virus nmdfgds0.dll

[vopa84]

come da titolo l'antivirus mi segnala la presenza del virus nmdfgds0.dll .
Cortesemente vorrei sapere come elinimarlo, posto di seguito il rapporto di systemscan
http://www.savefile.com/files/2093398

[amvinfe]

scarica avenger http://swandog46.geekstogo.com/avenger2/download.php

disconnettiti da internet, disattiva l'antivirus, disinstalla da Pannello di controllo>Installazione Applicazioni>SpyNoMore

non riavviare

===============

esegui avenger.exe

inserisci lo script all'interno del box bianco

Files to delete:
C:\autorun.inf
C:\71739.exe
C:\41586.exe
C:\58109.exe
C:\51139.exe
C:\12978.exe
C:\12110.exe
C:\37067.exe
C:\98998.exe
C:\25077.exe
C:\57486.exe
C:\37483.exe
C:\7059.exe
C:\40206.exe
C:\52419.exe
C:\80780.exe
C:\88988.exe
C:\33837.exe
C:\3720.exe
C:\66731.exe
C:\67654.exe
C:\60947.exe
C:\42580.exe
C:\3091.exe
C:\21041.exe
C:\5823.exe
C:\53557.exe
C:\76897.exe
C:\12283.exe
C:\11794.exe
C:\58883.exe
C:\22666.exe
C:\88674.exe
C:\21059.exe
C:\48385.exe
C:\30042.exe
C:\12151.exe
C:\57366.exe
C:\52127.exe
C:\98512.exe
C:\29977.exe
C:\fbak.exe
C:\WINDOWS\system32\ptmcksy.txt
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\drivers\gzhpgzbz.sys

registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset001\services\p ahul
HKEY_LOCAL_MACHINE\system\controlset001\services\a kfjaadh
HKLM\system\currentcontrolset\services\pahul

metti la spunta su "Automatically disable any rootkits found", clicca su "execute".

Dopo il riavvio copia/incolla il contenuto del file avenger.txt che trovi in C:\

nb
assicurati che l'antivirus sia attivato

[vopa84]

ti ringrazio per l'aiuto, ecco il contenuto del file avenger.txt


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\autorun.inf" deleted successfully.
File "C:\71739.exe" deleted successfully.
File "C:\41586.exe" deleted successfully.
File "C:\58109.exe" deleted successfully.
File "C:\51139.exe" deleted successfully.
File "C:\12978.exe" deleted successfully.
File "C:\12110.exe" deleted successfully.
File "C:\37067.exe" deleted successfully.
File "C:\98998.exe" deleted successfully.
File "C:\25077.exe" deleted successfully.
File "C:\57486.exe" deleted successfully.
File "C:\37483.exe" deleted successfully.
File "C:\7059.exe" deleted successfully.
File "C:\40206.exe" deleted successfully.
File "C:\52419.exe" deleted successfully.
File "C:\80780.exe" deleted successfully.
File "C:\88988.exe" deleted successfully.
File "C:\33837.exe" deleted successfully.
File "C:\3720.exe" deleted successfully.
File "C:\66731.exe" deleted successfully.
File "C:\67654.exe" deleted successfully.
File "C:\60947.exe" deleted successfully.
File "C:\42580.exe" deleted successfully.
File "C:\3091.exe" deleted successfully.
File "C:\21041.exe" deleted successfully.
File "C:\5823.exe" deleted successfully.
File "C:\53557.exe" deleted successfully.
File "C:\76897.exe" deleted successfully.
File "C:\12283.exe" deleted successfully.
File "C:\11794.exe" deleted successfully.
File "C:\58883.exe" deleted successfully.
File "C:\22666.exe" deleted successfully.
File "C:\88674.exe" deleted successfully.
File "C:\21059.exe" deleted successfully.
File "C:\48385.exe" deleted successfully.
File "C:\30042.exe" deleted successfully.
File "C:\12151.exe" deleted successfully.
File "C:\57366.exe" deleted successfully.
File "C:\52127.exe" deleted successfully.
File "C:\98512.exe" deleted successfully.
File "C:\29977.exe" deleted successfully.
File "C:\fbak.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\ptmcksy.txt" not found!
Deletion of file "C:\WINDOWS\system32\ptmcksy.txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\nmdfgds0.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\gzhpgzbz.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\gzhpgzbz.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ pahul" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ pahul" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ akfjaadh" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ akfjaadh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\system\currentcontrolset\services\pahul" not found!
Deletion of registry key "HKLM\system\currentcontrolset\services\pahul" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[vopa84]

all'avvio del pc l'antivirus rileva nuovamente la presenza del file nmdfgds0.dll. Posto il rapporto di sistemscan fatto all'ultimo avvio del pc. http://wikisend.com/download/551224/report.txt

[Deifobe]

Se hai dispositivi usb (pen/HD esterni):

Da Risorse del computer (o qualsiasi altra cartella) clicca su strumenti -> opzioni cartella -> visualizzazione
-> spunta: visualizza cartelle e file nascosti
-> togli la spunta a: nascondi i file protetti di sistema
-> togli la spunta a: nascondi le estensioni per i tipi di file conosciuti

collega i dispositivi al pc tenendo premuto il tasto shift
elimina i file, se presenti:
>>> autorun.inf e fbak.exe
scollega i dispositivi dal pc


Esegui systemscan, clicca sul pulsante "Removal Script" e, nella finestra che si apre, copia/incolla questo script:

files to delete:
C:\autorun.inf
C:\fbak.exe
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\nmdfgds1.dll
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\windrv.sys

Clicca su "Proceed with removal" e il pc si riavviera' per eseguire lo script.
Al riavvio troveri la finestra di SystemScan con un messaggio (blu se lo script e' stato eseguito correttamente - rossa in caso contrario): controlla l'esito e rieseguilo se necessario.


Apri un file di testo e copiaci dentro:

Windows Registry Editor Version 5.00

[HKey_Current_User\Software\Microsoft\Windows\Curre ntVersion\Run]
"cdoosoft"=-
;

salvalo come:
nome: fix.reg
tipo di file: tutti i file
chiudi ed eseguilo. accetta le modifiche (dura solo un attimo)


posta un nuovo systemscan

ciao

[vopa84]

Ciao, ecco il nuovo systemscan
http://wikisend.com/download/562964/report.txt

[Deifobe]

segui avenger in systemscan con questo script:

files to delete:
C:\zip.exe
C:\ljiveqei.bat
C:\WINDOWS\system32\drivers\vkodjofc.sys

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | yiblkcnr

Scarica e installa malwarebytes.
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.
Per ora non rimuovere nulla.


posta anche un nuovo systemscan (esegui solo le scansioni Recent files e Registry run keys)


hai ripulito le unita' usb?

ciao

[vopa84]

ecco i rapporti

http://wikisend.com/download/467152/mbam-log-2009-05-07 (20-34-54).txt

http://wikisend.com/download/905618/report.txt

per quanto riguarda i supporti usb c'era il file autorun.inf in uno è lho eliminato.

Ah ti ringrazio tantissimo per l'aiuto!!!!

Ciao!

[Deifobe]

allora.. rimuovi quanto evidenziato da malwarebytes.
al momento non vedo piu' l'infezione.. per te il pc come va?


ciao
dei

[vopa84]

ora il pc va bene....credo proprio che il problema sia stato risolto.
Ti ringrazio ancora per le preziose indicazioni

ciao