PDA

Ver la Versión Completa : reporte Kaspersky online

betinaramos
14/01/08, 21:07:26
hola que tal?
hace dias que mi pc anda lenta, tengo instalado el Panda Platinum 9.0 y me viene saltando error, intento desinstalarlo desde el panel de control y no me responde.

aqui les dejo el reporte del escaneo con Kaspersky online. desde ya muchas gracias!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 14, 2008 11:59:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/01/2008
Kaspersky Anti-Virus database records: 511563
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 25612
Number of viruses found: 3
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 00:14:59

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\pav.sig Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\7KZFBEU9\staff[1].exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\F7D5JBCK\hg2x[1].exe Infected: Trojan-Dropper.Win32.Agent.dnp skipped
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\F7D5JBCK\hg2x[2].exe Infected: Trojan-Dropper.Win32.Agent.dnp skipped
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\hg2x[1].exe Infected: Trojan-Dropper.Win32.Agent.dnp skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Historial\History.IE5\MSHist0120080114200801 15\index.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Temp\27.exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Documents and Settings\Betu\Configuración local\Temp\65.exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Documents and Settings\Betu\Configuración local\Temp\72.exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Documents and Settings\Betu\Configuración local\Temp\pic08.zip/pic08.jpg-www.photobucket.com Infected: Trojan-Dropper.Win32.Agent.dnp skipped
C:\Documents and Settings\Betu\Configuración local\Temp\pic08.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Betu\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Betu\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Betu\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\a.exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\staff[1].exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\rundll82.exe Infected: Net-Worm.Win32.Kolabc.d skipped
C:\WINDOWS\system32\wbcmgr.exe Infected: Trojan-Dropper.Win32.Agent.dnp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.
andresmix
14/01/08, 21:18:18
Hola betinaramos ;)

Realiza lo siguiente por favor:

Descarga las siguientes herramientas pero no las ejecutes aun:


OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) lo guardas en el Escritorio.
MsnCleaner.zip (http://www.forospyware.com/attachments/forum16/1078d1200003428-msncleaner.zip)


Ahora bien:

Apaga Restaurar Sistema (http://www.forospyware.com/292280-post2.html)
Activa la Opcion Ver Archivos Ocultos (http://www.forospyware.com/292282-post3.html)


Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
Asegurate que este marcado "Unregister Dll's and Ocx's".
Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste List of Filas / Folders to be moved.


C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\7KZFBEU9\staff[1].exe
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\F7D5JBCK\hg2x[1].exe
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\F7D5JBCK\hg2x[2].exe
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\hg2x[1].exe
C:\Documents and Settings\Betu\Configuración local\Temp\27.exe
C:\Documents and Settings\Betu\Configuración local\Temp\65.exe
C:\Documents and Settings\Betu\Configuración local\Temp\72.exe
C:\Documents and Settings\Betu\Configuración local\Temp\pic08.zip
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\staff[1].exe
C:\WINDOWS\system32\rundll82.exe
C:\WINDOWS\system32\wbcmgr.exe



Haz clic en MoveIt! Para lanzar la supresión.
Cuando el resultado aparece en el marco Results, haz clic enExit.
Reinicia el PC (Este paso es muy importante)


Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles\********_******.txt (Donde sale "********_******" es el "date_time")

Luego de eso:

Utilizar el programa MSNCleaner.exe


Descomprimir el archivo MSNCleaner.zip
Ejecutar el archivo MSNCleaner.exe
Hacer Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar
Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts"
Hacer Clic en el botón Eliminar


Finalmente:
Limpia el Pc de cookies, temporales, etc y el registro con :

DiskCleaner (http://www.infospyware.com/Herramientas.htm) >>> Manual (http://www.forospyware.com/t61924.html)
RegSeeker. (http://www.infospyware.com/Herramientas.htm) >>> Manual (http://www.forospyware.com/t713.html)

Al final de todo esto, Reinicias el Pc, Prende Restuarar Sistema, Reinicias Nuevamente...

Realiza otro scan con Kaspersky y vuelves a pegar el reporte

Vuelve y comentanos como te fue

:adios:

Andresmix
betinaramos
14/01/08, 22:53:59
muchas gracias Andresmix, seguí todos los pasos y
aqui dejo el reporte de OTmoveIT:

File/Folder C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\7KZFBEU9\staff[1].exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\F7D5JBCK\hg2x[1].exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\F7D5JBCK\hg2x[2].exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\hg2x[1].exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Temp\27.exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Temp\65.exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Temp\72.exe not found.
File/Folder C:\Documents and Settings\Betu\Configuración local\Temp\pic08.zip not found.
File/Folder C:\WINDOWS\system32\a.exe not found.
File/Folder C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\staff[1].exe not found.
C:\WINDOWS\system32\rundll82.exe moved successfully.
File/Folder C:\WINDOWS\system32\wbcmgr.exe not found.

Created on 01/15/2008 01:04:43

************************************************** **

y el reporte del scan con kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 1:35:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 511600
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 20808
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:12:51

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\pav.sig Object is locked skipped
C:\BackUpMSNCleaner\wbcmgr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dnp skipped
C:\Documents and Settings\Betu\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Messenger\betinanoelia@msn.com\ SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Messenger\betinanoelia@msn.com\ SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Messenger\betinanoelia@msn.com\ SharingMetadata\Working\database_A8B0_A182_B0A1_57 98\dfsr.db Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Messenger\betinanoelia@msn.com\ SharingMetadata\Working\database_A8B0_A182_B0A1_57 98\fsr.log Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Messenger\betinanoelia@msn.com\ SharingMetadata\Working\database_A8B0_A182_B0A1_57 98\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Messenger\betinanoelia@msn.com\ SharingMetadata\Working\database_A8B0_A182_B0A1_57 98\tmp.edb Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\betinanoelia@msn.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\betinanoelia@msn.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Historial\History.IE5\MSHist0120080115200801 16\index.dat Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Temp\~DF566E.tmp Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Temp\~DF567D.tmp Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Temp\~DF6CDB.tmp Object is locked skipped
C:\Documents and Settings\Betu\Configuración local\Temp\~DF6D48.tmp Object is locked skipped
C:\Documents and Settings\Betu\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Betu\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Betu\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{FF75074F-A8DC-4ECB-9790-CF1F53C54D92}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\RGJOZYOY\staff[1].exe Infected: Backdoor.Win32.IRCBot.bap skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rundll82. exe Infected: Net-Worm.Win32.Kolabc.d skipped

Scan process completed.

© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware Security Blog