Traif1502
11-12-2008, 17:21
Salve a tutti! Ho usato CCleaner.exe, MalwarebytesAM.exe e ComboFix.exe per eliminare quel virus.. Ora sono pulito?
View Full Version : Resycler e boot.com
wjmat
11-12-2008, 17:35
ciao
carica i log dei programmi utilizzati secondo le modalità (http://www.hwupgrade.it/forum/showthread.php?t=1779308)
se non sai dove trovarli vedi nel bigino in firma le info
carica i log dei programmi utilizzati secondo le modalità (http://www.hwupgrade.it/forum/showthread.php?t=1779308)
se non sai dove trovarli vedi nel bigino in firma le info
Traif1502
11-12-2008, 17:38
Questo è quello di MalwarebytesAM.exe
Traif1502
11-12-2008, 17:39
Questo è quello di ComboFix.exe
Prima di eseguire i tre programmi ho anche seguito questa procedura:
Here’s the REAL way to clean this off your system. You should do these steps after a fresh reboot or in safe mode.
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operrating system files
5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.
6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present.
7) Check “c:\windows\prefetch” for boot.com file and delete if present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND
12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should work now.
Worked for me at least. I ran NAV2008 2 times on it and it was able to find the files but unable to remove them for some reason. Doing this, seems to have completely resolved the issue for me.
Good luck!
-Maj
Prima di eseguire i tre programmi ho anche seguito questa procedura:
Here’s the REAL way to clean this off your system. You should do these steps after a fresh reboot or in safe mode.
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operrating system files
5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.
6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present.
7) Check “c:\windows\prefetch” for boot.com file and delete if present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND
12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should work now.
Worked for me at least. I ran NAV2008 2 times on it and it was able to find the files but unable to remove them for some reason. Doing this, seems to have completely resolved the issue for me.
Good luck!
-Maj
Traif1502
11-12-2008, 18:12
Adesso se provo a giocare a GTA mi esce questa schermata (prima dell'arrivo del virus funzionava tutto)
http://www.fileden.com/files/2008/8/27/2068366/Immagine.JPG
http://www.fileden.com/files/2008/8/27/2068366/Immagine.JPG
wjmat
11-12-2008, 19:01
riedita il post relativo al log di hjt
di combo dovresti avere un altro log perchè l'hai fatto girare 2 volte
di combo dovresti avere un altro log perchè l'hai fatto girare 2 volte
Traif1502
11-12-2008, 19:46
Non ho capito :(
wjmat
11-12-2008, 20:21
il log di hjt lo riediti caricandolo secondo le modalità
nella cartella di combo dovresti trovare un altro log
nella cartella di combo dovresti trovare un altro log
Traif1502
11-12-2008, 20:38
Post editato.. Dentro la cartella di ComboFix non c'è nulla, solo WRP.cfexe
Chill-Out
11-12-2008, 20:46
Post editato.. Dentro la cartella di ComboFix non c'è nulla, solo WRP.cfexe
Il log lo trovi in C:\ComboFix.txt comunque dopo aver visto il tuo log di MBAM mi sento di consigliarti la Guida alla disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1599737)
Il log lo trovi in C:\ComboFix.txt comunque dopo aver visto il tuo log di MBAM mi sento di consigliarti la Guida alla disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1599737)
Traif1502
11-12-2008, 21:22
No non c'è il log.. Comunque significa che ho qualche virus?
Chill-Out
11-12-2008, 21:25
No non c'è il log.. Comunque significa che ho qualche virus?
Direi proprio di si
Direi proprio di si
Traif1502
12-12-2008, 23:08
Ok grazie mille
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.