Ciao a tutti, sono appena entrato in questo forum perchè ho anche io un problema con win32:Vundo@dll[trj] e spero che qualcuno possa aiutarmi ad eliminarlo. Da qualche giorno non mi fa vivere....Non sono una cima con il pc ma spero di potere/riuscire a risolvere grazie a voi. Ciao, a presto.
Stefano
ciao e benvenuto,
scarica SystemScan, disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus, carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto in una nuova discussione tutta tua
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Ciao Deifobe, ho fatto tutto quello che mi hai detto e questo è il link
http://www.savefile.com/files/1578594
Ora?
P.S. per lo scan non ho flaggato hijack....
Stefano
dava fastidio, eh?Originariamente inviato da stefanovito
P.S. per lo scan non ho flaggato hijack...
controllo il rapporto (ma solo metà
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Scarica Avenger e CCleaner
NB: durante la procedura accetta le modifiche al registro (per valori eliminati) richieste da Spybot
Apri il blocco note e nella pagina copia/incolla:
salvalo in c:\ con il nome nome: fix.regWindows Registry Editor Version 5.00
[-HKCR\CLSID\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}]
[-HKCR\CLSID\{4BE9A24F-1D38-467F-9EB3-5D8F171BF611}]
[-HKCR\CLSID\{8072843c-cff2-4cbe-8f24-d9f28134fa4d}]
tipo di file: tutti i file
Esegui avenger e nella finestra copia/incolla tutta la citazione:
Spunta "Automatically disable any rootkits found" e clicca su "execute".files to delete:
C:\WINDOWS\BM73eb57ba.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\BM73eb57ba.txt
C:\WINDOWS\system32\jkkKbBTk.dll
C:\WINDOWS\system32\ydyqbjpd.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\WxxIOXbc.ini2
C:\WINDOWS\system32\WxxIOXbc.ini
C:\WINDOWS\system32\ddcCRJaw.dll
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\removalfile.bat
C:\WINDOWS\system32\jpnuybcm.dll
C:\WINDOWS\system32\dpjbqydy.dll
C:\WINDOWS\system32\cbXOIxxW.dll
C:\WINDOWS\system32\geeawyer.dll
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | BM73eb57ba
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | 70d86426
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkKbBTk
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4BE9A24F-1D38-467F-9EB3-5D8F171BF611}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8072843c-cff2-4cbe-8f24-d9f28134fa4d}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3C98C83D-95DA-4B22-84ED-0E6130B550B1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B26DB1A3-686B-48FB-9EE0-27CBCF4F8A46}
programs to launch on reboot:
c:\fix.reg
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato
Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).
Esegui systemscan
Posta il rapporto di systemscan e quello di avenger (c:\avenger) - (caricali sempre su sendmefile)
Nel frattempo che controllo i rapporti, analizza su Virustotal questi due files:
C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\system32\VistaUltm.dll
salva i risultati e posta anche questi.
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\WINDOWS\BM73eb57ba.xml" not found!
Deletion of file "C:\WINDOWS\BM73eb57ba.xml" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\pskt.ini" not found!
Deletion of file "C:\WINDOWS\pskt.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\BM73eb57ba.txt" not found!
Deletion of file "C:\WINDOWS\BM73eb57ba.txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\jkkKbBTk.dll" not found!
Deletion of file "C:\WINDOWS\system32\jkkKbBTk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\ydyqbjpd.ini" not found!
Deletion of file "C:\WINDOWS\system32\ydyqbjpd.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\clkcnt.txt" not found!
Deletion of file "C:\WINDOWS\system32\clkcnt.txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\WxxIOXbc.ini2" not found!
Deletion of file "C:\WINDOWS\system32\WxxIOXbc.ini2" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\WxxIOXbc.ini" not found!
Deletion of file "C:\WINDOWS\system32\WxxIOXbc.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\ddcCRJaw.dll" not found!
Deletion of file "C:\WINDOWS\system32\ddcCRJaw.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\removalfile.ba t" not found!
Deletion of file "C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\removalfile.ba t" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\jpnuybcm.dll" not found!
Deletion of file "C:\WINDOWS\system32\jpnuybcm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\dpjbqydy.dll" not found!
Deletion of file "C:\WINDOWS\system32\dpjbqydy.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\cbXOIxxW.dll" not found!
Deletion of file "C:\WINDOWS\system32\cbXOIxxW.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\geeawyer.dll" not found!
Deletion of file "C:\WINDOWS\system32\geeawyer.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|BM73eb57ba"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|BM73eb57ba" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|70d86426"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n|70d86426" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks|{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks|{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkKbBTk" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{4BE9A24F-1D38-467F-9EB3-5D8F171BF611}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{8072843c-cff2-4cbe-8f24-d9f28134fa4d}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{3C98C83D-95DA-4B22-84ED-0E6130B550B1}" deleted successfully.
Registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{B26DB1A3-686B-48FB-9EE0-27CBCF4F8A46}" deleted successfully.
Program "c:\fix.reg" successfully queued to run on reboot.
Completed script processing.
*******************
Finished! Terminate.
Sto seguendo tutta la procedura che mi hai consigliato....sto facendo del mio meglio. Grazie
>Nel frattempo che controllo i rapporti, analizza su Virustotal questi due files:
>C:\WINDOWS\system32\Smab0.dll
>C:\WINDOWS\system32\VistaUltm.dll
>salva i risultati e posta anche questi.
Come te li posto questi?
vedo che avevi gia' ripulito, quidi e' tutto ok.
ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Beh, non so che dire....sei stato gentilissimo e spero veramente di avere risolto tutto. Ti devo una birra!!!!!
Stefano
Permessi di invio
Rispondi quotando