View Full Version : reboot continuo
buonasera a tutti..
ho un problema con un netbook..si riavvia di continuo..e non riesco ad entrare neanche in modalità provvisoria..credo si tratti di rootkit.gen..ma non ne sono sicuro..ora mi chiedo cosa mi conviene fare? anche perchè il netbook è ovviamente senza lettore..quindi non posso mettere un cd autoavviante..qualche altra soluzione?
grazie dell'aiuto..
Chill-Out
10-04-2010, 11:43
Ciao, perchè ipotizzi un rootkit.gen? Quale software di sicurezza ha rilevato l'infezione (Avira Antivir)?
Riesci a recuperare un lettore DVD esterno? Se si utilizza Avira o Kaspesky Rescue per disinfettare il PC, qui di seguito trovi le Guide dedicate:
http://www.hwupgrade.it/forum/showthread.php?t=1689812
http://www.hwupgrade.it/forum/showthread.php?t=1878747
prima di riavviarsi nella scansione antivir mi aveva trovato un rootkit (mi pare) comunque vediamo se riesco a procurarmelo..grazie..
sono riuscito ad avviare il computer grazie ad antivir rescue system..adesso per "ripulire" il pc cosa mi conviene fare? c'è qualche altra guida? sto già usando mbam..
Chill-Out
10-04-2010, 16:21
Segui esattamente nell'ordine indicato la Guida alla disinfezione (http://www.hwupgrade.it/forum/showthread.php?t=1599737) allegando tutti i log prodotti in un'unico post secondo le sottoindicate modalità, grazie per la collaborazione.
Modalità di pubblicazione dei log:
Ogni singolo log, esclusivamente in formato .txt a parte SynInspector .xml, deve essere hostato nell'ordine indicato in Guida su uno dei server remoti elencati nelle Regole di sezione (http://www.hwupgrade.it/forum/showthread.php?t=1751598).
questo è il log di mbam..ho rimosso 58 file infetti..
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Versione database: 3974
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/04/2010 16.21.30
mbam-log-2010-04-10 (16-21-30).txt
Tipo di scansione: Scansione veloce
Elementi esaminati: 100407
Tempo trascorso: 8 minuti, 12 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 8
Valori di registro infetti: 2
Voci infette nei dati di registro: 2
Cartelle infette: 3
File infetti: 43
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mplay32xe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.
Voci infette nei dati di registro:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Cartelle infette:
C:\WINDOWS\_VOIDtipufdxwhp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.
File infetti:
C:\WINDOWS\system32\_VOIDdxirnsfoob.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDlnvebwexvi.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDtasmdulqpm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\umdztj.sys.XXX (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\xbahh.sys.XXX (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\093.exe (Trojan.Palevo.Gen.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\499.exe (Trojan.Palevo.Gen.B2) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\5c2a1dd4.tmp.XXX (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\665.exe (Trojan.Palevo.Gen.B4) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\asdB.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\mplay32xe.exe.XXX (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\TMP7961.tmp.XXX (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\dhdhtrdhdrtr5y.XXX (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Impostazioni locali\Temp\_VOID7e24.tmp.XXX (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\_VOIDtipufdxwhp\_VOIDd.sys.XXX (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\about.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\activate.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\buy.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\help.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\scan.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\settings.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\Uninstall.exe.XXX (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\update.ico (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\urp.db (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\urpext.dll (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\urphook.dll (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Programmi\Your Protection\urpprot.exe.XXX (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\About.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Activate.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Buy.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Scan.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Settings.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Update.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Your Protection Support.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Menu Avvio\Programmi\Your Protection\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Preferiti\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\Desktop\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_VOIDnkowsxqymw.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\pippo\csrss.exe (Trojan.Agent) -> Delete on reboot.
Chill-Out
10-04-2010, 17:05
Modalità di pubblicazione dei log:
Ogni singolo log, esclusivamente in formato .txt a parte SynInspector .xml, deve essere hostato nell'ordine indicato in Guida su uno dei server remoti elencati nelle Regole di sezione (http://www.hwupgrade.it/forum/showthread.php?t=1751598).
ho dovuto utilizzare antivir rescue system..per un altro pc..ma quando cerco di avviarlo mi compare il pinguino di linux..e dopo mi compare una scritta che non capisco e dopo la quale si blocca..."druecken sie ALT-F7 um in die grafische oberflache zuruckzukehren"
"press ALT-F7 to return to the graphical user interface"
cosa faccio?
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.