Foro de Spyware - Ver Mensaje Individual - Voy a formatear el servidor por el Wininet.dll

Tema: Voy a formatear el servidor por el Wininet.dll

Ver Mensaje Individual

post #1 (permalink)

15/07/05, 12:17:55

Eudy

Usuario

Registrado: jul 2005

Ubicación: Caracas

Mensajes: 1

Voy a formatear el servidor por el Wininet.dll

Hola amigos!!!!

Tengo un servidor W2000 Advanced server en la compañia donde trabajo que tiene el virus DesktopHijack "asi lo llama Symantec pues me lo detecta el norton Corporate", a pesar de que tengo la firma del antivirus a la fecha, el norton no puede limpiar el virus porque infectó el archivo Wininet.dll, manualmente he tratado de reemplazar la dll, renombrarla y me ha sido imposible, se que esta dll es genuina del Windows y sirve para hacer cache de respuestas http, pero no consigo manera de resolver este problema, he leido en este foro que otra persona ha tenido el problema y la comunidad lo ha logrado resolver, en su caso Panda reconocio al virus como SmthFraud, pero me parece que es identica a mi situacion, he ejecutado el Hijackthis pero no se interpretar las entradas, por esto les posteo el LOG agradeciendoles encarecidamente cualquier orientacion al respecto.

Logfile of HijackThis v1.99.0
Scan saved at 10:46:56 AM, on 7/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\smss.e xe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\Program Files\Dell\OpenManage\ihv\CIO\IOMGR.EXE
C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\HACKTR~1\HTSERVICE.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Dell\OpenManage\ihv\CIO\CIONOTIFIER.EXE
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\cleaner.CIBERDYNE\Desktop\HijackThis_1.99 .0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/rutabdpda/login.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/rutabdpda/login.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AuCaption] DSA OMSA Reminder
O4 - HKLM\..\Run: [AuFlag]
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ulmpotel] C:\WINNT\ulmpotel.exe
O4 - HKLM\..\Run: [I3pbRKyJ] C:\Documents and Settings\ezerpa\WINDOWS\besdphm123456.exe
O4 - HKLM\..\Run: [killdhcp] C:\WINNT\system32\killdhcpclient.exe
O4 - HKLM\..\Run: [killoleadm] C:\WINNT\system32\killoleadm.exe
O4 - HKLM\..\Run: [killddeclnt] C:\WINNT\system32\killddeclnt.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster1234567.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [killdhcpclient] C:\WINNT\system32\killdhcpclient.exe
O4 - HKCU\..\Run: [killoleadm] C:\WINNT\system32\killoleadm.exe
O4 - HKCU\..\Run: [killnetddeclnt] C:\WINNT\system32\killddeclnt.exe
O4 - Global Startup: Administrador de servicios.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Hack Tracer Startup.lnk = C:\Program Files\Hack Tracer\HTTray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\cleaner.ciberdyne\windows\system32\rnr20. dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ve/games3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ciberdyne.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{523719A8-777F-4F15-905F-3D6BA80A0DEC}: NameServer = 200.31.4.70,200.31.4.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{907E1E89-E296-48E1-A690-205C857016BC}: NameServer = 200.31.4.70,200.31.4.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0374685-39C5-450A-B9CF-B08CB3C52944}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ciberdyne.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ciberdyne.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ciberdyne.net
O23 - Service: Alerter - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: Application Management - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: Background Intelligent Transfer Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: Computer Browser - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: CIO Array Management Service 4.01 - Adaptec, Inc. - C:\Program Files\Dell\OpenManage\ihv\CIO\IOMGR.EXE
O23 - Service: CIOArrayManager RPC Command - Unknown - C:\Program Files\Dell\OpenManage\ihv\CIO\IOMRPCCM.EXE
O23 - Service: CIOArrayManager RPC Event - Unknown - C:\Program Files\Dell\OpenManage\ihv\CIO\IOMRPCEV.EXE
O23 - Service: CIO Event Notifier - Unknown - C:\Program Files\Dell\OpenManage\ihv\CIO\CIONOTIFIER.EXE
O23 - Service: ClipBook - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\clipsr v.exe (file missing)
O23 - Service: Dell OpenManage Server Agent Event Monitor - Dell Computer Corporation. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
O23 - Service: Dell OpenManage Server Agent - Dell Computer Corporation. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Distributed File System - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\Dfssvc .exe (file missing)
O23 - Service: DHCP Client - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: DNS Server - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\dns.ex e (file missing)
O23 - Service: DNS Client - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: Event Log - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Hack Tracer Monitor - Unknown - C:\PROGRA~1\HACKTR~1\HTSERVICE.exe
O23 - Service: Intersite Messaging - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\ismser v.exe (file missing)
O23 - Service: Kerberos Key Distribution Center - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\lsass. exe (file missing)
O23 - Service: Server - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: Workstation - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: License Logging Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\llssrv .exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: mr2kserv - Unknown - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Network DDE - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\netdde .exe (file missing)
O23 - Service: Network DDE DSDM - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\netdde .exe (file missing)
O23 - Service: Net Logon - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\lsass. exe (file missing)
O23 - Service: Network Connections - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: NobleNet Portmapper - Unknown - C:\Program Files\Dell\OpenManage\ihv\CIO\PORTSERV.EXE
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: File Replication Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\ntfrs. exe (file missing)
O23 - Service: NT LM Security Support Provider - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\lsass. exe (file missing)
O23 - Service: Removable Storage - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: Plug and Play - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: IPSEC Policy Agent - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\lsass. exe (file missing)
O23 - Service: HP Printserver - Unknown - C:\WINNT\system32\printserver.exe (file missing)
O23 - Service: Protected Storage - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: Remote Access Connection Manager - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: Routing and Remote Access - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: Remote Registry Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\regsvc .exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Client - Unknown - C:\WINNT\system32\ggg.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\locato r.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) - Unknown - C:\Documents.exe (file missing)
O23 - Service: QoS RSVP - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\rsvp.e xe (file missing)
O23 - Service: Remote Administrator Service - Unknown - C:\WINNT\system32\r_server.exe (file missing)
O23 - Service: Security Accounts Manager - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\lsass. exe (file missing)
O23 - Service: Smart Card Helper - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\SCardS vr.exe (file missing)
O23 - Service: Smart Card - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\SCardS vr.exe (file missing)
O23 - Service: Task Scheduler - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\MSTask .exe (file missing)
O23 - Service: RunAs Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: System Event Notification - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\svchos t.exe (file missing)
O23 - Service: Serv-U FTP Server - Unknown - c:\winnt\system32\svchost1.exe (file missing)
O23 - Service: Server Administrator - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
O23 - Service: Internet Connection Sharing - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: SNMP Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\snmp.e xe (file missing)
O23 - Service: SNMP Trap Service - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\snmptr ap.exe (file missing)
O23 - Service: Print Spooler - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\spools v.exe (file missing)
O23 - Service: Performance Logs and Alerts - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\smlogs vc.exe (file missing)
O23 - Service: Telephony - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)
O23 - Service: Terminal Services - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\termsr v.exe (file missing)
O23 - Service: Terminal Services Licensing - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\lserve r.exe (file missing)
O23 - Service: Distributed Link Tracking Server - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: Distributed Link Tracking Client - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\servic es.exe (file missing)
O23 - Service: Uninterruptible Power Supply - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\ups.ex e (file missing)
O23 - Service: Utility Manager - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\UtilMa n.exe (file missing)
O23 - Service: Disk Management Service - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
O23 - Service: Windows Time - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\servic es.exe (file missing)
O23 - Service: Window Recycler - Unknown - C:\WINNT\system32\recycler.dll (file missing)
O23 - Service: Windows Management Instrumentation - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\WBEM\W inMgmt.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\system32\Servic es.exe (file missing)
O23 - Service: Wireless Configuration - Unknown - C:\Documents and Settings\cleaner.CIBERDYNE\WINDOWS\System32\svchos t.exe (file missing)

Gracias de antemano
Eudy