sono nuovo di questo forum e navigando un poco in cerca di risposte su come disinfettare il mio pc dal troian TR/VUNDO ho trovato che l'unico modo è usare "HijackThis"..........!!!ma io non ho idea di cosa sia!!!aiuto!!!......non c'è qualcuno che potrebbe gentilmente spiegarmi cosa devo fare????.................grazie mille
Ciao,
scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Vai su http://www.freefilehosting.net carica il file con estensione .zip e scrivi, nella tua prossima replica l'URL per poterlo scaricare.
Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.
NB
la durata della scansione può risultare lunga, potrebbe addirittura sembrare che il programma non stia lavorando, non preoccuparti non è così
grazie mille dell'aiuto........hai bisogno questo link vero:
29_04_2008_20_18_report.zip
......................
1. Apri il Blocco note ed inserisci al suo interno le scritte in blu, fai un copia/incolla
Clicca in alto a sx su "File" poi su "Salva con nome", dalla finestra che si apre clicca in corrispondenza di "Salva come:">seleziona "Tutti i file">nella casella "Nome file" scrivi fix.reg > salva il file in C:\Windows Registry Editor Version 5.00
[-HKCR\CLSID\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
[-HKCR\CLSID\{DCC2D92F-68FB-4A67-BC01-80555E2D6314}]
2. Apri SystemScan>Clicca su "Removal Script".
Allinterno del box bianco copia ed incolla i valori riportati qui sotto in rosso:
ora clicca su "Proceed with removal" e poi su OK.Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{DCC2D92F-68FB-4A67-BC01-80555E2D6314}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}
registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {4020100D-29D7-4392-AFD5-5AD713FF4B88}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Windows Update
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | newname
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | keyboard
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | defender
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Updates
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx | Update Checker
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx | icq lite
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services | icq lite
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services | Update Checker
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services | Microsoft Updates
Files to delete:
C:\WINDOWS\system32\jkkKDstS.dll
C:\WINDOWS\system32\xxyyvWNg.dll
C:\WINDOWS\scvhost.exe
C:\WINDOWS\System32\svehost.exe
C:\\defender21.exe
c:\\keyboard21.exe
c:\\newname21.exe
C:\WINDOWS\system32\keys.txt
C:\WINDOWS\system32\gNWvyyxx.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\gNWvyyxx.ini2
C:\DOCUME~1\ARNABO~1\IMPOST~1\Temp\upk49skf.exe
C:\DOCUME~1\ARNABO~1\IMPOST~1\Temp\removefiles.txt temp
C:\WINDOWS\tsc.exe
Programs to launch on reboot:
c:\fix.reg
Il pc dovrebbe riavviarsi da solo, diversamente riavvialo manualmente
Portati in C:\ postami il contenuto del log generato da Avenger (avenger.txt) insieme ad uno nuovo di SystemScan
tutte le operazione vanno eseguite NON connesso e con l'antivirus disabilitao
....appena dopo che il computer si è riavviato dentro alla fiinestrella nera del prompt comandi mi diceva un sacco di volte impossibilitato a cancellare il file (e altre cose del genere)...è normale?.....inoltre alla domanda inserire i dati contenuti in fix.reg nel registro di sistema io ho risposto "si"....è giusto?.......
ti do il link per la scansione di system scan:
[URL="http://www.freefilehosting.net/files/3gb
e ti copio di seguito il result di avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\lbgjnfvm
*******************
Script file located at: \??\C:\WINDOWS\sdetdcry.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\jkkKDstS.dll deleted successfully.
File C:\WINDOWS\system32\xxyyvWNg.dll not found!
Deletion of file C:\WINDOWS\system32\xxyyvWNg.dll failed!
Could not process line:
C:\WINDOWS\system32\xxyyvWNg.dll
Status: 0xc0000034
File C:\WINDOWS\scvhost.exe not found!
Deletion of file C:\WINDOWS\scvhost.exe failed!
Could not process line:
C:\WINDOWS\scvhost.exe
Status: 0xc0000034
File C:\WINDOWS\System32\svehost.exe not found!
Deletion of file C:\WINDOWS\System32\svehost.exe failed!
Could not process line:
C:\WINDOWS\System32\svehost.exe
Status: 0xc0000034
File C:\\defender21.exe not found!
Deletion of file C:\\defender21.exe failed!
Could not process line:
C:\\defender21.exe
Status: 0xc0000034
File c:\\keyboard21.exe not found!
Deletion of file c:\\keyboard21.exe failed!
Could not process line:
c:\\keyboard21.exe
Status: 0xc0000034
File c:\\newname21.exe not found!
Deletion of file c:\\newname21.exe failed!
Could not process line:
c:\\newname21.exe
Status: 0xc0000034
File C:\WINDOWS\system32\keys.txt deleted successfully.
File C:\WINDOWS\system32\gNWvyyxx.ini deleted successfully.
File C:\WINDOWS\system32\clkcnt.txt deleted successfully.
File C:\WINDOWS\system32\gNWvyyxx.ini2 deleted successfully.
File C:\DOCUME~1\ARNABO~1\IMPOST~1\Temp\upk49skf.exe deleted successfully.
File C:\DOCUME~1\ARNABO~1\IMPOST~1\Temp\removefiles.txt temp deleted successfully.
File C:\WINDOWS\tsc.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{DCC2D92F-68FB-4A67-BC01-80555E2D6314} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks|{4020100D-29D7-4392-AFD5-5AD713FF4B88} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |Windows Update deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |newname deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |keyboard deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |defender deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |Microsoft Updates deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx|Update Checker deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx|icq lite deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services|icq lite deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services|Update Checker deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services|Microsoft Updates deleted successfully.
Program c:\fix.reg successfully set up to run once on reboot.
Program C:\Documents and Settings\arnaboldi onorato\Desktop\sys32686.exe successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
grazie...........
L'URL per poter scaricare il report non è completo
30_04_2008_10_20_report1.zip.....................
apri SystemScan>Clicca su "Removal Script".
Allinterno del box bianco copia ed incolla i valori riportati qui sotto
ora clicca su "Proceed with removal" e poi su OK.registry values to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List | C:\WINDOWS\svchost.exe
Il pc dovrebbe riavviarsi da solo, diversamente riavvialo manualmente
Portati in C:\ postami il contenuto del log generato da Avenger (avenger.txt)
nel prompt dice sempre impossibile trovare alcuni file............................
avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\xlqwbvas
*******************
Script file located at: \??\C:\Documents and Settings\upvshnir.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not delete registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List|C:\WINDOWS\svchost.exe
Deletion of registry value HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List|C:\WINDOWS\svchost.exe failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List|C:\WINDOWS\svchost.exe
Status: 0xc000000d
Program C:\Documents and Settings\arnaboldi onorato\Desktop\sys32686.exe successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
Da Start>Esegui scrivi
regedit
dai l'OK
Portati in
HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List
apri la cartellina List, cerca ed elimina dal pannelo di dx (click di dx sul valore)
C:\WINDOWS\svchost.exe
Riavvia.
Nel caso dovessi avere ulteriori problemi, siamo qua.
Ciao
Permessi di invio
Rispondi quotando