Infezione da Conficker

**x-dana** · 06-08-2009, 15:38

Credo di aver contratto nuovamente il Conficker (anche se in un versione un po' diversa dalla prima volta).
Ho fatto le varie scanzioni e Malwarebytes, questa volta, l'ha trovato come infezione e ne ha rimosso una parte (57 file infetti),
ma, per ora, il pc ancora non mi permette di fare gli aggiornamenti e di collegarmi ai siti antivirus

... che faccio?

**amvinfe** · 06-08-2009, 16:57

Ciao,

scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Vai su http://www.savefile.com/ carica il file con estensione .zip e scrivi, nella tua prossima replica l'URL per poterlo scaricare.

Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.

**x-dana** · 07-08-2009, 16:46

Ciao

, e grazie per la tempestiva risposta amvinfe,

http://www.savefile.com/files/2174961 .

**amvinfe** · 07-08-2009, 17:24

scarica http://swandog46.geekstogo.com/avenger2/download.php

disconnettiti da internet, disattiva antivirus, antispyware...

Esegui avenger.exe, copia/incolla all'interno del box bianco questo script:

Files to delete:
C:\Windows\system32\zaglak.dll
C:\Users\Daniela\AppData\Local\Temp\TFRF137.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF1E5.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF0D7.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF126.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF227.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF1E6.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF238.tmp
C:\Users\Daniela\AppData\Local\Temp\TFRF217.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR54EC.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR551D.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR549A.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR54CB.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR5540.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR553F.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR546A.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR553E.tmp
C:\Users\Daniela\AppData\Local\Temp\~DFCAC6.tmp
C:\Users\Daniela\AppData\Local\Temp\~DFCABB.tmp
C:\Users\Daniela\AppData\Local\Temp\~DFF3C2.tmp
C:\Users\Daniela\AppData\Local\Temp\~DFF3D8.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8BA9.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8BA7.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8AF4.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8BAA.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8B04.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8B46.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8BBC.tmp
C:\Users\Daniela\AppData\Local\Temp\TFR8B76.tmp

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\bkmvdoacm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b kmvdoacm
HKEY_LOCAL_MACHINE\system\controlset003\services\d qmakaa
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\dqmakaa

Metti la spunta su "Automatically disable any rootkits found", clicca su "Execute".
Il pc dovrebbe riavviarsi da solo, diversamente riavvialo tu.

Portati in C:\ copia/incolla il contenuto del file avenger.txt

===

Scarica http://www.suspectfile.com/download/utility.zip
dezippa l'archivio sul desktop.
Disconnettiti da internet, disattiva l'antivirus, antispyware...

Esegui il file Utility.exe
e clicca (SOLO) su

4 ) Enable Security Center's Notifies
8 ) Enable Automatic Updates Service (Wuauserv, BITS)

riavvia il pc.

Riattiva l'antivirus, antispyware... e scrivimi se hai ancora problemi

Ciao

**x-dana** · 10-08-2009, 12:20

Grazie infinite! Ho fatto tutto

qui c'è il rapporto di Avenger:

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\zaglak.dll" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF137.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF1E5.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF0D7.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF126.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF227.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF1E6.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF238.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFRF217.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR54EC.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR551D.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR549A.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR54CB.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR5540.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR553F.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR546A.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR553E.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\~DFCAC6.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\~DFCABB.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\~DFF3C2.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\~DFF3D8.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8BA9.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8BA7.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8AF4.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8BAA.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8B04.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8B46.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8BBC.t mp" deleted successfully.
File "C:\Users\Daniela\AppData\Local\Temp\TFR8B76.t mp" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\bkmvdoacm" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ bkmvdoacm" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\system\controlset003\services\ dqmakaa" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset003\services\ dqmakaa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\dqmakaa" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\servi ces\dqmakaa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

e il computer sembra essere tornato perfettamente normale

. Mille grazie per l'aiuto

!

**amvinfe** · 10-08-2009, 21:47

ok, perfetto

ciao

Discussione: Infezione da Conficker

Strumenti discussione

Ricerca discussione

Visualizza

Infezione da Conficker

Permessi di invio