Foro de Spyware - Ver Mensaje Individual

Tema: Virus Messenger

Ver Mensaje Individual

post #9 (permalink)

04/02/08, 17:27:25

Rakel c

Usuario

Registrado: ene 2008

Ubicación: España

Mensajes: 10

Re: Virus Messenger

Hola ya estoy por aquí otra vez, muchas gracias por todo, antes de nada, estoy aprendiendo mucho.

Te paso el reporte del
OTmoveit

Sun Feb 03 11:34:44 2008
EliStartPage v15.57 (c)2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.errorprotector.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.systemdoctor.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.utils.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.win-virus-pro.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispam.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispy.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantiviruspro.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivesafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer2006.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 trafficgraphics.trafficgraphics.com
Linea Eliminada del HOSTS --> 127.0.0.1 trafficgraphics.trafficgraphics.com
Eliminada Carpeta "%Archivos de Programa%\HbTools"
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE

Sun Feb 03 11:37:03 2008
EliStartPage v15.57 (c)2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE

Mon Feb 04 19:42:34 2008
EliStartPage v15.58 (c)2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE

Mon Feb 04 19:43:05 2008
EliStartPage v15.58 (c)2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Archivos de programa\Sony\Shared Plug-Ins\File Formats\MCMPEG\MCPLUG.DLL --> Eliminado, WinAntiVirus Pro 2006 (BHO)
C:\FORMAT\Works\CD1\Launcher\LAUNCHER.EXE --> Eliminado, MailSkinner

Nº Total de Directorios: 9141
Nº Total de Ficheros: 79586
Nº de Ficheros Analizados: 15423
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2

y ahora el del kaspersky

\Documents and Settings\All Users\Datos de programa\Microsoft\Crypto\RSA\MachineKeys\623fd4f9 a3c073cd819f8511097f97ad_6bac3320-1d3b-41f3-bb90-8590674f087d Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Crypto\RSA\MachineKeys\c2ca1d88 6919d5c31d02f0b3d32301dd_6bac3320-1d3b-41f3-bb90-8590674f087d Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\Raquel\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado
C:\Documents and Settings\Raquel\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Raquel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Raquel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Raquel\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Raquel\Configuración local\Historial\History.IE5\MSHist0120080204200802 05\index.dat Object is locked saltado
C:\Documents and Settings\Raquel\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Raquel\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Raquel\NTUSER.DAT.LOG Object is locked saltado
C:\FORMAT\misdoc\codecs de audio y video\Elisoft.Codec.Pack.14.0.(Spanish).Install.ex e/divx511\fsg_4104.exe Infectados: not-a-virus:AdWare.Win32.Gator.4104 saltado
C:\FORMAT\misdoc\codecs de audio y video\Elisoft.Codec.Pack.14.0.(Spanish).Install.ex e Gentee: infectado - 1 saltado
C:\FORMAT\misdoc\Mis archivos recibidos\mirc612.rar/mirc612.exe/data0001.bin Infectados: not-a-virus:Client-IRC.Win32.mIRC.612 saltado
C:\FORMAT\misdoc\Mis archivos recibidos\mirc612.rar/mirc612.exe Infectados: not-a-virus:Client-IRC.Win32.mIRC.612 saltado
C:\FORMAT\misdoc\Mis archivos recibidos\mirc612.rar RAR: infectado - 2 saltado
C:\Poder4.5\mirc.exe Infectados: not-a-virus:Client-IRC.Win32.mIRC.603 saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\Temp\Perflib_Perfdata_3ac.dat Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Archivos de programa\Eset\infected\34PAIHCA.NQF Infectados: Trojan-Dropper.Win32.VB.db saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Archivos de programa\Eset\infected\4NZ30OAA.NQF Infectados: Trojan.Win32.Obfuscated.en saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Archivos de programa\Eset\infected\NES1DEBA.NQF Infectados: Trojan.Win32.Obfuscated.en saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Archivos de programa\Eset\infected\TCCVKVDA.NQF/data0002 Infectados: not-a-virus:AdWare.Win32.180Solutions.ay saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Archivos de programa\Eset\infected\TCCVKVDA.NQF NSIS: infectado - 1 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Archivos de programa\Eset\infected\TCCVKVDA.NQF PE-Crypt.XorPE: infectado - 1 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Documents and Settings\COLI\Configuración local\Archivos temporales de Internet\Content.IE5\6S7QFOO2\backup\mirc.exe Infectados: not-a-virus:Client-IRC.Win32.mIRC.612 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\MIRC + IRCAP + KEYGEN\mirc612.exe/data0001.bin Infectados: not-a-virus:Client-IRC.Win32.mIRC.612 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\MIRC + IRCAP + KEYGEN\mirc612.exe mIRC: infectado - 1 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\_Otros\RADMIN\radmin21.zip/RADMIN21.EXE/AdmDll.dll Infectados: not-a-virus:RemoteAdmin.Win32.RAdmin.20 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\_Otros\RADMIN\radmin21.zip/RADMIN21.EXE/raddrv.dll Infectados: not-a-virus:RemoteAdmin.Win32.RAdmin.20 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\_Otros\RADMIN\radmin21.zip/RADMIN21.EXE/radmin.exe Infectados: not-a-virus:RemoteAdmin.Win32.RAdmin.21 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\_Otros\RADMIN\radmin21.zip/RADMIN21.EXE/r_server.exe Infectados: not-a-virus:RemoteAdmin.Win32.RAdmin.21 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\_Otros\RADMIN\radmin21.zip/RADMIN21.EXE Infectados: not-a-virus:RemoteAdmin.Win32.RAdmin.21 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\Javi Programitas\02 PROG\INTERNET\_Otros\RADMIN\radmin21.zip ZIP: infectado - 5 saltado
C:\_OTMoveIt\MovedFiles\02032008_112705\mIRC\mirc. exe Infectados: not-a-virus:Client-IRC.Win32.mIRC.612 saltado

Análisis completado.

Gracias otra vez de verdad