Foro de Spyware - Ver Mensaje Individual - vundo, pc lenta , iexplorer pupups, etc (Solucionado)

Tema: vundo, pc lenta , iexplorer pupups, etc (Solucionado)

Ver Mensaje Individual

post #3 (permalink)

09/08/08, 12:50:49

dukestar

Usuario

Registrado: jun 2007

Ubicación: PR

Mensajes: 3

re: vundo, pc lenta , iexplorer pupups, etc (Solucionado)

gracias por la ayuda

, mis comentarios son:

el vundo fix, safe mode, encontró unos 6 .dll con el virus el cual borro pero no sabía entonces que podía exportar lo encontrado por lo cual no tengo el reporte a mano pero al vundofix hacer restar a la pc y subir winxp nuevamente surgieron nuevamente las ventanas (cmd) en las cuales pude ver por unos segundos una instrucción para copiar y/o renombrar un archivo .old o .bak a .dll.

el SuperAntispyware removió lo que el vundofix no encontró o quizas nuevos .dll.

ccleaner borro varias entradas del registro las cuales llamaban archivos .dll

Malwarebyte encontró varias cosas y este es el log:
Malwarebytes' Anti-Malware 1.24
Database version: 1035
Windows 5.1.2600 Service Pack 2

1:13:43 AM 8/9/2008
mbam-log-8-9-2008 (01-13-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 161635
Time elapsed: 40 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\jkivxjox.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxnvuojp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hajmkxjo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emfbuqac.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\jassy\Local Settings\Temporary Internet Files\Content.IE5\ROK3NYWB\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\rbkxmkah.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM324f654e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM324f654e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

log de activescan:
;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-08-09 13:04:46
PROTECTIONS: 2
MALWARE: 1
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Spyware Doctor with AntiVirus 5.5.1.2 Yes Yes
ESET Smart Security 3.0 3.0 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
02936814 Trj/Multidropper.RBD Virus/Trojan No 1 Yes No C:\Documents and Settings\JASSY\My Documents\Downloads\- ToRRenT - weddig dash - ToRRenT - [Full].zip[Setup.exe]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location :
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description :
;================================================= ================================================== ================================================== ==============================
184380 MEDIUM MS08-002 :
184379 MEDIUM MS08-001 :
182048 HIGH MS07-069 :
182046 HIGH MS07-067 :
182043 HIGH MS07-064 :
179553 HIGH MS07-061 :
176382 HIGH MS07-057 :
176383 HIGH MS07-058 :
170911 HIGH MS07-050 :
170907 HIGH MS07-046 :
170906 HIGH MS07-045 :
170904 HIGH MS07-043 :
164915 HIGH MS07-035 :
164913 HIGH MS07-033 :
164911 HIGH MS07-031 :
160623 HIGH MS07-027 :
157262 HIGH MS07-022 :
157261 HIGH MS07-021 :
157260 HIGH MS07-020 :
157259 HIGH MS07-019 :
156477 HIGH MS07-017 :
150253 HIGH MS07-016 :
150249 HIGH MS07-013 :
150248 HIGH MS07-012 :
150247 HIGH MS07-011 :
150243 HIGH MS07-008 :
150242 HIGH MS07-007 :
150241 MEDIUM MS07-006 :
145501 HIGH MS07-004 :
141034 HIGH MS06-076 :
141033 MEDIUM MS06-075 :
137571 HIGH MS06-070 :
133387 MEDIUM MS06-065 :
133386 MEDIUM MS06-064 :
133385 MEDIUM MS06-063 :
133379 HIGH MS06-057 :
129977 MEDIUM MS06-053 :
129976 MEDIUM MS06-052 :
126093 HIGH MS06-051 :
126092 MEDIUM MS06-050 :
126087 HIGH MS06-046 :
126086 MEDIUM MS06-045 :
126082 HIGH MS06-041 :
126081 HIGH MS06-040 :
123421 HIGH MS06-036 :
123420 HIGH MS06-035 :
120825 MEDIUM MS06-032 :
120823 MEDIUM MS06-030 :
120818 HIGH MS06-025 :
120815 HIGH MS06-022 :
117384 MEDIUM MS06-018 :
114666 HIGH MS06-015 :
108744 MEDIUM MS06-008 :
108743 MEDIUM MS06-007 :
108742 MEDIUM MS06-006 :
104567 HIGH MS06-002 :
104237 HIGH MS06-001 :
96574 HIGH MS05-053 :
93395 HIGH MS05-051 :
93394 HIGH MS05-050 :
93454 MEDIUM MS05-049 :
;================================================= ================================================== ================================================== ==============================

solo un achivo infectado que verificaré pero me parece que ya se desapareció el vundo, bueno gracias por todo

Última edición por dukestar fecha: 09/08/08 a las 14:09:50.