1)Disattiva il ripristino configurazione di sistema, se hai windows me/xp
(Clic tasto destro su risorse del computer / proprietà / ripristino conf. di sistema / spunta su "disattiva ripristino conf. di sistema").
2)Fixa:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Virtua Tennis 3
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MinimizeToTray] "C:\DOCUME~1\AcerEnzo\IMPOST~1\Temp\Rar$EX00.110\Mi nimize to tray.exe"
3)Scarica the avenger e incolla questo script:
Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\WINDOWS\emMON.exe
folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32
4)Posta il log di hijackthis e avenger.
|