windows security alert popup

[Deifobe]

eh.. abbiamo qualche ospite...

1) scarica in c:\ mbr.exe, disattiva l'antivirus
start => esegui => digita: c:\mbr.exe -f
Attento che c'è uno spazio da rispettare prima di -f
posta il rapporto, lo trovi in c:\


2) Scarica ed esegui Avenger e nella finestra che si apre copia/incolla:

files to delete:
C:\WINDOWS\system32\8q235fND.exe
C:\WINDOWS\system32\8q235fND.exe.a_a
C:\WINDOWS\system32\2NqGs23o.exe
C:\WINDOWS\system32\2NqGs23o.exe.a_a
C:\WINDOWS\temp\bca4e2da.$$$
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\TEMP\4D5.tmp

registry keys to delete:
HKLM\system\currentcontrolset\services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}
HKLM\system\controlset001\services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}
HKLM\system\controlset002\services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato


3) Scarica e scompatta sul desktop questo file hosts.zip
=> clic con il tasto destro del mouse - "copia" - e "incolla" il file nella cartella C:\Windows\system32\drivers\etc
"ect" è una cartella... => li' troverai già un altro file hosts, quindi accetta la sostituzione


4) analizza il file C:\Documents and Settings\Fabio\Application Data\Google\mjkmsk.dll su Virustotal e posta il link della scansione.


5) posta un nuovo systemscan