Tema: Recibi un archivo de fotos por MSN y resulto ser un virus. (Solucionado)
Ver Mensaje Individual
  post #7 (permalink)  
Antiguo 05/08/08, 21:06:18
Fabian Andres Fabian Andres está offline
Usuario
  
Registrado: ago 2005
Ubicación: Colombia
Mensajes: 48
Re: Recibi un archivo de fotos por MSN y resulto ser un virus.
Saludos.

Bueno primero q todo agradecerte por la ayuda, sobretodo por las explicaciones, me gusto mucho ir aprendiendo de esto. Bueno, ahora si a lo q vinimos :D

El compu parece q ya esta bien, por lo menos ya no envia el archivo ese de las fotos por el MSN.

La otra pregunta es si debo eliminar esos programas (SDFix y OTMoveIt2) o los dejo en el compu.

Aqui te dejo el reporte de los 2 programas.


VIRUS TOTAL

Análisis del archivo MSWINSCK.OCX recibido el 06.08.2008 01:35:59 (CET)Motor antivirus Versión Última actualización Resultado
AhnLab-V3 2008.8.6.0 2008.08.05 -
AntiVir 7.8.1.15 2008.08.05 -
Authentium 5.1.0.4 2008.08.05 -
Avast 4.8.1195.0 2008.08.05 -
AVG 8.0.0.156 2008.08.05 -
BitDefender 7.2 2008.08.06 -
CAT-QuickHeal 9.50 2008.08.05 -
ClamAV 0.93.1 2008.08.05 -
DrWeb 4.44.0.09170 2008.08.05 -
eSafe 7.0.17.0 2008.08.05 -
eTrust-Vet 31.6.6011 2008.08.05 -
Ewido 4.0 2008.08.05 -
F-Prot 4.4.4.56 2008.08.05 -
F-Secure 7.60.13501.0 2008.08.06 -
Fortinet 3.14.0.0 2008.08.05 -
GData 2.0.7306.1023 2008.08.05 -
Ikarus T3.1.1.34.0 2008.08.06 -
K7AntiVirus 7.10.404 2008.08.05 -
Kaspersky 7.0.0.125 2008.08.06 -
McAfee 5354 2008.08.05 -
Microsoft 1.3807 2008.08.06 -
NOD32v2 3330 2008.08.05 -
Norman 5.80.02 2008.08.05 -
Panda 9.0.0.4 2008.08.05 -
PCTools 4.4.2.0 2008.08.05 -
Prevx1 V2 2008.08.06 -
Rising 20.56.12.00 2008.08.05 -
Sophos 4.31.0 2008.08.05 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.06 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.05 -
VBA32 3.12.8.2 2008.08.05 -
ViRobot 2008.8.5.1324 2008.08.05 -
VirusBuster 4.5.11.0 2008.08.05 -
Webwasher-Gateway 6.6.2 2008.08.05 -

Información adicional
Tamano archivo: 108336 bytes
MD5...: 9484c04258830aa3c2f2a70eb041414c
SHA1..: b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256: bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a3 89b35364b63ff5
SHA512: 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37 d01cfe8ceb08be<BR>13e3727c83d630a6d9e6d03066f62444 bb94ea5a0d2ed9d21a270e612db532a0
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x22171344<BR>timedatestamp.....: 0x35895325 (Thu Jun 18 17:49:25 1998)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1071e 0x10800 6.55 4568208c1d6d73dfad917a42dcf79946<BR>.data 0x12000 0x738 0x800 3.77 bdea7f7c37ef7c44282cb94a83d3c7fe<BR>.rsrc 0x13000 0x66e4 0x6800 4.38 4d536b98cdf54698028a24251250ccb8<BR>.reloc 0x1a000 0x136c 0x1400 6.59 7c6d7f6fc611354f040ec374379598f9<BR><BR>( 7 imports ) <BR>&gt; WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; KERNEL32.dll: lstrlenW, GetFileAttributesA, GetModuleFileNameA, InitializeCriticalSection, HeapFree, HeapAlloc, GetProcessHeap, lstrcpynA, lstrcpyA, lstrlenA, lstrcatA, IsBadWritePtr, WideCharToMultiByte, GetVersion, LeaveCriticalSection, GetCurrentThreadId, EnterCriticalSection, LocalFree, FormatMessageA, GetTickCount, MultiByteToWideChar, SetLastError, GetProcAddress, GetLocaleInfoA, DeleteCriticalSection, FreeLibrary, DisableThreadLibraryCalls, lstrcmpA, InterlockedDecrement, GetWindowsDirectoryA, LoadLibraryA, HeapReAlloc, InterlockedIncrement, lstrcmpiA, GetLastError, LockResource, LoadResource, FindResourceA<BR>&gt; USER32.dll: EndDialog, DialogBoxParamA, GetActiveWindow, MessageBoxA, DrawEdge, GetDC, CharNextA, LoadCursorA, wsprintfA, GetWindowRect, SetWindowPos, ShowWindow, IsDialogMessageA, GetWindow, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, IsChild, GetKeyState, SetParent, WinHelpA, IsWindowVisible, EndPaint, GetClientRect, BeginPaint, SendDlgItemMessageA, LoadStringA, ClientToScreen, OffsetRect, EqualRect, IntersectRect, SetWindowRgn, PtInRect, MessageBeep, LoadBitmapA, GetSystemMetrics, GetParent, CreateDialogIndirectParamA, GetDlgItemTextA, SetDlgItemInt, SendMessageA, DefWindowProcA, GetWindowLongA, DestroyWindow, KillTimer, SetTimer, UnregisterClassA, RegisterClassA, PeekMessageA, PostMessageA, SetDlgItemTextA, SetFocus, GetDlgItemInt, MoveWindow, SetWindowLongA, CreateWindowExA, ReleaseDC<BR>&gt; ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CreateOleAdviseHolder<BR>&gt; ADVAPI32.dll: RegDeleteValueA, RegQueryValueA, RegOpenKeyA, RegQueryValueExA, RegEnumKeyExA, RegDeleteKeyA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; GDI32.dll: GetDeviceCaps, CreateCompatibleDC, CreateRectRgnIndirect, GetWindowExtEx, GetViewportExtEx, DeleteDC, DeleteObject, GetObjectA, LPtoDP, SetMapMode, SetViewportExtEx, SetWindowExtEx, SetViewportOrgEx, SetWindowOrgEx, CreateDCA, BitBlt, SelectObject<BR><BR>( 5 exports ) <BR>DLLGetDocumentation, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR>
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=9484c04258830aa3c2f2a70eb041414c

Motor antivirus;Versión;Última actualización;Resultado
AhnLab-V3;2008.8.6.0;2008.08.05;-
AntiVir;7.8.1.15;2008.08.05;-
Authentium;5.1.0.4;2008.08.05;-
Avast;4.8.1195.0;2008.08.05;-
AVG;8.0.0.156;2008.08.05;-
BitDefender;7.2;2008.08.06;-
CAT-QuickHeal;9.50;2008.08.05;-
ClamAV;0.93.1;2008.08.05;-
DrWeb;4.44.0.09170;2008.08.05;-
eSafe;7.0.17.0;2008.08.05;-
eTrust-Vet;31.6.6011;2008.08.05;-
Ewido;4.0;2008.08.05;-
F-Prot;4.4.4.56;2008.08.05;-
F-Secure;7.60.13501.0;2008.08.06;-
Fortinet;3.14.0.0;2008.08.05;-
GData;2.0.7306.1023;2008.08.05;-
Ikarus;T3.1.1.34.0;2008.08.06;-
K7AntiVirus;7.10.404;2008.08.05;-
Kaspersky;7.0.0.125;2008.08.06;-
McAfee;5354;2008.08.05;-
Microsoft;1.3807;2008.08.06;-
NOD32v2;3330;2008.08.05;-
Norman;5.80.02;2008.08.05;-
Panda;9.0.0.4;2008.08.05;-
PCTools;4.4.2.0;2008.08.05;-
Prevx1;V2;2008.08.06;-
Rising;20.56.12.00;2008.08.05;-
Sophos;4.31.0;2008.08.05;-
Sunbelt;3.1.1537.1;2008.08.01;-
Symantec;10;2008.08.06;-
TheHacker;6.2.96.393;2008.08.04;-
TrendMicro;8.700.0.1004;2008.08.05;-
VBA32;3.12.8.2;2008.08.05;-
ViRobot;2008.8.5.1324;2008.08.05;-
VirusBuster;4.5.11.0;2008.08.05;-
Webwasher-Gateway;6.6.2;2008.08.05;-

Información adicional
Tamano archivo: 108336 bytes
MD5...: 9484c04258830aa3c2f2a70eb041414c
SHA1..: b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256: bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a3 89b35364b63ff5
SHA512: 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37 d01cfe8ceb08be<BR>13e3727c83d630a6d9e6d03066f62444 bb94ea5a0d2ed9d21a270e612db532a0
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x22171344<BR>timedatestamp.....: 0x35895325 (Thu Jun 18 17:49:25 1998)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1071e 0x10800 6.55 4568208c1d6d73dfad917a42dcf79946<BR>.data 0x12000 0x738 0x800 3.77 bdea7f7c37ef7c44282cb94a83d3c7fe<BR>.rsrc 0x13000 0x66e4 0x6800 4.38 4d536b98cdf54698028a24251250ccb8<BR>.reloc 0x1a000 0x136c 0x1400 6.59 7c6d7f6fc611354f040ec374379598f9<BR><BR>( 7 imports ) <BR>&gt; WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; KERNEL32.dll: lstrlenW, GetFileAttributesA, GetModuleFileNameA, InitializeCriticalSection, HeapFree, HeapAlloc, GetProcessHeap, lstrcpynA, lstrcpyA, lstrlenA, lstrcatA, IsBadWritePtr, WideCharToMultiByte, GetVersion, LeaveCriticalSection, GetCurrentThreadId, EnterCriticalSection, LocalFree, FormatMessageA, GetTickCount, MultiByteToWideChar, SetLastError, GetProcAddress, GetLocaleInfoA, DeleteCriticalSection, FreeLibrary, DisableThreadLibraryCalls, lstrcmpA, InterlockedDecrement, GetWindowsDirectoryA, LoadLibraryA, HeapReAlloc, InterlockedIncrement, lstrcmpiA, GetLastError, LockResource, LoadResource, FindResourceA<BR>&gt; USER32.dll: EndDialog, DialogBoxParamA, GetActiveWindow, MessageBoxA, DrawEdge, GetDC, CharNextA, LoadCursorA, wsprintfA, GetWindowRect, SetWindowPos, ShowWindow, IsDialogMessageA, GetWindow, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, IsChild, GetKeyState, SetParent, WinHelpA, IsWindowVisible, EndPaint, GetClientRect, BeginPaint, SendDlgItemMessageA, LoadStringA, ClientToScreen, OffsetRect, EqualRect, IntersectRect, SetWindowRgn, PtInRect, MessageBeep, LoadBitmapA, GetSystemMetrics, GetParent, CreateDialogIndirectParamA, GetDlgItemTextA, SetDlgItemInt, SendMessageA, DefWindowProcA, GetWindowLongA, DestroyWindow, KillTimer, SetTimer, UnregisterClassA, RegisterClassA, PeekMessageA, PostMessageA, SetDlgItemTextA, SetFocus, GetDlgItemInt, MoveWindow, SetWindowLongA, CreateWindowExA, ReleaseDC<BR>&gt; ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CreateOleAdviseHolder<BR>&gt; ADVAPI32.dll: RegDeleteValueA, RegQueryValueA, RegOpenKeyA, RegQueryValueExA, RegEnumKeyExA, RegDeleteKeyA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; GDI32.dll: GetDeviceCaps, CreateCompatibleDC, CreateRectRgnIndirect, GetWindowExtEx, GetViewportExtEx, DeleteDC, DeleteObject, GetObjectA, LPtoDP, SetMapMode, SetViewportExtEx, SetWindowExtEx, SetViewportOrgEx, SetWindowOrgEx, CreateDCA, BitBlt, SelectObject<BR><BR>( 5 exports ) <BR>DLLGetDocumentation, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR>
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=9484c04258830aa3c2f2a70eb041414c




y aqui el de OTMoveIt2

C:\Archivos de programa\ESET\infected\JVTLAGBA.NQF moved successfully.
C:\SDFix\apps\swsc.exe moved successfully.
C:\Documents and Settings\LEOM\Mis documentos\FAOM\SDFix.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_184852
Responder Con Cita