Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 16
  1. 16-11-2008, 23:52 #1
    emilianoromani
    emilianoromani non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2008
    Messaggi
    7

    problema con wmsncs.exe

    Ciao, ho un problema: dopo aver formattato, più volte, l'HD e reinstallato windows xp, mi compare ogni volta all'avvio il seguente alert:

    wmsncs.exe
    File corrupted!
    Please run a virus-check,then reinstall the application

    Ho letto altri post sull'argomento e anche le soluzioni proposte; io però non ho , sul pc, nessun antivirus attivo perchè, ogni volta che provo a istallarne uno, si interrompe il setup con una schermata d'errore e sono costretto a riavviare.
    Come posso risolvere?
    Grazie
    Rispondi quotando Rispondi quotando
  2. 17-11-2008, 00:04 #2
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ti invio un file con un messaggio privato
    scaricalo, eseguilo e clicca sul tasto n. 4

    ----

    poi, scarica SystemScan
    disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

    carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

    nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  3. 17-11-2008, 01:57 #3
    emilianoromani
    emilianoromani non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2008
    Messaggi
    7
    http://www.savefile.com/files/1889432

    Nel fare la scansione, lo scansystem alla fine si è bloccato,
    anche se mi ha dato comunque il file report
    Rispondi quotando Rispondi quotando
  4. 17-11-2008, 02:12 #4
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    hai anche 1 altra infezione

    Scarica e installa malwarebytes.
    Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
    Esegui una "scansione completa" (seleziona l'opzione)
    A scansione completa, posta il rapporto.

    per il momento non eliminare nulla

    Puoi postare il rapporto direttamente sul forum
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  5. 17-11-2008, 21:48 #5
    emilianoromani
    emilianoromani non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2008
    Messaggi
    7
    Malwarebytes' Anti-Malware 1.30
    Versione del database: 1405
    Windows 5.1.2600 Service Pack 1

    17/11/2008 20.40.19
    mbam-log-2008-11-17 (20-40-11).txt

    Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|)
    Elementi scansionati: 49115
    Tempo trascorso: 6 minute(s), 27 second(s)

    Processi delle memoria infetti: 4
    Moduli della memoria infetti: 2
    Chiavi di registro infette: 7
    Valori di registro infetti: 9
    Elementi dato del registro infetti: 3
    Cartelle infette: 0
    File infetti: 35

    Processi delle memoria infetti:
    C:\WINDOWS\system32\logon.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> No action taken.
    C:\WINDOWS\system32\mdm.exe (Backdoor.Bot) -> No action taken.
    C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

    Moduli della memoria infetti:
    C:\WINDOWS\system32\rfxtbi32.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\rfxtbi.dll (Trojan.FakeAlert) -> No action taken.

    Chiavi di registro infette:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rfxtbi (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\fci (Rootkit.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f ci (Rootkit.ADS) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\f ci (Rootkit.ADS) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i cf (Rootkit.ADS) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i cf (Rootkit.ADS) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\icf (Rootkit.ADS) -> No action taken.

    Valori di registro infetti:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\rs32net (Trojan.FakeAlert.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\rs32net (Trojan.FakeAlert.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\windows logon application (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mmsass (Backdoor.Bot) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\mmsass (Backdoor.Bot) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\windows networking monitoring (Backdoor.Bot) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\windows networking monitoring (Backdoor.Bot) -> No action taken.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\windows networking monitoring (Backdoor.Bot) -> No action taken.

    Elementi dato del registro infetti:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Heuristics.Reserved.Word.Exploit) -> Data: system32\drivers\svchost.exe -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe %windir%\system32\drivers\svchost.exe) Good: (Explorer.exe) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

    Cartelle infette:
    (Nessun elemento malevolo rilevato)

    File infetti:
    C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> No action taken.
    C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> No action taken.
    C:\WINDOWS\system32\rfxtbi32.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\rfxtbi.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0000231.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0000233.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0001176.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0001178.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0002082.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0002084.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0003065.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0003066.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0004077.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0004080.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004172.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004174.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004264.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004265.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0005291.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0005292.dll (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0006292.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0007302.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0007304.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\Temp\BN3.tmp (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\Temp\cfq7.tmp (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\Fonts\wmsncs.exe (Trojan.Agent) -> No action taken.
    C:\Programmi\File comuni\System\wmsncs.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\a.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\logon.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\wins\wmsncs.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\spool\drivers\wmsncs.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> No action taken.
    C:\WINDOWS\system32\mdm.exe (Backdoor.Bot) -> No action taken.
    C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
    Rispondi quotando Rispondi quotando
  6. 17-11-2008, 22:52 #6
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ok ascolta. Esegui il file che trovi nei messaggi privati => tasto 4

    poi, scarica questo file: http://www.savefile.com/files/1890810
    ed eseguilo (dura un attimo)

    esegui malwarebytes ed elimina tutto quanto trovato meno questa, se esce, cortesemente:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe %windir%\system32\drivers\svchost.exe) Good: (Explorer.exe) -> No action taken.

    se esce, deselezionala.
    se malwarebytes ti chiede di riavviare, riavvia.

    riesedui il file 24.exe

    posta il rapporto della scansione di malwarebytes
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  7. 18-11-2008, 02:38 #7
    emilianoromani
    emilianoromani non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2008
    Messaggi
    7
    Ciao, scusa il ritardo:

    Malwarebytes' Anti-Malware 1.30
    Versione del database: 1405
    Windows 5.1.2600 Service Pack 1

    18/11/2008 1.32.21
    mbam-log-2008-11-18 (01-32-21).txt

    Tipo di scansione: Scansione completa (A:\|C:\|D:\|E:\|)
    Elementi scansionati: 52795
    Tempo trascorso: 11 minute(s), 0 second(s)

    Processi delle memoria infetti: 4
    Moduli della memoria infetti: 2
    Chiavi di registro infette: 10
    Valori di registro infetti: 10
    Elementi dato del registro infetti: 1
    Cartelle infette: 0
    File infetti: 54

    Processi delle memoria infetti:
    C:\WINDOWS\system32\logon.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> Unloaded process successfully.
    C:\WINDOWS\system32\mdm.exe (Backdoor.Bot) -> Unloaded process successfully.
    C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

    Moduli della memoria infetti:
    C:\WINDOWS\system32\rfxtbi32.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\rfxtbi.dll (Trojan.FakeAlert) -> Delete on reboot.

    Chiavi di registro infette:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rfxtbi (Trojan.FakeAlert) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a ti0fixx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a ti0fixx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ati0fixx (Rootkit.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f ci (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\f ci (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i cf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i cf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\icf (Rootkit.ADS) -> Quarantined and deleted successfully.

    Valori di registro infetti:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\rs32net (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\windows video drivers (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\windows logon application (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\windows networking monitoring (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\windows networking monitoring (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\windows networking monitoring (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elementi dato del registro infetti:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Cartelle infette:
    (Nessun elemento malevolo rilevato)

    File infetti:
    C:\WINDOWS\system32\rs32net.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rfxtbi32.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\rfxtbi.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0000231.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0000233.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0001176.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP1\A0001178.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0002082.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0002084.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0003065.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0003066.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0004077.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP19\A0004080.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004172.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004174.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0005292.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004264.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0004265.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0005291.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0006292.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0007302.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0007304.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0008212.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0008214.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0008237.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0008238.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0009233.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0009235.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0009296.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0009299.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0010316.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0010379.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F2F5B28E-7127-444C-8E0E-C0DB6D719E29}\RP20\A0010381.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\ati0fixx.sys (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\Temp\arj9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\cfq7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\wmsncs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0938779347-1786978367-503235081-5436\winlogon.exe (Trojan.Agent) -> Delete on reboot.
    C:\Programmi\File comuni\System\wmsncs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\logon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wins\wmsncs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spool\drivers\wmsncs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mldmm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mdm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    Rispondi quotando Rispondi quotando
  8. 18-11-2008, 02:56 #8
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ok. ora posta un nuovo rapporto di systemscan
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  9. 18-11-2008, 03:06 #9
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    stavo guardando il rapporto....
    hai eseguito il primo file come indicato?
    quello che to inviato con un messaggio privato
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
    Rispondi quotando Rispondi quotando
  10. 18-11-2008, 03:17 #10
    emilianoromani
    emilianoromani non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2008
    Messaggi
    7
    Ho provato ad eseguirlo ( il file 24.exe) ma mi dava questo errore:

    unable to open the script file;

    ho poi fatto la scansione e i passi successivi che mi avevi suggerito;
    il report dell'ultima scansione (scansystem) è troppo lungo da copiare in questa casella, come posso inviartelo?
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.