PDA

View Full Version : TR/vundo.gen2

micheleg75
10-05-2011, 17:20
Ciao a tutti, l'altro giorno da una scansione effettuata con Avira è saltato fuori lui

Avira Log
http://www.mediafire.com/?j42bw4tvflq4348

Comunque riavvio e avira non riesce ad eliminarlo.
Problemi di connessione e lentezza del sistema mi fanno impazzire e trovo la guida di HWupgrade....

1 disattivo la protezione del sistema

2 cambio i dns

3 eseguo ATF Cleaner

4 Malwarebytes log
http://www.mediafire.com/?nfpva31db9gb27m

5 ComboFix log
http://www.mediafire.com/?5rzlg9vaqhy9uvs

6 Kasp log
http://www.mediafire.com/?ku0lgj2ms78cxgp

7 Prevx log
http://www.mediafire.com/?96rrwoquvz6c295

8 HJ log
http://www.mediafire.com/?2vixat8gex2muw3

Il computer se riavvio e eseguo la scansione con avira mi ritrova il file.

Mi potete aiutare.
Grazie in anticipo
Chill-Out
10-05-2011, 18:16
Ciao a tutti, l'altro giorno da una scansione effettuata con Avira è saltato fuori lui

Avira Log
http://www.mediafire.com/?j42bw4tvflq4348

Comunque riavvio e avira non riesce ad eliminarlo.
Problemi di connessione e lentezza del sistema mi fanno impazzire e trovo la guida di HWupgrade....


Il computer se riavvio e eseguo la scansione con avira mi ritrova il file.

Mi potete aiutare.
Grazie in anticipo

Avresti dovuto allegare i log qui

http://www.hwupgrade.it/forum/showthread.php?t=1933875

comunque controlla su VT http://www.virustotal.com/ il seguente file

C:\Windows\SysWOW64\RegCtrlr.dll

per i risultati basta copiare ed incolare nel prossimo post l'URL rilasciata a fine scansione.
micheleg75
10-05-2011, 18:47
Antivirus

Version

Last Update

Result



AhnLab-V3

2011.05.11.00

2011.05.10

-



AntiVir

7.11.7.214

2011.05.10

-



Antiy-AVL

2.0.3.7

2011.05.10

-



Avast

4.8.1351.0

2011.05.10

-



Avast5

5.0.677.0

2011.05.10

-



AVG

10.0.0.1190

2011.05.10

-



BitDefender

7.2

2011.05.10

-



CAT-QuickHeal

11.00

2011.05.10

-



ClamAV

0.97.0.0

2011.05.10

-



Commtouch

5.3.2.6

2011.05.10

-



Comodo

8652

2011.05.10

-



DrWeb

5.0.2.03300

2011.05.10

-



Emsisoft

5.1.0.5

2011.05.10

-



eSafe

7.0.17.0

2011.05.09

-



eTrust-Vet

36.1.8318

2011.05.10

-



F-Prot

4.6.2.117

2011.05.10

-



F-Secure

9.0.16440.0

2011.05.10

-



Fortinet

4.2.257.0

2011.05.10

-



GData

22

2011.05.10

-



Ikarus

T3.1.1.103.0

2011.05.10

-



Jiangmin

13.0.900

2011.05.09

-



K7AntiVirus

9.103.4614

2011.05.10

-



Kaspersky

9.0.0.837

2011.05.10

-



McAfee

5.400.0.1158

2011.05.10

-



McAfee-GW-Edition

2010.1D

2011.05.10

-



Microsoft

1.6802

2011.05.10

-



NOD32

6110

2011.05.10

-



Norman

6.07.07

2011.05.10

-



nProtect

2011-05-10.01

2011.05.10

-



Panda

10.0.3.5

2011.05.10

-



PCTools

7.0.3.5

2011.05.10

-



Prevx

3.0

2011.05.10

-



Rising

23.57.01.05

2011.05.10

-



Sophos

4.65.0

2011.05.10

-



SUPERAntiSpyware

4.40.0.1006

2011.05.10

-



Symantec

20101.3.2.89

2011.05.10

-



TheHacker

6.7.0.1.191

2011.05.09

-



TrendMicro

9.200.0.1012

2011.05.10

-



TrendMicro-HouseCall

9.200.0.1012

2011.05.10

-



VBA32

3.12.16.0

2011.05.09

-



VIPRE

9244

2011.05.10

-



ViRobot

2011.5.9.4451

2011.05.10

-



VirusBuster

13.6.346.0

2011.05.10

-





Additional information

Show all



MD5 : 9249a6c6949cb68a3cd1c4889372f65d



SHA1 : 2d5255c98868392ec903c62ddfcf52dd8b5cc1c4



SHA256: 87f1633175383d1fa234542b6f0d4dff34f4535d4c62d9144042855d5cf737ff



ssdeep: 768:d57rR/PTsXHR5jKUece//YEa7TY2TD1zihtixI3HfuWrlX:d5p3Qh5mrR/YEmHTD1cixWpl
X



File size : 41472 bytes



First seen: 2009-07-19 23:35:23



Last seen : 2011-05-10 17:41:49



TrID:
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)



sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: RegCtrl
original name: RegCtrl.dll
internal name: RegCtrl
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned




PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x7475
timedatestamp....: 0x4A5BC633 (Mon Jul 13 23:41:39 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x80EC, 0x8200, 6.29, 0257003495c3736b525b8abbd135a794
.data, 0xA000, 0x504, 0x200, 1.29, 125e7e96e260947e51e940e440b911fd
.rsrc, 0xB000, 0x1078, 0x1200, 4.05, 433ea3fc18b115b6bee5093a7a053d75
.reloc, 0xD000, 0x7EC, 0x800, 5.49, a8e6e868df2f9e77fddf117f2d640914

[[ 8 import(s) ]]
msvcrt.dll: _onexit, _lock, __dllonexit, _unlock, _errno, realloc, _except_handler4_common, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _amsg_exit, _initterm, _XcptFilter, ___V@YAXPAX@Z, malloc, free, __3@YAXPAX@Z, memcpy_s, _CxxThrowException, wcscpy_s, __2@YAPAXI@Z, _purecall, memset, ___U@YAPAXI@Z, __CxxFrameHandler3, wcscat_s, wcsncpy_s
USER32.dll: UnregisterClassA, CharNextW
KERNEL32.dll: InterlockedExchange, GetVersionExA, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, MultiByteToWideChar, GetThreadLocale, SetThreadLocale, OutputDebugStringA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, lstrlenW, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetLastError, LoadLibraryW, GetProcAddress, GetModuleHandleW, lstrcmpiW, GetModuleFileNameW, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, FreeLibrary, Sleep
ADVAPI32.dll: RegDeleteValueW, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegCloseKey
ole32.dll: CLSIDFromProgID, CoCreateInstance, CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, StringFromGUID2
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
POWRPROF.dll: PowerDeterminePlatformRole
SHLWAPI.dll: UrlGetPartW, SHRegCloseUSKey, SHRegWriteUSValueW, SHRegCreateUSKeyW, SHRegGetValueW

[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer




ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 33280
CompanyName: Microsoft Corporation
EntryPoint: 0x7475
FileDescription: RegCtrl
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 40 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 6.1.7600.16385
ImageVersion: 6.1
InitializedDataSize: 8192
InternalName: RegCtrl
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Dynamic link library
OriginalFilename: RegCtrl.dll
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7600.16385
ProductVersionNumber: 6.1.7600.16385
Subsystem: Windows GUI
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 01:41:39+02:00
UninitializedDataSize: 0




Symantec reputation:Suspicious.Insight
micheleg75
10-05-2011, 18:48
scusa se non riesco a mettere il link ma non lo trovo

abbi pazienza
Chill-Out
11-05-2011, 08:01
scusa se non riesco a mettere il link ma non lo trovo

abbi pazienza

Se posti dappertutto complichi il lavoro di chi presta assistenza, si prosegue qui http://www.hwupgrade.it/forum/showthread.php?p=35126534#post35126534