Virus tenaci

Chiuso
jacopo - 22 set 2009 alle 23:31
djmarco74
Posti
1
Data di registrazione
mercoledì 23 settembre 2009
Stato
Membri
Ultimo intervento
mercoledì 23 settembre 2009
- 23 set 2009 alle 14:52
Ciao,
vi scrivo perchè ormai sono 2 giorni che provo ad eliminare dei malware senza riuscirci e non volevo formattare dinuovo il pc, operazione fatta circa 1 mese fa.
I file hanno diversi nomi tra i quali "braviax" e " xpack" cmq questo è il report:

AntiVir PersonalEdition Classic
Report file date: domenica 20 settembre 2009 02:16

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Windows version: (Service Pack 2)


Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: W:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: domenica 20 settembre 2009 02:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'lqz57kx.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOMERunner.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'braviax.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\braviax.exe'
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Process 'braviax.exe' has been terminated
C:\WINDOWS\system32\braviax.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4b1674dc.qua'!
41 processes with 40 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'W:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\braviax.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4b1674e0.qua'!
C:\WINDOWS\braviax.exe
[DETECTION] Contains suspicious code HEUR/Malware
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\WINDOWS\cru629.dat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\cru629.dat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\rgadta.sys
[WARNING] The file could not be read!
C:\WINDOWS\system32\drivers\e1638602.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\str.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Dati>
Begin scan in 'W:\' <Swap>
W:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: domenica 20 settembre 2009 02:40
Used time: 24:03 min

The scan has been done completely.

2500 Scanning directories
282980 Files were scanned
2 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
2 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
282978 Files not concerned
3421 Archives were scanned
4 Warnings
2 Notes

Ho provato con Nod 32 , Antivir e Ad-aware ma niente non vengono eliminati.
Ho provato a rimuovere i file manualmente ma niente.
Non so più cosa provare, ho stondato tutti gli angoli di casa dal nervoso...aiutatemi perfavore.
grazie in anticipo, jacopo

1 risposta

djmarco74
Posti
1
Data di registrazione
mercoledì 23 settembre 2009
Stato
Membri
Ultimo intervento
mercoledì 23 settembre 2009
1
23 set 2009 alle 14:52
ciao hai provato a farlo con avast ....prova a disinstallare l antivirus ..spegni il pc ,reinstalla nuovamente antivirus e fagli fare la scansione ...
1