Foro de Spyware - Ver Mensaje Individual - Problema con Explorer y spyware

Tema: Problema con Explorer y spyware

Ver Mensaje Individual

post #9 (permalink)

27/02/08, 22:21:52

Arturo GMX Arturo GMX está offline

Usuario

Registrado: feb 2008

Ubicación: Mexico

Mensajes: 7

Re: Problema con Explorer y spyware

Sikartus,

Te anexo los reportes de SmitfraudFix y de Kaspersky Online.

Al tratar de ejecutar Panda Online me aparece un error que dice ERROR DESCARGANDO ACTIVESCAN, por lo que este proceso no lo pude ejecutar, pero en mi PC tengo como antivirus PANDA 2007 y realice el escaneo con este pero no me genera reporte para editar.

Como le hago para solucionar el problema de PANDA ONLINE?

KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 26, 2008 9:27:15 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/02/2008
Kaspersky Anti-Virus database records: 581221
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 84525
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:05:46

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\Data\mas ter.mdf Object is locked skipped
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\Data\mas tlog.ldf Object is locked skipped
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\Data\mod el.mdf Object is locked skipped
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\Data\mod ellog.ldf Object is locked skipped
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\Data\tem pdb.mdf Object is locked skipped
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\Data\tem plog.ldf Object is locked skipped
C:\Archivos de programa\Microsoft SQL Server\Mssql$KEYSCANV\Data\MSSQL$KEYSCANV\LOG\ERRO RLOG Object is locked skipped
C:\Archivos de programa\Prodigy Antivirus\Prodigy Antivirus\6eee1eaef13e36e703744b5ae1d57dd3PSK_NAME S Object is locked skipped
C:\Archivos de programa\Prodigy Antivirus\Prodigy Antivirus\6eee1eaef13e36e703744b5ae1d57dd3PSK_NAME S2 Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Temp\~DF3A75.tmp Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Configuración local\Temp\~DF3A8B.tmp Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Datos de programa\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix\Proce ss.exe Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix\Reboo t.exe Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix\resta rt.exe Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Arturo Gonzalez\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Arturo Gonzalez\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CC34E506-848F-4FAB-BFBE-6FF9397D24D9}\RP2\A0000089.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\_restore{CC34E506-848F-4FAB-BFBE-6FF9397D24D9}\RP2\A0000246.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{CC34E506-848F-4FAB-BFBE-6FF9397D24D9}\RP2\A0000253.exe Object is locked skipped
C:\System Volume Information\_restore{CC34E506-848F-4FAB-BFBE-6FF9397D24D9}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7A51E2 42-B4A0-457B-8E3F-D90B92938BC0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_654.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

SmitFraudFix v2.296

Scan done at 10:44:22.44, 26/02/2008
Run from C:\Documents and Settings\Arturo Gonzalez\Escritorio\AntiSpyware\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{58186769-73F2-4EE4-B003-B4CD871D372F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{58186769-73F2-4EE4-B003-B4CD871D372F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{58186769-73F2-4EE4-B003-B4CD871D372F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Gracias