TI CONSIGLIO DI RIVOLGERTI AD UN ESPERTO SOLO LUI SAPRà CONSIGLIARTI GIUSTAMENTE E FARE IN MODO DI AGGIUSTARE IL TUTTO SENZA DANNEGGIARE NESSUN FILE... BACI.





ATTENZIONE: HELP AIUTATEMI è IMPORTANTE CLICCATE TUTTI QUI GRAZIE!

https://answersrip.com/question/index?qid=20080929130346AAXhPpH

Non rischi niente.

Poi questo e un Malware di ultima generazione e percio nod non lo trova come non lo possono trovare nussun antivirus,l'unica soluzione a mio parere é di entrare in modalita provvisoria ed eliminarlo manualmente,cerca nelle cartelle del sistema xche é li che si trova.

FAI COSI:scarica avast e poi clicchi sull'icona schedule-boot time scan ,dove c'è l'immagine di una freccia in alto a sinistra,riavviera il pc in automatico ed effettuerà la scansione di tutto il pc...

Senti,misure drastiche.Vai al doenload:www.xnavigation.net/view/145/spybot/search/destroy/download.html

Spero di esserti stato utile,è molto aggiornato perciò

Scarica e installa avira antivir free decisamente meglio di nod, fidati...

Fai una scansione e magari te lo becca ed elimina.

Se per caso è un trojan allora devi scansionare con malwarebyteantimalware e superantispyware, ambedue li trovi gratis nei loro siti ufficiali e sono i numeri 1 come antispyware

10:1 che risolvi, ciao ciao..

qui la soluzione...



1.Reboot you're the tester in SAFE MODE (press F9 during boot-up)

and log-in as Administrator. You will need to be logged on as the

Administrator account to perform the steps below.



2.Download StartUp ControlPanel. You will use this later. For more

information regarding StartUp Control Panel, go here



3.Open Windows Task Manager ([Ctrl] + [Alt] - [Delete] or [Ctrl] +

[LShift] - [Esc] ) and go to the Processes tab.



4.Terminate Wscript.exe and Explorer.exe process.



5.Open Command Prompt (open Run and type cmd)



6.From the Command Prompt, type the following:

"del c:\pooh.vbs /f/s/q/a" where pooh.vbs is the name of the script, ex. va6.vbs



del c:\autorun.inf



del c:\windows\system32\kernell.dll.vbs



del c:\aikelyu.html /f/s/q/a, where aikelyu.html is the Gdooey Mae.bmp in your situation



7.Now use the StartUp Control Panel you had just downloaded

earlier to remove the "Gdooey Mae.bmp" during Windows startup. Also, to

check if the "Gdooey Mae.bmp" file has been deleted, open Microsoft

Configuration (open Run and type msconfig) and select the Startup tab

and see if there is still the "Gdooey Mae.bmp" file with a check in the

checkbox. If it is still there, uncheck it.



8.Open the Run Dialog Box again and type regedit.



9. Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

in the left pane. After which, in the right pane, check the Shell string

and change it to: explorer.exe. The corrupted string value has a

userinit=userinit.exe combined with explorer.exe.



10.To finally check that you had deleted "va6.vbs" from your system,

go to Control Panel - Folder Options. On the View tab, choose "Show

hidden files", uncheck "Hide protected operating system files

(Recommended)" and "Hide extensions for known file types". and press OK.



11.Open Windows Explorer ( [Windows] - [E] ), and go to C:\ and

check to make sure that va6.vbs file has been deleted. Go to

C:\WINDOWS\system32 and check if the "Gdooey Mae.bmp" file and

kernell.dll.vbs file have been deleted. If they are still present,

manually delete them and empty the Recycle Bin.



12. Search the entire system, including hidden files and folders for any

of the infected files:

-kernell.dll.vbs

-va6.vbs

-autorun.inf



13. Reboot the tester. Make sure that internet explorer during

the windows startup with a webpage with black background and the word

"aikelyu" does not load. If you do not see the webpage then you have

successfully removed the worm.





ciao