PDA

Ver la Versión Completa : Problema con un troyano "System"

chronomx
22/10/07, 19:32:17
http://img99.imageshack.us/img99/9431/troyanots3.jpg

Bueno, les contare, hace poco, apenas 2 dias si no mal recuerdo baje el Poison y otro troyano, que son de conexion inversa, supongo que han de saber de lo que les estoy hablando... bueno, los baje solo para experimentar, hace mucho tiempo probaba troyanos, y me dio curiosidad volver a hacerlo, y al momento en generar y camuflajiar el archivo que le mandaria a mi victima, no aparecia por ningun lado... me arte asi que mejor lo elimine

Hace no mas de 1 ora baje el TuneUp para darle mantenimiento a mi laptop con windows vista ultimate, 1 dia atras con windows home premiom (Solo actualize, no formatie)

pero cuando instale el home premiom, el cual lo abia desinstalado anteriormente para sistituirlo por windows XP Professional (Debido a problemas de compatibilidad de software, reinstale windows vista) y trate de activarlo ilegalmente teniendo la licencia de producto original, y baje uno que se llamaba activador para todos los windows vista, blah blah blah, cosa la cual no me resulto hasta que baje otro que me funciono a la perfeccion

Bueno la cosa es que hace 2 dias que estaba experimentando con el troyano, lei que el activador te instalaba un troyano de conexion inversa, y cual es mi sorpresa, que me tope con lo que me sale en la imagen de arriba

ya elimine la entrada, pero vuelvo a ejecutar el asistente de administracion y sigue apareciendo

como lo puedo eliminar?
saludos, y muchas gracias de antemano
Maximiliano17
22/10/07, 21:05:46
http://img99.imageshack.us/img99/9431/troyanots3.jpg

Bueno, les contare, hace poco, apenas 2 dias si no mal recuerdo baje el Poison y otro troyano, que son de conexion inversa, supongo que han de saber de lo que les estoy hablando... bueno, los baje solo para experimentar, hace mucho tiempo probaba troyanos, y me dio curiosidad volver a hacerlo, y al momento en generar y camuflajiar el archivo que le mandaria a mi victima, no aparecia por ningun lado... me arte asi que mejor lo elimine

Hace no mas de 1 ora baje el TuneUp para darle mantenimiento a mi laptop con windows vista ultimate, 1 dia atras con windows home premiom (Solo actualize, no formatie)

pero cuando instale el home premiom, el cual lo abia desinstalado anteriormente para sistituirlo por windows XP Professional (Debido a problemas de compatibilidad de software, reinstale windows vista) y trate de activarlo ilegalmente teniendo la licencia de producto original, y baje uno que se llamaba activador para todos los windows vista, blah blah blah, cosa la cual no me resulto hasta que baje otro que me funciono a la perfeccion

Bueno la cosa es que hace 2 dias que estaba experimentando con el troyano, lei que el activador te instalaba un troyano de conexion inversa, y cual es mi sorpresa, que me tope con lo que me sale en la imagen de arriba

ya elimine la entrada, pero vuelvo a ejecutar el asistente de administracion y sigue apareciendo

como lo puedo eliminar?
saludos, y muchas gracias de antemano

Holax,agamos esto,

1-Has un Scan online con:

Kaspersky online Scanner (http://www.forospyware.com/t55793.html)

Panda Active scan online (http://www.forospyware.com/t75446.html)

Me pegas los mreportes de los dos,se vera en la carpeta donde esta ubicado el troyano..

Nox Comentax.
axl456
22/10/07, 21:19:32
si te das cuenta en la parte inferior izquierda de la imagen que nos colocaste aparece la ruta del archivos la cual es:
C:\usuarios\celia\appdata\roaming\system.exe

cuando desmarcas la casilla en el TuneUp este lo unico que hace es deshabilitar el archivo para que se inicie al prender la maquina pero no elimina el archivo, simplemente dirigete a la ruta donde se encuentre el archivo y lo eliminas..

por lo que cuentas te recomendaria realizar un analisis en panda (http://www.infospyware.com/Anti-Virus/Panda/) este es el manual (http://www.forospyware.com/t75446.html) y colocarnos el reporte que te genere aqui para revisarlo..
chronomx
23/10/07, 08:10:13
El pando no me lo quizo aceptar, no tiene soporte para windows vista, pero aqui les dejo los resultados del kaspersky, al parecer tengo 6 virus

saludos

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 23, 2007 7:06:10 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 443039
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 99502
Number of viruses found: 6
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:48:20

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Device Central CS3\AMT\AUMProduct.cer Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\0FAOOLDA.NQF Infected: HackTool.Win32.VB.mk skipped
C:\Program Files\ESET\infected\13NOGXBA.NQF Infected: Backdoor.Win32.Rbot.dmv skipped
C:\Program Files\ESET\infected\5U2Q0YDA.NQF Infected: Backdoor.Win32.Poison.k skipped
C:\Program Files\ESET\infected\FMPOY4AA.NQF Infected: Backdoor.Win32.Bifrose.de skipped
C:\Program Files\ESET\infected\VCM1HEBA.NQF Infected: Trojan-Downloader.Win32.Agent.bts skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Microsoft SQL Server\90\Shared\ErrorDumps\SQLDmpr0001.mdmp Object is locked skipped
C:\Program Files\Microsoft SQL Server\90\Shared\ErrorDumps\SQLDmpr0002.mdmp Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49 9d2db12df1f23e10d31a7b3dcb757d_0b56b85b-35b4-4ad5-b09c-ba6c08c0cbc4 Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.ldf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.mdf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\sysreset\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\His tory\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\His tory\Low\History.IE5\MSHist012007102320071024\inde x.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\T09E3II8\ADBEDRWVCS3_WWS[1].exe Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\IHEEE1.tmp Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat.LOG1 Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat.LOG2 Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat{607b9227-8030-11dc-b245-0013a9a6048e}.TM.blf Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat{607b9227-8030-11dc-b245-0013a9a6048e}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat{607b9227-8030-11dc-b245-0013a9a6048e}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows Defender\FileTracker\{98774202-7D3A-4DFC-BA70-D0EE25C30ADB} Object is locked skipped
C:\Users\Celia\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Celia\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Celia\AppData\Local\Temp\FXSAPIDebugLogFi le.txt Object is locked skipped
C:\Users\Celia\AppData\Local\Temp\IHAC35.tmp Object is locked skipped
C:\Users\Celia\AppData\Local\VirtualStore\Program Files\No-IP\DUC - Celia.log Object is locked skipped
C:\Users\Celia\AppData\Roaming\microsoft\Windows\C ookies\index.dat Object is locked skipped
C:\Users\Celia\AppData\Roaming\microsoft\Windows\C ookies\Low\index.dat Object is locked skipped
C:\Users\Celia\NTUSER.DAT Object is locked skipped
C:\Users\Celia\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Celia\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Celia\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Celia\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Celia\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\catalogs\OfflineUpgradeStore.da t Object is locked skipped
C:\Windows\Panther\catalogs\OnlineEnvStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineMigStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineUpgradeStore.dat Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regt rans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regt rans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evt x Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Mantenimiento con 1 clic.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.
Maximiliano17
23/10/07, 13:03:27
El pando no me lo quizo aceptar, no tiene soporte para windows vista, pero aqui les dejo los resultados del kaspersky, al parecer tengo 6 virus

saludos

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 23, 2007 7:06:10 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 443039
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 99502
Number of viruses found: 6
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:48:20

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Device Central CS3\AMT\AUMProduct.cer Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\0FAOOLDA.NQF Infected: HackTool.Win32.VB.mk skipped
C:\Program Files\ESET\infected\13NOGXBA.NQF Infected: Backdoor.Win32.Rbot.dmv skipped
C:\Program Files\ESET\infected\5U2Q0YDA.NQF Infected: Backdoor.Win32.Poison.k skipped
C:\Program Files\ESET\infected\FMPOY4AA.NQF Infected: Backdoor.Win32.Bifrose.de skipped
C:\Program Files\ESET\infected\VCM1HEBA.NQF Infected: Trojan-Downloader.Win32.Agent.bts skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Microsoft SQL Server\90\Shared\ErrorDumps\SQLDmpr0001.mdmp Object is locked skipped
C:\Program Files\Microsoft SQL Server\90\Shared\ErrorDumps\SQLDmpr0002.mdmp Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49 9d2db12df1f23e10d31a7b3dcb757d_0b56b85b-35b4-4ad5-b09c-ba6c08c0cbc4 Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.ldf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdbDat.mdf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\sysreset\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\His tory\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\His tory\Low\History.IE5\MSHist012007102320071024\inde x.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\T09E3II8\ADBEDRWVCS3_WWS[1].exe Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\IHEEE1.tmp Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat.LOG1 Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat.LOG2 Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat{607b9227-8030-11dc-b245-0013a9a6048e}.TM.blf Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat{607b9227-8030-11dc-b245-0013a9a6048e}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows\Usr Class.dat{607b9227-8030-11dc-b245-0013a9a6048e}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Celia\AppData\Local\Microsoft\Windows Defender\FileTracker\{98774202-7D3A-4DFC-BA70-D0EE25C30ADB} Object is locked skipped
C:\Users\Celia\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Celia\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Celia\AppData\Local\Temp\FXSAPIDebugLogFi le.txt Object is locked skipped
C:\Users\Celia\AppData\Local\Temp\IHAC35.tmp Object is locked skipped
C:\Users\Celia\AppData\Local\VirtualStore\Program Files\No-IP\DUC - Celia.log Object is locked skipped
C:\Users\Celia\AppData\Roaming\microsoft\Windows\C ookies\index.dat Object is locked skipped
C:\Users\Celia\AppData\Roaming\microsoft\Windows\C ookies\Low\index.dat Object is locked skipped
C:\Users\Celia\NTUSER.DAT Object is locked skipped
C:\Users\Celia\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Celia\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Celia\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Celia\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Users\Celia\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\catalogs\OfflineUpgradeStore.da t Object is locked skipped
C:\Windows\Panther\catalogs\OnlineEnvStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineMigStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineUpgradeStore.dat Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regt rans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regt rans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evt x Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\Mantenimiento con 1 clic.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

Holax.....Vacia la curentena del Antivirus NOD32

Es decir que elimines todo lo que hay en la carptea infected;es este directorio:


C:\Program Files\ESET\infected\

Vacia es carptea,pero no la elimines.

Has de nuevo un scan,pero est vez con Panda Active Scan Online
chronomx
23/10/07, 14:50:07
creo que no me leiste muy bien

no me acepta el panda por el hecho de que tengo windows vista, y ahun no tienen soporte para ese sistema operativo

http://img69.imageshack.us/img69/5753/pamboft1.jpg

listo, ya vacie la carpeta de archivos en cuaentena, vuelvo a pasar kaspersky?
axl456
23/10/07, 15:30:14
si quieres realiza el scan en kaspersky pero no es necesario, ya que lo archivos infectados estaban dentro de la cuarentena del NOD y tambien se detecto los archivos dentro de esta carpeta:
C:\sysreset

pero si el programa lo has instalado tu no hay ningun riesgo..

el equipo esta limpio :Bien:

© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware Security Blog