Impostazioni locali\Temporary Internet Files deleted successfully.


Could not open folder E:\documentiback\Mirc v6.16 + crack.zip for deletion
Deletion of folder E:\documentiback\Mirc v6.16 + crack.zip failed!

Could not process line:
E:\documentiback\Mirc v6.16 + crack.zip
Status: 0xc000003a

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32

Re: trojan wint/bagle.gen bis

Postdi Luke57 » 26/02/08 13:47

Ciao, pare tutto ok, adesso vai qui:
http://www.zonavirus.com/datos/descarga ... ibagla.asp
scarica elibagla in fondo alla pagina e fai una scansione completa.
Posta il report che troverai in C:\infosat.txt.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: trojan wint/bagle.gen bis

Postdi mancar53 » 26/02/08 17:01

si , mi pare che il trojan sia sparito, inoltredopo il riavvio Spybot è ripartito da solo e sono riuscito a ricaricare Norton 2008 anche se ho dei problemi con l'attivazione ma penso che siano tipici del prodotto

grazie mille!
mancar53
Utente Junior
 
Post: 58
Iscritto il: 21/02/08 22:32


Torna a Sicurezza e Privacy


Topic correlati a "trojan wint/bagle.gen bis":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 58 ospiti

cron