Condividi:        

Aiuto.. mi sono beccata un BAGLE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Aiuto.. mi sono beccata un BAGLE

Postdi ivysoul2000 » 28/05/08 07:16

Ciao a tutti,
penso di essermi beccata il BAGLE. :cry:

Mi ero scaricata un gioco da eMule e si è rivelato una vera (spiacevole) sopresa...
Una volta attivato mi ha riavviato il pc e da quel momento il mio antivirus (nod32) è diventato una "applicazione non valida per win32". Non funziona nemmeno avast o qualsiasi altro antivirus che ho provato a scaricare.

Allora mi sono messa a cercare online la soluzione e, digitando i sintomi, ho trovato la risposta: ho un BAGLE.
E ho trovato anche un posto che credo sia quello giusto per porre la mia domanda: questo forum (spero :idea: )

Ho scaricato già vari removalkit (tipo elibagla o il removal kit della symantec) ma non funzionano.

Ho visto in un altro post del passato che qualcuno di consigliava di scaricare Avenger ed eliminare alcuni file... ma qui nemmeno Avenger funziona :x

Ho allora fatto un scan online con KASPERSKY... e ho ottenuto queste informazioni...

Qualcuno mi potrebbe aiutare? Non voglio dover formattare il pc...

Grazie

Ivy

---------------------------------------------------------------------------------------------------------------
Wednesday, May 28, 2008 7:29:58 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/05/2008
Kaspersky Anti-Virus database records: 801559
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 90593
Number of viruses found 4
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 05:23:21

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\casa\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\actc.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\actind.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\activation.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\dbfile.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\dbind.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\vc.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Adobe\Acrobat\7.0\Digital Editions\Vouchers\voucherlog.txt Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\cert8.db Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\history.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\key3.db Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\parent.lock Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\search.sqlite Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\zotero\zotero.sqlite Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\call256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\call512.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\callmember256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chat1024.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chat256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chat512.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chat8192.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatsync\25\250d069b4c4b3ad2.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatsync\77\77ff9ddf89bd8b26.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatsync\94\94806bed0d08b36c.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\chatsync\dd\dded57bf13634c86.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\contactgroup1024.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\contactgroup512.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\index2.dat Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\profile16384.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\sms256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\transfer1024.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\transfer256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\transfer512.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\user1024.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\user16384.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\user256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\user32768.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\user4096.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Skype\ivysoul2000\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\abook-1.mab Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\abook-4.mab Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\abook.mab Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\cert8.db Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\impab-1.mab Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\key3.db Object is locked skipped
C:\Documents and Settings\casa\Dati applicazioni\Thunderbird\Profiles\o4zsjpbx.default\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Cronologia\History.IE5\MSHist012008052820080529\index.dat Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\d2krve2s.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Temp\AcrB41E.tmp Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\42DED7KY\b64_1[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\42DED7KY\b64_2[1].jpg Infected: Email-Worm.Win32.Bagle.vr skipped
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\42DED7KY\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\MJC9Z3WV\b64[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\casa\ntuser.dat Object is locked skipped
C:\Documents and Settings\casa\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\casa\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\download\FSP_klite27rc1.exe/file2 Infected: not-a-virus:AdWare.Win32.Altnet.e skipped
C:\download\FSP_klite27rc1.exe Inno: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
ivysoul2000
Newbie
 
Post: 2
Iscritto il: 28/05/08 06:57

Sponsor
 

Re: Aiuto.. mi sono beccata un BAGLE

Postdi Luke57 » 28/05/08 07:43

Ciao, proviamo questa procedura (by Duca Bianco)

1) elimina elibagla che hai scaricato

2) sCARICA QUESTI PROGRAMMI SUL DESKTOP:
http://us1.filseclab-res.com/down/twister_en.zip
http://download.bleepingcomputer.com/ol ... oveIt2.exe
http://www.zonavirus.com/datos/descarga ... ibagla.asp

3) Disattiva ripristino configurazione sistema
4)Disconnetti da internet spegnendo il modem
5) lancia elibagla(se non dovesse avviarsi insisti riavviando il sistema più volte) e clicca su explorar,terminato riavvia e usa nuovamente elibagla.
6)Solo dopo aver usato elibagla avvia il S.O modalità provvisoria(dovrebbe funzionare, se non va fallo dalla modalità normale, sempre a modem spento)
7)Doppio click su OTMoveIT2.exe
Copia/incolla quanto segue nella finestra "Paste List of Files/Folders
to be moved"

Codice: Seleziona tutto
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.
%SystemDrive%\WINDOWS\system32\mdelk.exe.
%SystemDrive%\WINDOWS\system32\wintems.exe.
%SystemDrive%\WINDOWS\system32\1.exe
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld
%SystemDrive%\WINDOWS\temp\
%UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5
%UserProfile%\Impostazioni locali\Temporary Internet Files
%UserProfile%\Impostazioni locali\Temp


8- clicca su MoveIT
Se ti viene proposto il riavvio non farlo e usa ancora elibagla,ora riavvia.
La procedura fino qui va fatta tutta disconnesso da internet

9) Estrai Twister zip Antivirus (è immune da beagle) installalo aggiornalo (IMPORTANTE) scansioni tutto il disco e elimini quello che trova.
10) Posta infine il log di elibagla C:\InfoSat.txt e di OTMoveIt2 in C:\_OTMoveIt\MovedFiles.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Aiuto.. mi sono beccata un BAGLE

Postdi ivysoul2000 » 29/05/08 15:24

Grazie mille =)

Ho seguito punto per punto la procedura e sembra aver funzionato benissimo!

L'antivirus Twister poi ha trovato e falciato almeno 150 file infetti dopo il reboot.
Credo e spero non ci siano + problemi (ma per prudenza continuerò a fare scan con diversi antivirus fino ad aver rastrellato in tutti modi ogni angolo del mio pc)

Grazie ancora per la disponibilità

A presto

Ivy


Copio qui i log richiesti...

OTMoveIt2
___________________________________________________________________________________________________

< %SystemDrive%\WINDOWS\system32\drivers\hidr.exe >
Folder C:\WINDOWS\system32\drivers\hidr.exe not found.
< %SystemDrive%\WINDOWS\system32\drivers\srosa.sys >
C:\WINDOWS\system32\drivers\srosa.sys moved successfully.
< %SystemDrive%\WINDOWS\system32\wintems.exe >
C:\WINDOWS\system32\wintems.exe moved successfully.
< %SystemDrive%\WINDOWS\system32\hldrrr.exe >
Folder C:\WINDOWS\system32\hldrrr.exe not found.
< %SystemDrive%\WINDOWS\system32\trusted.exe >
Folder C:\WINDOWS\system32\trusted.exe not found.
< %SystemDrive%\WINDOWS\system32\drivers\pci32.sys >
Folder C:\WINDOWS\system32\drivers\pci32.sys not found.
< %UserProfile%\Dati applicazioni\hidires\hidr.exe >
Folder C:\Documents and Settings\casa\Dati applicazioni\hidires\hidr.exe not found.
< %UserProfile%\Dati applicazioni\hidires\rosa.sys >
Folder C:\Documents and Settings\casa\Dati applicazioni\hidires\rosa.sys not found.
< %UserProfile%\Dati applicazioni\m\list.oct >
Folder C:\Documents and Settings\casa\Dati applicazioni\m\list.oct not found.
< %UserProfile%\Dati applicazioni\m\data.oct >
Folder C:\Documents and Settings\casa\Dati applicazioni\m\data.oct not found.
< %UserProfile%\Dati applicazioni\m\flec006.exe >
C:\Documents and Settings\casa\Dati applicazioni\m\flec006.exe moved successfully.
< %SystemDrive%\system32\re_file.exe >
Folder C:\system32\re_file.exe not found.
< %SystemDrive%\elist.xpt >
Folder C:\elist.xpt not found.
< %UserProfile%\Dati applicazioni\hidires\m_hook.sys >
Folder C:\Documents and Settings\casa\Dati applicazioni\hidires\m_hook.sys not found.
< %SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe >
C:\WINDOWS\system32\drivers\hldrrr.exe moved successfully.
< %SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_ >
Folder C:\WINDOWS\system32\drivers\hldrrr.ex_ not found.
< %SystemDrive%\WINDOWS\system32\mdelk.exe >
C:\WINDOWS\system32\mdelk.exe moved successfully.
< %SystemDrive%\WINDOWS\system32\drivers\mdelk.exe >
C:\WINDOWS\system32\drivers\mdelk.exe moved successfully.
< %SystemDrive%\WINDOWS\system32\drivers\pci32.sys >
Folder C:\WINDOWS\system32\drivers\pci32.sys not found.
< %SystemDrive%\WINDOWS\system32\edlm.exe >
Folder C:\WINDOWS\system32\edlm.exe not found.
< %SystemDrive%\WINDOWS\system32\edlm2.exe >
Folder C:\WINDOWS\system32\edlm2.exe not found.
< %SystemDrive%\Windows\system32\ldR64.dll >
Folder C:\Windows\system32\ldR64.dll not found.
< %SystemDrive%\WINDOWS\system32\german.exe >
Folder C:\WINDOWS\system32\german.exe not found.
< %SystemDrive%\WINDOWS\system32\drivers\srosa.sys. >
Folder C:\WINDOWS\system32\drivers\srosa.sys. not found.
< %SystemDrive%\WINDOWS\system32\mdelk.exe. >
Folder C:\WINDOWS\system32\mdelk.exe. not found.
< %SystemDrive%\WINDOWS\system32\wintems.exe. >
Folder C:\WINDOWS\system32\wintems.exe. not found.
< %SystemDrive%\WINDOWS\system32\1.exe >
Folder C:\WINDOWS\system32\1.exe not found.
< %SystemDrive%\WINDOWS\exefqd >
Folder C:\WINDOWS\exefqd not found.
< %SystemDrive%\WINDOWS\exefnd >
Folder C:\WINDOWS\exefnd not found.
< %SystemDrive%\WINDOWS\exefld >
Folder C:\WINDOWS\exefld not found.
< %UserProfile%\Dati applicazioni\hidires >
Folder C:\Documents and Settings\casa\Dati applicazioni\hidires not found.
< %UserProfile%\Dati applicazioni\hidn >
Folder C:\Documents and Settings\casa\Dati applicazioni\hidn not found.
< %UserProfile%\Dati applicazioni\m >
C:\Documents and Settings\casa\Dati applicazioni\m\shared moved successfully.
C:\Documents and Settings\casa\Dati applicazioni\m moved successfully.
< %SystemDrive%\WINDOWS\System32\drivers\down >
Folder C:\WINDOWS\System32\drivers\down not found.
< %SystemDrive%\WINDOWS\system32\drivers\downld >
C:\WINDOWS\system32\drivers\downld moved successfully.
< %SystemDrive%\WINDOWS\temp\ >
Folder C:\WINDOWS\temp\ not found.
< %UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5 >
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\U6KESW7R moved successfully.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\SYFYAR4X moved successfully.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\MJC9Z3WV moved successfully.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5\42DED7KY moved successfully.
Folder move failed. C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
< %UserProfile%\Impostazioni locali\Temporary Internet Files >
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\OLK439F moved successfully.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.MSO moved successfully.
Folder move failed. C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\AntiPhishing moved successfully.
Folder move failed. C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files scheduled to be moved on reboot.
< %UserProfile%\Impostazioni locali\Temp >
C:\Documents and Settings\casa\Impostazioni locali\Temp moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 01011988_033422

Files moved on Reboot...
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.IE5 moved successfully.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files\Content.MSO moved successfully.
C:\Documents and Settings\casa\Impostazioni locali\Temporary Internet Files moved successfully.


elibagla _______________________________________________________________________________________________



Fri Jan 01 03:34:42 1988
EliBagle v11.42 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 26 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\_OTMoveIt\MovedFiles\01011988_033422\Documents and Settings\casa\Dati applicazioni\m\FLEC006.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\WINTEMS.EXE --> Eliminado Bagle
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\HLDRRR.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\downld\106312.EXE --> Eliminado Bagle
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\downld\131398.EXE --> Eliminado Bagle
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\downld\160651.EXE --> Eliminado Bagle
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\downld\85833.EXE --> Eliminado Bagle
C:\_OTMoveIt\MovedFiles\01011988_033422\WINDOWS\system32\drivers\downld\94465.EXE --> Eliminado Bagle

Nº Total de Directorios: 7642
Nº Total de Ficheros: 90542
Nº de Ficheros Analizados: 10067
Nº de Ficheros Infectados: 11
Nº de Ficheros Limpiados: 11
ivysoul2000
Newbie
 
Post: 2
Iscritto il: 28/05/08 06:57


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto.. mi sono beccata un BAGLE":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 86 ospiti

cron