Foro de Spyware - Ver Mensaje Individual - Duda sobre los pasos a seguir para eliminar el Vundo.dll

Tema: Duda sobre los pasos a seguir para eliminar el Vundo.dll

Ver Mensaje Individual

post #8 (permalink)

10/04/07, 19:57:44

Comotu

Usuario

Registrado: abr 2007

Ubicación: BARCELONA

Mensajes: 8

Re: Duda sobre los pasos a seguir para eliminar el Vundo.dll

1º Pase SuperAntiSpyware
----------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 04/10/2007 at 02:33 AM

Application Version : 3.6.1000

Core Rules Database Version : 3215
Trace Rules Database Version: 1225

Scan type : Complete Scan
Total Scan Time : 00:46:37

Memory items scanned : 489
Memory threats detected : 1
Registry items scanned : 5134
Registry threats detected : 9
File items scanned : 37404
File threats detected : 17

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\GEEBX.DLL
C:\WINDOWS\SYSTEM32\GEEBX.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\geebx

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{57E218E6-5A80-4f0c-AB25-83598F25D7E9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{57E218E6-5A80-4f0c-AB25-83598F25D7E9}
HKCR\CLSID\{57E218E6-5A80-4F0C-AB25-83598F25D7E9}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A43008A6-3E80-4D5F-BDDF-8766DCA144B9}
HKCR\CLSID\{A43008A6-3E80-4D5F-BDDF-8766DCA144B9}
HKCR\CLSID\{A43008A6-3E80-4D5F-BDDF-8766DCA144B9}\InprocServer32
HKCR\CLSID\{A43008A6-3E80-4D5F-BDDF-8766DCA144B9}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A43008A6-3E80-4D5F-BDDF-8766DCA144B9}

Adware.Tracking Cookie
C:\Documents and Settings\DJLG\Cookies\diego_jesús@mediaplex[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@tradedoubler[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@stats1.reliables tats[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@msnportal.112.2o 7[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@indexstats[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@es.drivecleaner[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@www.winantivirus[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@drivecleaner[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@login.tracking10 1[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@cpvfeed[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@es.winantivirus[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@www.amaena[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@www.etracker[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@www.drivecleaner[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@adopt.euroclick[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@winantivirus[1].txt

2º Pase SuperAntiSpyware
----------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 04/10/2007 at 12:51 PM

Application Version : 3.6.1000

Core Rules Database Version : 3215
Trace Rules Database Version: 1225

Scan type : Complete Scan
Total Scan Time : 00:12:21

Memory items scanned : 472
Memory threats detected : 4
Registry items scanned : 5135
Registry threats detected : 12
File items scanned : 3532
File threats detected : 12

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\MLJGF.DLL
C:\WINDOWS\SYSTEM32\MLJGF.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\AWTSR.DLL
C:\WINDOWS\SYSTEM32\AWTSR.DLL
HKLM\Software\Classes\CLSID\{8D0C1539-CFFE-4E48-8994-6E022EBB1055}
HKCR\CLSID\{8D0C1539-CFFE-4E48-8994-6E022EBB1055}
HKCR\CLSID\{8D0C1539-CFFE-4E48-8994-6E022EBB1055}\InprocServer32
HKCR\CLSID\{8D0C1539-CFFE-4E48-8994-6E022EBB1055}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8D0C1539-CFFE-4E48-8994-6E022EBB1055}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtsr

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\PMNLL.DLL
C:\WINDOWS\SYSTEM32\PMNLL.DLL

Trojan.Virtumonde/Resident
C:\WINDOWS\SYSTEM32\WPRAADQB.DLL
C:\WINDOWS\SYSTEM32\WPRAADQB.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{57E218E6-5A80-4f0c-AB25-83598F25D7E9}
HKCR\CLSID\{57E218E6-5A80-4F0C-AB25-83598F25D7E9}
HKCR\CLSID\{57E218E6-5A80-4F0C-AB25-83598F25D7E9}\InprocServer32
HKCR\CLSID\{57E218E6-5A80-4F0C-AB25-83598F25D7E9}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{57E218E6-5A80-4f0c-AB25-83598F25D7E9}
HKCR\CLSID\{57E218E6-5A80-4F0C-AB25-83598F25D7E9}

Adware.Tracking Cookie
C:\Documents and Settings\DJLG\Cookies\diego_jesús@go.drivecleaner[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@mediaplex[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@es.drivecleaner[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@go.drivecleaner[3].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@drivecleaner[2].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@klik.klikadverti sing[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@www.amaena[1].txt
C:\Documents and Settings\DJLG\Cookies\diego_jesús@www.drivecleaner[2].txt

3º Pase SuperAntiSpyware
----------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 04/10/2007 at 03:02 PM

Application Version : 3.6.1000

Core Rules Database Version : 3215
Trace Rules Database Version: 1225

Scan type : Complete Scan
Total Scan Time : 00:33:53

Memory items scanned : 217
Memory threats detected : 0
Registry items scanned : 5130
Registry threats detected : 4
File items scanned : 37434
File threats detected : 2

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{3F20797C-E32F-4FEB-82BF-7920A15B25A4}
HKCR\CLSID\{3F20797C-E32F-4FEB-82BF-7920A15B25A4}
HKCR\CLSID\{3F20797C-E32F-4FEB-82BF-7920A15B25A4}\InprocServer32
HKCR\CLSID\{3F20797C-E32F-4FEB-82BF-7920A15B25A4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDABA.DLL

Trojan.Downloader-Gen/LIB
C:\WINDOWS\SYSTEM32\QYYFSCJV.DLL

----------------------------------------------------

1º Pase KasperSky on-line
----------------------------------------------------
Estadísticas
Número de objeros analizados 54351
Virus encontrados 1
Objetos infectados 1 / 0
Objetos sospechosos 0
Duración del análisis 01:13:53

Bombre del objeto infectado Nombre del virus Última acción
C:\Documents and Settings\All Users\Datos de programa\McAfee\SpamKiller\Logs\Filtering.log Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\McAfee.com\Agent\Logs\TaskScheduler\McTsk shd001.log Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\McAfee.com\VSO\OASLogs\OAS.log Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Historial\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Historial\History.IE5\MSHist0120070410200704 11\index.dat Object is locked saltado

C:\Documents and Settings\DJLG\Configuración local\Temp\nsp5.tmp Object is locked saltado

C:\Documents and Settings\DJLG\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\DJLG\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\DJLG\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\DJLG\UserData\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

C:\System Volume Information\_restore{46C4F50D-0ECB-4B33-AFA1-AE1A6069AFA1}\RP1\change.log Object is locked saltado

C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado

C:\WINDOWS\SchedLgU.Txt Object is locked saltado

C:\WINDOWS\SoftwareDistribution\EventCache\{0BB305 78-53E2-4F56-B3F3-6C2BDA8B8D64}.bin Object is locked saltado

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado

C:\WINDOWS\Sti_Trace.log Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\rqrstrr.dll.vir Infectados: not-a-virus:AdWare.Win32.Virtumonde.ij saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\wiadebug.log Object is locked saltado

C:\WINDOWS\wiaservc.log Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.

2º Pase KasperSky on-line
----------------------------------------------------
Estadísticas
Número de objeros analizados 5412
Virus encontrados 1
Objetos infectados 1 / 0
Objetos sospechosos 0
Duración del análisis 00:05:11

Bombre del objeto infectado Nombre del virus Última acción
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\rqrstrr.dll.vir Infectados: not-a-virus:AdWare.Win32.Virtumonde.ij saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

Análisis completado.

De los otros programas no ha habido logs que poner, ya que me indicaban que no habían encontrado ningún archivo o virus del Vundo.dll

Y sobre lo de los iconos del escritorio?

Muchas gracias ACSIS