Condividi:        

maledetto BAGLE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

maledetto BAGLE

Postdi claugmail » 29/05/08 13:56

Ciao a tutti... Sono alle prese con un virus sul mio computer, presumibilmente, leggendo altri topics, un BAGLE.
Ho fatto una scansione online con Bit Defender ieri (di cui allego file log.) e ho cercato di farmi giustizia da solo cancellando tutto il contenuto delle cartelle indiziate.
Ovviamente questo non ha risolto il problema, e così, su vostro suggerimento ad un altro utente, ho rifatto la scansione con kaspersky limitando la ricerca alle sole cartelle "sospette" (allego sotto anche questo log.)
Sono sicuro che saprete suggerirmi qualcosa per riparare i casini che ho combinato,
a presto,
Claudio

BIT DEFENDER
Scanned File Status
C:\Documents and Settings\Casa\Dati applicazioni\m\data.oct Infected with: Trojan.Downloader.Bagle.IL
C:\Documents and Settings\Casa\Dati applicazioni\m\data.oct Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[1].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[2].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64[2].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_1[1].jpg Infected with: Trojan.Downloader.Bagle.IE
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_1[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_3[1].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\37RCKAQ8\b64_3[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\BLP4HIAR\b64_3[1].jpg Infected with: Win32.Bagle.SUQ@mm
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\BLP4HIAR\b64_3[1].jpg Deleted
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\HIK1QE95\b64_1[1].jpg Infected with: Trojan.Downloader.Bagle.IE
C:\Documents and Settings\Casa\Impostazioni locali\Temporary Internet Files\Content.IE5\HIK1QE95\b64_1[1].jpg Deleted
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected with: Trojan.Downloader.Bagle.IL
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036701.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036701.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036710.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036710.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036736.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036736.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036748.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036748.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036753.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036753.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036776.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036776.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036782.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0036782.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037771.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037771.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037772.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037772.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037783.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037783.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037786.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037786.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037797.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP348\A0037797.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037817.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037817.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037832.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037832.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037834.exe Infected with: Trojan.Downloader.Bagle.IE
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037834.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037835.exe Infected with: Win32.Bagle.SVL@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037835.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037842.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037842.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037843.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037843.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037844.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037844.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037969.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037969.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037970.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037970.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037979.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037979.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037980.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0037980.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038104.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038104.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038105.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038105.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038106.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038106.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038115.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038115.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038116.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038116.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038120.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038120.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038172.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038172.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038173.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP350\A0038173.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038177.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038177.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038178.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP351\A0038178.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038193.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038193.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038194.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038194.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038204.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038204.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038205.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038205.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038209.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038209.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038210.exe Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038210.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038211.exe Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038211.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038212.exe Infected with: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038212.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038220.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038220.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038221.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP352\A0038221.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038354.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038354.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038355.sys Infected with: Rootkit.Bagle.F
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038355.sys Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038356.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038356.exe Deleted
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038359.exe Infected with: Trojan.Downloader.Bagle.IL
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP354\A0038359.exe Deleted

KASPERSKY:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 1:19:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 811407
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\System Volume Information\
C:\SYSTEM.SAV\
C:\temp\
C:\WINDOWS\

Scan Statistics:
Total number of scanned objects: 17724
Number of viruses found: 5
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:59:02

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0038681.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039683.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039684.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039685.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039687.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039688.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039689.exe Infected: Trojan-Downloader.Win32.Bagle.qj skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039700.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039709.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\A0039719.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{9928A476-4EE4-4F05-8B9D-4D526BCB26ED}\RP355\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antiviru.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\downld\1398265.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\148281.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\158531.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\WINDOWS\system32\drivers\downld\161140.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\downld\183421.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\downld\21909781.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\WINDOWS\system32\drivers\downld\21915578.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\411453.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\446125.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\521203.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\6407703.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\WINDOWS\system32\drivers\downld\813671.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\WINDOWS\system32\drivers\downld\848171.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.
claugmail
Newbie
 
Post: 2
Iscritto il: 29/05/08 12:34

Sponsor
 

Re: maledetto BAGLE

Postdi claugmail » 29/05/08 14:05

Dimenticavo...
Ho già fatto girare anche AntiKnight come suggerito a "vlady" in un topic del 15/03/2008, ma poi mi sono fermato perche non so se su Avanger dovevo inserire gli stessi dati.
Grazie
claugmail
Newbie
 
Post: 2
Iscritto il: 29/05/08 12:34

Re: maledetto BAGLE

Postdi Luke57 » 29/05/08 16:33

Ciao, proviamo questa procedura (by Duca Bianco)

1) elimina elibagla che hai scaricato

2) sCARICA QUESTI PROGRAMMI SUL DESKTOP:
http://us1.filseclab-res.com/down/twister_en.zip
http://download.bleepingcomputer.com/ol ... oveIt2.exe
http://www.zonavirus.com/datos/descarga ... ibagla.asp

3) Disattiva ripristino configurazione sistema
4)Disconnetti da internet spegnendo il modem
5) lancia elibagla(se non dovesse avviarsi insisti riavviando il sistema più volte) e clicca su explorar,terminato riavvia e usa nuovamente elibagla.
6)Solo dopo aver usato elibagla avvia il S.O modalità provvisoria(dovrebbe funzionare, se non va fallo dalla modalità normale, sempre a modem spento)
7)Doppio click su OTMoveIT2.exe
Copia/incolla quanto segue nella finestra "Paste List of Files/Folders
to be moved"


Codice: Seleziona tutto
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.
%SystemDrive%\WINDOWS\system32\mdelk.exe.
%SystemDrive%\WINDOWS\system32\wintems.exe.
%SystemDrive%\WINDOWS\system32\1.exe
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld
%SystemDrive%\WINDOWS\temp\
%UserProfile%\Impostazioni locali\Temporary Internet Files\Content.IE5
%UserProfile%\Impostazioni locali\Temporary Internet Files
%UserProfile%\Impostazioni locali\Temp



8- clicca su MoveIT
Se ti viene proposto il riavvio non farlo e usa ancora elibagla,ora riavvia.
La procedura fino qui va fatta tutta disconnesso da internet

9) Estrai Twister zip Antivirus (è immune da beagle) installalo aggiornalo (IMPORTANTE) scansioni tutto il disco e elimini quello che trova.
10) Posta infine il log di elibagla C:\InfoSat.txt e di OTMoveIt2 in C:\_OTMoveIt\MovedFiles.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "maledetto BAGLE":

omiga plus maledetto
Autore: sparrov
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 58 ospiti