Generic.brontok.10ee6ea3
My computer was infected by this virus and I can't eliminate it!
Can you help me, please?
This is my log file:
//-----------------------------------------------------------------
//
// Prodotto: BitDefender Antivirus Plus v10
// Prodotto: 10.2
//
// Creato il: 22/05/2008 12:50:25
//
//-----------------------------------------------------------------
Statistiche
Esaminazione : C:\Documents and Settings\All Users
Cartelle : 458
File : 2523
70
Processi di memoria scansionatiArchivi : 3
File rinominati : 138
Virus identificati : 1
File infetti : 21
Processi di memoria infettati : 0
File sospetti : 0
Segnalazioni : 0
File ripuliti : 0
File cancellati : 0
File spostati : 21
Errori di accesso : 0
Tempo di scansione : 00:03:53
Velocità di scansione (file/sec) :10
Stastiche Spyware
Chiavi di registro scansionate: 409
Chiavi di registro infettate : 0
Cookies scansionati : 206
Cookies infettati : 0
File Spyware infettati : 0
Minacce Spyware rilevate : 0
Definizioni dei virus : 842116741
Esamina plugin : 16
Archiviazione dei plugin : 42
Plugin disimpaccati : 7
Plugin di mail : 6
Plugin di sistema : 5
Opzioni di scansione
Cancella
[X] Esamina i settori di boot
[X] Processi di memoria
[ ] Esamina gli archivi
[X] Esamina l'interno di programmi impaccati
[X] Esamina le email
Tipo di file
[ ] Programmi
[X] Tutti i file
[ ] Estensioni definite dall'utente:
[ ] Esclude le estensioni: ;
Azione
Oggetti infetti
[ ] Ignora
[X] Ripulisci
[ ] Cancella
[ ] Muovi in Quarantena[ ] Avvertenza all'utente
Seconda azione
[ ] Ignora
[ ] Cancella
[X] Muovi in Quarantena[ ] Avvertenza all'utente
Opzioni di scansione
[X] Abilita le segnalazioni
[X] Attiva la ricerca euristica
[ ] Mostra tutti i file di log
[X] File di rapporto: C:\Documents and Settings\Federico Illengo\Dati applicazioni\BitDefender\Desktop\Profiles\Logs\user_0002\1211453425.log
Opzioni di scansione Spyware
[X] Scansione per gli oggetti a rischio
[ ] Salta chiamate e applicazioni dalla scansione
[X] Chiavi di registro
[X] Cookies
Risultati:
C:\Documents and Settings\All Users\Documenti\Data user.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Data user.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Data user.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Adobe PDF.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Adobe PDF.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Adobe PDF.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Extras\Extras.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Extras\Extras.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Extras\Extras.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Settings\Settings.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Settings\Settings.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Settings\Settings.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Immagini campione.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Immagini campione.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Immagini campione.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Impressionism - GalleryPlayer\Impressionism - GalleryPlayer.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Impressionism - GalleryPlayer\Impressionism - GalleryPlayer.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Impressionism - GalleryPlayer\Impressionism - GalleryPlayer.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Landscapes - GalleryPlayer\Landscapes - GalleryPlayer.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Landscapes - GalleryPlayer\Landscapes - GalleryPlayer.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Landscapes - GalleryPlayer\Landscapes - GalleryPlayer.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Masterpieces - GalleryPlayer\Masterpieces - GalleryPlayer.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Masterpieces - GalleryPlayer\Masterpieces - GalleryPlayer.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Masterpieces - GalleryPlayer\Masterpieces - GalleryPlayer.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Nature - GalleryPlayer\Nature - GalleryPlayer.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Nature - GalleryPlayer\Nature - GalleryPlayer.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Nature - GalleryPlayer\Nature - GalleryPlayer.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Travel - GalleryPlayer\Travel - GalleryPlayer.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Travel - GalleryPlayer\Travel - GalleryPlayer.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Travel - GalleryPlayer\Travel - GalleryPlayer.exe Spostato
C:\Documents and Settings\All Users\Documenti\Immagini\Vintage - GalleryPlayer\Vintage - GalleryPlayer.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Immagini\Vintage - GalleryPlayer\Vintage - GalleryPlayer.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Immagini\Vintage - GalleryPlayer\Vintage - GalleryPlayer.exe Spostato
C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Musica campione.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Musica campione.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Musica campione.exe Spostato
C:\Documents and Settings\All Users\Documenti\Musica\Musica.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Musica\Musica.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Musica\Musica.exe Spostato
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\0008BAFC\0008BAFC.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\0008BAFC\0008BAFC.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\0008BAFC\0008BAFC.exe Spostato
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\Sample Playlists.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\Sample Playlists.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\Sample Playlists.exe Spostato
C:\Documents and Settings\All Users\Documenti\Musica\Sync Playlists\0008BB2B\0008BB2B.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Musica\Sync Playlists\0008BB2B\0008BB2B.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Musica\Sync Playlists\0008BB2B\0008BB2B.exe Spostato
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempRec.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempRec.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempRec.exe Spostato
C:\Documents and Settings\All Users\Documenti\Registri MCE\Registri MCE.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Registri MCE\Registri MCE.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Registri MCE\Registri MCE.exe Spostato
C:\Documents and Settings\All Users\Documenti\SharedDocs.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\SharedDocs.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\SharedDocs.exe Spostato
C:\Documents and Settings\All Users\Documenti\Video\Video.exe Infetto Generic.Brontok.10EE6EA3
C:\Documents and Settings\All Users\Documenti\Video\Video.exe Impossibile eseguire la pulizia
C:\Documents and Settings\All Users\Documenti\Video\Video.exe Spostato
Comments
-
download the file form the following link http://students.info.uaic.ro/~mihai.benchea/AVIS/
install it, update it and scan for spyware only.0 -
I could do you a Combofix ****** based on the Bitdefender log, but it will delete all the infected files and some programs will fail to work
Do you want this ?!0 -
yes, please. The files in the log are created by the virus, I don't need this file....
I could do you a Combofix ****** based on the Bitdefender log, but it will delete all the infected files and some programs will fail to work
Do you want this ?!0 -
You cand do this or you can reebot in safe mode and delete them one by one.
But first, pack them into a zip or rar archive with the password infected and attach them here or put them on a server and leave here the link please (for the BD Lab)
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Open Notepad and paste this in an new fileFile::
C:\Documents and Settings\All Users\Documenti\Data user.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Adobe PDF.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Extras\Extras.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Settings\Settings.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Immagini campione.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Impressionism - GalleryPlayer\Impressionism - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Landscapes - GalleryPlayer\Landscapes - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Masterpieces - GalleryPlayer\Masterpieces - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Nature - GalleryPlayer\Nature - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Travel - GalleryPlayer\Travel - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Vintage - GalleryPlayer\Vintage - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Musica campione.exe
C:\Documents and Settings\All Users\Documenti\Musica\Musica.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\0008BAFC\0008BAFC.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\Sample Playlists.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sync Playlists\0008BB2B\0008BB2B.exe
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempRec.exe
C:\Documents and Settings\All Users\Documenti\Registri MCE\Registri MCE.exe
C:\Documents and Settings\All Users\Documenti\SharedDocs.exe
C:\Documents and Settings\All Users\Documenti\Video\Video.exe
Save the file as CFScript.txt, drag-n-drop it over ComboFix.exe like in the image
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here0 -
I try to pack them into a rar but it doesn't work....
I've sent this files to the bitdefender lab through the quarantine...You cand do this or you can reebot in safe mode and delete them one by one.
But first, pack them into a zip or rar archive with the password infected and attach them here or put them on a server and leave here the link please (for the BD Lab)
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Open Notepad and paste this in an new file
Save the file as CFScript.txt, drag-n-drop it over ComboFix.exe like in the image
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here0 -
I try to pack them into a rar but it doesn't work....
I've sent this files to the bitdefender lab through the quarantine...
Good job0 -
Here it is the log file, but the virus is still on my computer....
ComboFix 08-05-21.3 - Federico Illengo 2008-05-23 0.08.19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.513 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Federico Illengo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Federico Illengo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\All Users\Documenti\Data user.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Adobe PDF.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Extras\Extras.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Settings\Settings.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Immagini campione.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Impressionism - GalleryPlayer\Impressionism - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Landscapes - GalleryPlayer\Landscapes - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Masterpieces - GalleryPlayer\Masterpieces - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Nature - GalleryPlayer\Nature - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Travel - GalleryPlayer\Travel - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Vintage - GalleryPlayer\Vintage - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Musica campione.exe
C:\Documents and Settings\All Users\Documenti\Musica\Musica.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\0008BAFC\0008BAFC.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\Sample Playlists.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sync Playlists\0008BB2B\0008BB2B.exe
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempRec.exe
C:\Documents and Settings\All Users\Documenti\Registri MCE\Registri MCE.exe
C:\Documents and Settings\All Users\Documenti\SharedDocs.exe
C:\Documents and Settings\All Users\Documenti\Video\Video.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Documenti\Data user.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Adobe PDF.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Extras\Extras.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Adobe PDF\Settings\Settings.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini campione\Immagini campione.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Immagini.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Impressionism - GalleryPlayer\Impressionism - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Landscapes - GalleryPlayer\Landscapes - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Masterpieces - GalleryPlayer\Masterpieces - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Nature - GalleryPlayer\Nature - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Travel - GalleryPlayer\Travel - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Immagini\Vintage - GalleryPlayer\Vintage - GalleryPlayer.exe
C:\Documents and Settings\All Users\Documenti\Musica\Musica campione\Musica campione.exe
C:\Documents and Settings\All Users\Documenti\Musica\Musica.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\0008BAFC\0008BAFC.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sample Playlists\Sample Playlists.exe
C:\Documents and Settings\All Users\Documenti\Musica\Sync Playlists\0008BB2B\0008BB2B.exe
C:\Documents and Settings\All Users\Documenti\Registrazioni\TempRec\TempRec.exe
C:\Documents and Settings\All Users\Documenti\Registri MCE\Registri MCE.exe
C:\Documents and Settings\All Users\Documenti\SharedDocs.exe
C:\Documents and Settings\All Users\Documenti\Video\Video.exe
C:\Documents and Settings\Guest\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Creati Da 2008-04-22 al 2008-05-22 )))))))))))))))))))))))))))))))))))
.
2008-05-22 22:41 . 2008-05-22 22:41 <DIR> d-------- C:\Programmi\File comuni\BitDefender
2008-05-22 22:41 . 2008-05-22 22:41 <DIR> d-------- C:\Programmi\BitDefender
2008-05-09 20:32 . 2008-05-09 20:32 244 --ah----- C:\sqmnoopt01.sqm
2008-05-09 20:32 . 2008-05-09 20:32 232 --ah----- C:\sqmdata01.sqm
2008-05-07 23:30 . 2008-05-07 23:38 <DIR> d-------- C:\Documents and Settings\Federico Illengo\.blurb
2008-05-07 23:24 . 2008-05-07 23:27 <DIR> d-------- C:\Programmi\BookSmart
2008-04-26 12:22 . 2008-04-26 12:22 105,296 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-24 21:22 . 2008-04-24 21:22 <DIR> d-------- C:\Documents and Settings\Federico Illengo\LocalLow
2008-04-24 21:22 . 2008-04-24 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 11:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-22 11:04 --------- d-----w C:\Programmi\DC++
2008-04-25 21:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-04-22 17:21 --------- d-----w C:\Programmi\Safari
2008-04-22 17:19 --------- d-----w C:\Programmi\Apple Software Update
2008-04-20 14:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-04-20 11:14 --------- d-----w C:\Programmi\Photomatix
2008-04-08 16:44 --------- d-----w C:\Programmi\iTunes
2008-04-08 16:43 --------- d-----w C:\Programmi\iPod
2008-04-08 16:41 --------- d-----w C:\Programmi\QuickTime
2008-04-01 17:57 --------- d-----w C:\Documents and Settings\Federico Illengo\Dati applicazioni\Apple Computer
2008-03-28 02:05 --------- d-----w C:\Programmi\Coolstreaming_Tool-Bar_v1.0
2008-03-28 02:05 --------- d-----w C:\Programmi\Conduit
2008-03-27 19:22 --------- d-----w C:\Programmi\StreamerOne
2008-03-27 10:38 --------- d-----w C:\Programmi\File comuni\Deterministic Networks
2008-03-27 07:33 --------- d-----w C:\Programmi\Cisco Systems
2008-03-18 11:37 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-15 13:33 139,952 ----a-w C:\Documents and Settings\Federico Illengo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-03-23 10:48 912 ----a-w C:\Programmi\INSTALL.LOG
2007-03-04 02:38 92,064 ----a-w C:\Documents and Settings\Federico Illengo\mqdmmdm.sys
2007-03-04 02:38 9,232 ----a-w C:\Documents and Settings\Federico Illengo\mqdmmdfl.sys
2007-03-04 02:38 79,328 ----a-w C:\Documents and Settings\Federico Illengo\mqdmserd.sys
2007-03-04 02:38 66,656 ----a-w C:\Documents and Settings\Federico Illengo\mqdmbus.sys
2007-03-04 02:38 6,208 ----a-w C:\Documents and Settings\Federico Illengo\mqdmcmnt.sys
2007-03-04 02:38 5,936 ----a-w C:\Documents and Settings\Federico Illengo\mqdmwhnt.sys
2007-03-04 02:38 4,048 ----a-w C:\Documents and Settings\Federico Illengo\mqdmcr.sys
2007-03-04 02:38 25,600 ----a-w C:\Documents and Settings\Federico Illengo\usbsermptxp.sys
2007-03-04 02:38 22,768 ----a-w C:\Documents and Settings\Federico Illengo\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 15:00 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"nwiz"="nwiz.exe" [2006-02-16 16:34 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 16:34 7557120]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 23:21 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"Toshiba Hotkey Utility"="C:\Programmi\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 19:12 1769472]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:33 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.exe" [2004-03-01 05:00 98304]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-01-26 03:31 185896]
"NvMediaCenter"="NvMCTray.dll" [2006-02-16 16:34 86016 C:\WINDOWS\system32\nvmctray.dll]
"Automatico EPSON Stylus CX6600 Series su WST-001"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.exe" [2004-03-01 05:00 98304]
"BDAgent"="C:\Programmi\Softwin\BitDefender10\bdagent.exe" [2008-01-17 15:18 69632]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-01-13 03:48 275800]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 21:29 994072]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"BDMCon"="C:\Programmi\Softwin\BitDefender10\bdmcon.exe" [2008-01-17 15:18 290816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 15:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 22:19:10 1753088]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-18 13:37:29 67128]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2008-03-18 13:25:55 789008]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-07-25 19:08:32 155648]
VPN Client.lnk - C:\Programmi\Cisco Systems\VPN Client\vpngui.exe [2007-04-03 17:18:14 1537064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\StreamerOne\\StreamerOne.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\DC++\\DCPlusPlus.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
R2 MSCamSvc;MSCamSvc;"C:\Programmi\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 00:13]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 06:42]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 21:29]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 08:42]
S3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2006-01-17 16:30]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-22 10:33:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-21 08:02:01 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-05-22 22:25:23 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 00:26:15
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-23 0:36:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 22:36:15
19 Directory 79,866,597,376 byte disponibili
22 Directory 80,199,266,304 byte disponibili
235 --- E O F --- 2008-05-16 09:21:250 -
Now Bitdefender says that there is also a file called eksplorasi.exe....
I don't know what to do!0 -
http://www.bleepingcomputer.com/startups/e....exe-13150.html
Please post here a new Hijackthis log !0 -
Moved to a more appropriate section.
Cris.0 -
I scanned my computer with Spybot S&C, AdAware and AVG 8.0.... They removed a lot of things...
After that I scanned my computer with Bitdefender and there were no more Brontok files...
It remains only eksplorasi.exe at startup.....
this is my Hijackthis log file:/applications/core/interface/file/attachment.php?id=2035" data-fileid="2035" rel="">hijackthis.log
0 -
Use please version 2.0.2 of Hijackthis and post the log here ! http://forum.bitdefender.com/index.php?showtopic=5668
And then,
Start->Run->msconfig
Startup tab and put here a screenshot with all the prosesses from where !
Check if eksplorasi.exe is in your Windows folder( c:/windows/eksplorasi.exe )
If is there, pack it in a zip or rar archive with the password infected and attach it here or put it on a server and leave here the link please (for the BD Lab)
You can reboot then in safe mode and delete manually !0 -
Eksplorasi.exe is not in my windows folder.....
Here there are the Screenshots....Use please version 2.0.2 of Hijackthis and post the log here ! http://forum.bitdefender.com/index.php?showtopic=5668
And then,
Start->Run->
Startup tab and put here a screenshot with all the prosesses from where !
Check if eksplorasi.exe is in your Windows folder( c:/windows/eksplorasi.exe )
If is there, pack it in a zip or rar archive with the password infected and attach it here or put it on a server and leave here the link please (for the BD Lab)
You can reboot then in safe mode and delete manually !
0 -
smss is suspect !
http://www.bleepingcomputer.com/startups/P....exe-22290.html
Uncheck it please !
Download SDFix and save the file to your desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
Tutorial: http://www.bleepingcomputer.com/forums/topic131299.html0 -
Please upload smss.exe in an archive protected with the password infected.
0 -
this is the file
Please upload smss.exe in an archive protected with the password infected./applications/core/interface/file/attachment.php?id=2040" data-fileid="2040" rel="">smss.rar
0 -
The file is clean. Are you sure you attached the file located in C:Documents and settings... and not the original smss.exe, located in c:\Windows\System32?
0 -
Yes, sorry!
But I can't find this file in b]C:Documents and settings...[/b]
You can see also in this picture.....
0 -
I try also with SDFix but the virus is still on my computer.....
smss is suspect !
http://www.bleepingcomputer.com/startups/P....exe-22290.html
Uncheck it please !
Download SDFix and save the file to your desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
Tutorial: http://www.bleepingcomputer.com/forums/topic131299.html0 -
I'd like to try this
http://www.trendmicro.com/vinfo/virusencyc...EH&VSect=Sn
but i can't acces to the registry....0 -
here the smss.exe file....
I didn.t find it because avg erase it every time I reboot..../applications/core/interface/file/attachment.php?id=2048" data-fileid="2048" rel="">smss.rar
0 -
I`ve sent you a PM.
0 -
Ok I've done this!
but after rebooting the smss.exe is still here....
I've done the scan...
and then?what I have to done?
see the screenshot....I`ve sent you a PM.
0 -
I'd like to try this
http://www.trendmicro.com/vinfo/virusencyc...EH&VSect=Sn
but i can't acces to the registry....
http://www.taskmanagerfix.com/enable-disabled-regedit
Use this to fix your registry !0 -
Ok I've done this!
but after rebooting the smss.exe is still here....
I've done the scan...
and then?what I have to done?
see the screenshot....
It should prompt you for an action. The infected file was detected, but it should have asked you for an action. Please make sure that at Scan - Actions, Prompt user for action is selected, and try again.0 -
I've done this scan... (look at the picture)Immagine 9.jpg
but at the end of the scan compares the same that I've post you before.... Immagine7.jpg
0 -
http://www.spywareremove.com/removeWormBrontok.html
Please follow Worm.Brontok Manual Removal Instructions steps !0 -
Ok I'll try this...
There is a problem:
Folder Options is no more in the Tools menu!!!!!!0 -
And I can't also find Worm Brontok...also bitdefender doesn't find it....but avg says that I have some files like smss.exe or empty.tif, and the initial files like sharedocs.exe, etc.
At the startup every time says that can't find Eksplorasi.exe....0 -
Ok I'll try this...
There is a problem:
Folder Options is no more in the Tools menu!!!!!!
http://www.kellys-korner-xp.com/regs_edits/folderoptions.reg
Use this !0 -
ok but the virus is still on my computer.....
0 -
Did you use the .reg file ?!
http://www.spywareremove.com/removeWormBrontok.html
Please follow Worm.Brontok Manual Removal Instructions steps !0 -
In step 1 : I didn´t find Worm.Brontok
In step 2 : In task manager I didn´t find eksplorasi.exe, worm.brontok and bronstab.exe...
In step 3 : I can´t go to the registry because It says hat editor is disabled by the administrator...I´ve tried also the program Taskmanagerfix but it doesn´t work....
Every time I reboot Bitdefender says tha there is generik.brontok in some files in Documents and settings and over files like smss.exe , every reboot compares also a message that says didn´t find eksplorasi.exe...
If I make a search I can find smss.exe and eksplorasi.exe...I´ve send you two days ago...
What can I do??0 -
I can't enter in my registry:
I try to duplicate with another name but doesn't work, I try with Taskmanagerfix but doesn't work...
please help me!0 -
I've tried with Kaspersky free but also this can't remove this virus...
the exact name is Worm.win32.Brontok.g
Help!Help!0 -
http://www.bitdefender.com/site/LinuxDefender-Mirrors.html
Download LinuxDefender Live! CD
Burn it and boot from the cd and run a sistem scan !0 -
I've installed bit torrent...but every link of this page doesn't work!
look at the pic!
crysty2k5's EDIT : posts merged !0 -
What pic ?!
Ask one of your friends/neighbours to burn the iso image for you0
