| Re: Necesito ayuda: Mi ordenador se ha infectado con Smitfraud
Hola,
He seguido el ristrajo de instrucciones que me mandaste... Te mando los reportes, pero... ¡el maldito bicho sigue conmigo!
Espero a ver qué me cuentas.
Muchas gracias y un saludo
Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 697
Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 64190
Tiempo transcurrido: 35 minute(s), 27 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 9
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 2
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\Interface\{0263d762-b6e5-4dcf-91a5-e1283d25e850} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4005c168-1692-4cfd-b21b-03f29dc530d4} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aeb838dd-2819-4a77-8bf8-e75405b85f6f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{97334aa5-423a-47e8-831c-a7fbf5a8804b} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\vadokmxt (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\wdpoefan (Trojan.FakeAlert) -> No action taken.
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
C:\Documents and Settings\Elvira\Configuración local\Archivos temporales de Internet\Content.IE5\SLSIX2FG\css4[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\**** windows\Configuración local\Archivos temporales de Internet\Content.IE5\RBAZUWUF\css4[1] (Trojan.Vundo) -> No action taken.
SmitFraudFix v2.319
Scan done at 9:41:12,04, 06/05/2008
Run from C:\Documents and Settings\Ariel\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4EBBA2E-52E4-4951-A551-CF18CAE8A32C}: DhcpNameServer=80.58.0.33 80.58.61.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4EBBA2E-52E4-4951-A551-CF18CAE8A32C}: DhcpNameServer=80.58.0.33 80.58.61.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4EBBA2E-52E4-4951-A551-CF18CAE8A32C}: DhcpNameServer=80.58.0.33 80.58.61.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.58.0.33 80.58.61.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.58.0.33 80.58.61.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.58.0.33 80.58.61.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 10:44:09 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/05/2008
Kaspersky Anti-Virus database records: 663780
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 35543
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:38:37
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Ariel\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ariel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ariel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ariel\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ariel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ariel\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-5-6-2008( 9-45-3 ).LOG Object is locked skipped
C:\Documents and Settings\Ariel\Datos de programa\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Ariel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ariel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.  |