Foro de Spyware - Ver Mensaje Individual - Vundo, ventanas de publicidad y otros (Solucionado)

Tema: Vundo, ventanas de publicidad y otros (Solucionado)

Ver Mensaje Individual

post #4 (permalink)

26/04/08, 10:12:34

risco1

Usuario

Registrado: abr 2008

Ubicación: Argentina

Mensajes: 8

Re: Vundo, ventanas de publicidad y otros

seguidamente y siempre en modo seguro ejecuté Vundo fix...y este es el reporte:

VundoFix V7.0.3

Scan started at 11:48:34 a.m. 23/04/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 01:18:48 a.m. 26/04/2008

Listing files found while scanning....

C:\WINDOWS\system32\sghskten.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sghskten.dll
C:\WINDOWS\system32\sghskten.dll Has been deleted!

Performing Repairs to the registry.
Done!

A continuacion siguio el turno del DELSPGUARD (Que a todo esto vino con un troyano que detectó el avast, lo mandé al baul)

este es el informe....:

DelPSGuard v 4.9.7
by www.ForoSpyware.com
Reporte Creado: 1:53:59,00, 26/04/2008
SO: Microsoft Windows XP [Versi¢n 5.1.2600]
Modo de Inicio: Normal
_________________________________________

»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

C:\WINDOWS\system32 \ntimage.gif Eliminado Malware.Bagle
C:\WINDOWS\cookies.ini ...: ! Eliminado ! :...

»»»»»»»»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»» FIN »»»»»»»»»»»»»»»»»»»

Se ejecutó el AFT cleaner que no dio reporte, reinicié en modo normal.

Escanie con ewido...

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\USER\Cookies\user@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\USER\Cookies\user@ssl-hints.netflame[2].txt
Risk: Medium

Name: Dialer.Generic
Path: HKU\S-1-5-21-57989841-152049171-839522115-1003\Software\EGDHTML
Risk: High

Finalmente ejecuté Kaperski on line y parece que aun esta infectado...

Saturday, April 26, 2008 8:57:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726109

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 72315
Number of viruses found 2
Number of infected objects 2 Number of suspicious objects 0
Duration of the scan process 01:42:14

Infected Object Name Virus Name Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Pando\Pando Files\cert\cert8.db Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Pando\Pando Files\cert\key3.db Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Pando\Pando Files\pando.log Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Historial\History.IE5\MSHist0120080426200804 27\index.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Temp\Perflib_Perfdata_e38.dat Object is locked skipped

C:\Documents and Settings\USER\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\USER\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-4-26-2008( 2-4-25 ).LOG Object is locked skipped

C:\Documents and Settings\USER\Mis documentos\Mis archivos recibidos\VundoFix.exe Infected: Trojan-Downloader.Win32.Delf.gzb skipped

C:\Documents and Settings\USER\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\USER\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\gpreslt.exe.vir Infected: Backdoor.Win32.IRCBot.cpc skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Que mas puedo hacer?, el backdoor aun debe estar dando vueltas por aqui...saludos y gracias nuevamente.