Foro de Spyware - Ver Mensaje Individual - Infectado con Trojan-spy.win.32.banker (Solucionado)

Tema: Infectado con Trojan-spy.win.32.banker (Solucionado)

Ver Mensaje Individual

post #3 (permalink)

10/08/08, 20:24:59

Ciprianaleme Ciprianaleme está offline

Usuario

Registrado: abr 2007

Ubicación: Brasil

Mensajes: 11

Re: Infectado con Trojan-spy.win.32.banker

Gracias por su ayuda.
Hice todo lo indicado, pero tuve problemas con ComboFix porque somos tres usando un mismo ordenador, y cada vez que reiniciaba solo (Combofix) quedaba colagado con las ventanitas de usuários (son tres).
A seguir, el log de mbam.

Malwarebytes' Anti-Malware 1.24
Database version: 1038
Windows 5.1.2600 Service Pack 2

19:52:03 10/8/2008
mbam-log-8-10-2008 (19-52-03).txt

Scan type: Quick Scan
Objects scanned: 44090
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Flávia\Dados de aplicativos\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\Diogo\Dados de aplicativos\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.

También pasé el CCleaner normalmente (lo uso siempre).

Dime lo que debo hacer para pasar el Combofix sin que se cuelgue. Degbo quitar todas las identidades (cuentas)?

Muchas gracias!