| Re: Infeccion con Adware Virtumonde
Hola,
Hice casi todos los pasos.
El Killbox no encontro el archivo C:\windows\winlogon.exe
El regedit lo pase varias veces pero no en el modo a prueba de fallos porque en ese modo no tengo mouse y no encontre forma de hacerlo via teclado.
Sigo con problemas:
Scanee todo con el AGV y me encontro virus, paso el informe y en otro tema el log de HijackThis.
Sumo informacion:
encontre el siguiente archivo C:\files.exe, lo borre pero reaparece aleatoriamente de vez en cuando.
En algun momento que la maquina esta lenta apreto Ctrl+Alt+Delete y aparece un proceso Project1.
Encontre una carpeta MSN\Gaming Zone de unos 8Mb que no puedo borrar, los borro y se me regeneran enfrente mio, no lo habia visto nunca. Esta en Archivos de programa
En Inicio Programas tengo un Windows Messenger y un MSN Explorer.
Mientross uso la PC me aparece cada tanto el mensaje: No esta conec ... trabajar sin conexion ... Aceptar Cancelar
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","", "Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce" ,"","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceE x","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi ces","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","", "Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce" ,"","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceE x","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi ces","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Winlogon \Userinit","","Scanned"
"System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
"System registry exefile\shell\open\command","","Scanned"
"System registry scrfile\shell\open\command","","Scanned"
"System registry scrfile\shell\config\command","","Scanned"
"System registry batfile\shell\open\command","","Scanned"
"System registry cmdfile\shell\open\command","","Scanned"
"System registry comfile\shell\open\command","","Scanned"
"System registry piffile\shell\open\command","","Scanned"
"System registry giffile\shell\open\command","","Scanned"
"System registry htmlfile\shell\open\command","","Scanned"
"System registry htafile\shell\open\command","","Scanned"
"System registry jpegfile\shell\open\command","","Scanned"
"System registry txtfile\shell\open\command","","Scanned"
"System registry regfile\shell\open\command","","Scanned"
"System registry cplfile\shell\cplopen\command","","Scanned"
"System registry Word.Document.8\shell\open\command","","Scanned"
"System registry WordPad.Document.1\shell\open\command","","Scanned "
"System registry inffile\shell\open\command","","Scanned"
"System registry vbsfile\shell\open\command","","Scanned"
"System registry vbefile\shell\open\command","","Scanned"
"C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe","ok","Qui ck checked"
"C:\ARCHIV~1\SCROLL~1\MouseElf.exe","ok","Quic k checked"
"C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE","ok","Quick checked"
"C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe","ok","Q uick checked"
"C:\Archivos de programa\Microsoft Office\Office\WINWORD.EXE","ok","Quick checked"
"C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe","ok","Quick checked"
"C:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe","ok","Quick checked"
"C:\WINDOWS\System32\mshta.exe","ok","Quick checked"
"C:\WINDOWS\System32\rundll32.exe","ok","Quick checked"
"C:\WINDOWS\System32\shell32.dll","ok","Quick checked"
"C:\WINDOWS\System32\shimgvw.dll","ok","Quick checked"
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4 T1.EXE","ok","Quick checked"
"C:\WINDOWS\regedit.exe","ok","Quick checked"
"C:\WINDOWS\System32\kernel32.dll","ok","Quick checked"
"C:\WINDOWS\System32\wsock32.dll","ok","Quick checked"
"C:\WINDOWS\System32\user32.dll","ok","Quick checked"
"C:\WINDOWS\System32\shell32.dll","ok","Quick checked"
"C:\WINDOWS\System32\ntoskrnl.exe","ok","Quick checked"
"C:\WINDOWS\System32\drivers\etc\hosts","Change"," Changed"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
"System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","", "Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce" ,"","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceE x","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi ces","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Run","", "Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnce" ,"","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunOnceE x","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi ces","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnce","","Scanned"
"System registry Software\Microsoft\Windows\CurrentVersion\Winlogon \Userinit","","Scanned"
"System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
"System registry exefile\shell\open\command","","Scanned"
"System registry scrfile\shell\open\command","","Scanned"
"System registry scrfile\shell\config\command","","Scanned"
"System registry batfile\shell\open\command","","Scanned"
"System registry cmdfile\shell\open\command","","Scanned"
"System registry comfile\shell\open\command","","Scanned"
"System registry piffile\shell\open\command","","Scanned"
"System registry giffile\shell\open\command","","Scanned"
"System registry htmlfile\shell\open\command","","Scanned"
"System registry htafile\shell\open\command","","Scanned"
"System registry jpegfile\shell\open\command","","Scanned"
"System registry txtfile\shell\open\command","","Scanned"
"System registry regfile\shell\open\command","","Scanned"
"System registry cplfile\shell\cplopen\command","","Scanned"
"System registry Word.Document.8\shell\open\command","","Scanned"
"System registry WordPad.Document.1\shell\open\command","","Scanned "
"System registry inffile\shell\open\command","","Scanned"
"System registry vbsfile\shell\open\command","","Scanned"
"System registry vbefile\shell\open\command","","Scanned"
"C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe","ok","Qui ck checked"
"C:\ARCHIV~1\SCROLL~1\MouseElf.exe","ok","Quic k checked"
"C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE","ok","Quick checked"
"C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe","ok","Q uick checked"
"C:\Archivos de programa\Microsoft Office\Office\WINWORD.EXE","ok","Quick checked"
"C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe","ok","Quick checked"
"C:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe","ok","Quick checked"
"C:\WINDOWS\System32\mshta.exe","ok","Quick checked"
"C:\WINDOWS\System32\rundll32.exe","ok","Quick checked"
"C:\WINDOWS\System32\shell32.dll","ok","Quick checked"
"C:\WINDOWS\System32\shimgvw.dll","ok","Quick checked"
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4 T1.EXE","ok","Quick checked"
"C:\WINDOWS\regedit.exe","ok","Quick checked"
"C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\09MJ8XGV\kybrded_7[1].exe","","Deleted"
"C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\09MJ8XGV\MTE3NDI6ODoxNg[1].exe","","Deleted"
"C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\OPQRSTUV\dfndred_7[1].exe","","Deleted"
Saludos y gracias.  |