Ciao Nico
posti anche un rapporto di SystemScan, cortesemente?
Ciao Nico
posti anche un rapporto di SystemScan, cortesemente?
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
....e infatti c'è ancora C:\WINDOWS\karna.dat che ti era stato eliminato.
e questo perchè di karna.dat ne viene creato una copia (!) in C:\WINDOWS\system32\karna.dat.. Quindi sei infetto da allora..non è mai stata eliminata davvero. Ma vedo che hai anche un system32\brastk.exe e non so cos'altro....
scarico il rapporto.. ti rispondo domattina appena posso.
Ciao
dei
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Ho rifatto un'altra scansione con Systemscan visto che è di qualche giorno fa quella che ti ho linkato: http://freefilehosting.net/download/41iga
ciao, sono appena rientrata da lavoro.. controllo subito il rapporto..
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
non credo che i file ci siano, è solo un problema di registro sporco.
esegui Avenger e nella finestra copia/incolla
Spunta "Automatically disable any rootkits found" e clicca su "execute".files to delete:
C:\WINDOWS\system32\drivers\TDSSpqlt.sys
C:\WINDOWS\system32\TDSSoiqt.dll
C:\WINDOWS\system32\TDSSlrvd.dat
C:\WINDOWS\system32\TDSShrxr.dll
C:\WINDOWS\system32\TDSSmtql.dll
C:\WINDOWS\system32\TDSSxfum.dll
C:\WINDOWS\system32\TDSSlxwp.dll
C:\WINDOWS\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSsahc.dll
C:\WINDOWS\system32\TDSSrhyp.dll
C:\WINDOWS\system32\drivers\svchost.exe
registry values to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List | C:\WINDOWS\system32\drivers\svchost.exe
registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T DSSserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T DSSserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\T DSSserv
HKEY_LOCAL_MACHINE\SYSTEM\currentControlSet\Servic es\TDSSserv
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato in c:\avenger
analizza su Virustotal questo file e posta i link all'analisi: C:\WINDOWS\unvise32.exe
il resto l'hai rimosso.
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\system32\drivers\TDSSpqlt.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\TDSSpqlt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSoiqt.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSoiqt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\TDSSlrvd.dat" deleted successfully.
Error: file "C:\WINDOWS\system32\TDSShrxr.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSShrxr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSmtql.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSmtql.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSxfum.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSxfum.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSlxwp.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSlxwp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSnmxh.log" not found!
Deletion of file "C:\WINDOWS\system32\TDSSnmxh.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSsahc.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSsahc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\TDSSrhyp.dll" not found!
Deletion of file "C:\WINDOWS\system32\TDSSrhyp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\svchost.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAcce ss\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List|C:\WINDOWS\system32\drivers \svchost.exe" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ TDSSserv" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ TDSSserv" deleted successfully.
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ TDSSserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ TDSSserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\currentControlSet\Servi ces\TDSSserv" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\currentControlSet\Servi ces\TDSSserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
ok. Se puoi, dovresti farmi una cortesia.
visualizza i file nascosti
vai nella cartella:
c:\documents and settings\PC mamma\dati applicazioni\malwarebytes\quarantine
clicca sulla cartella quarantine e zippala
caricala su savefile e inviamio il link con un messaggio privato (non metterlo sul forum, mi raccomando)
sul forum, invece, posta un nuovo systemscan
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
[cut]
Permessi di invio
Rispondi quotando