PDA

Ver la Versión Completa : Problema Con Un Spyware

Mike 10000
26/02/08, 00:07:21
HOLA soy nuevo en este foro y perdon por si ya habian puesto un tema similar pero la verdad no lo encontre bueno tengo un problema con un spyware (lo que dice la computadora) pero por lo que he leido yo creo que es un hijacker ya que cambia solo el primer resultado por otro de todas las paginas de cualquier busqueda el mensaje que aparece en la computadora es el siguiente

SYSTEM ERROR
YOUR COMPUTER WAS INFECTED BY UNKNOWN TROJAN,
ITS DANGEROUS FOR YOUR SYSTEM (CRITICAL FILES CAN BE LOST)

CLICK OK TO DOWNLOAD THE ANTISPYWARE PROGRAM TO CLEAN YOUR SYSTEM! (RECOMMENDED)

ya corri el norton 2008, el spywareblaster y el SUPERantyspyware en modo apruba de fallos y no lo detectan

les agradeceria su ayuda
GRACIAS
Sikartus
26/02/08, 00:15:58
Hola bienvenido al foro, realiza lo siguiente:

Descarga ccleaner (http://www.infospyware.com/Herramientas.htm)

Descarga DELPSGUARD (http://www.forospyware.com/t4239.html) esta en parte final de ese link con el nombre de DelPSGuard.zip dale click ahi. NO OLVIDES PEGAR SU REPORTE AL RESPONDER.

Descarga SUPERAntispyware ve a Anti-Spywares - Info Spyware (http://www.infospyware.com/Anti-Spywares.htm) y no olvides actualizarlo.

Descarga RogueRemover (http://www.infospyware.com/Anti-Malwares.htm)(no olvides actualizarlo)


Luego:

- Apaga Restaurar Sistema (http://www.forospyware.com/292280-post2.html).
- Inicia en Modo Seguro (http://www.forospyware.com/292284-post4.html)(Modo a prueba de fallos).
- Ejecutas SUPERAntispyware
- Ejecutas DELPSGUARD
- Ejecutas RogueRemover
- Ejecutas Ccleaner en las opciones de LIMPIADOR Y REGISTRO no olvides hacer una copia de seguridad.
-Inicias en modo normal.

Finalmente realizas un escaneo con:

- Panda Total Scan (http://www.nanoscan.com/as/index/) cualquier duda lees su manual (http://www.forospyware.com/t106269.html), regresas con su reporte.

- Kaspersky Online Scanner (http://www.kaspersky.com/kos/english/kavwebscan.html) cualquier duda sobre este último lees su manual (http://www.forospyware.com/t55793.html) y pegas el reporte que te da de resultado.

Nos cuentas como te fue y no olvides pegar los reportes.

Saludos.:Bien:
Mike 10000
26/02/08, 00:54:14
disculpa si tengo windows vista tambien es necesario desactivar los puntos de reestablecimiento
Sikartus
26/02/08, 01:45:22
Hola la respuesta es si pero dado que tienes Windows Vista he editado mi respuesta de arriba pues algunos programas no son compatibles con Vista, revisalo de nuevo por favor y realiza lo indicado ahí.

Nos comentas.:afirmar:

Saludos:Bien:
Mike 10000
27/02/08, 01:10:37
Panda Total Scan dice esto


;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-02-26 23:07:31
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Norton Internet Security 15.0.0.60 Yes No
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\EndProcess.exe
00106674 Hacktool/MSNpass.A HackTools No 0 Yes No C:\Users\mike\Downloads\MSNDescifraContrase%F1as.z ip[MSN Password Decryptor.exe]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\mike\AppData\Roaming\Microsoft\Windows\Co okies\mike@atdmt[1].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Location
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==========================
Sikartus
27/02/08, 01:20:27
OK ahora regresas con el reporte de Kaspersky online para darte nuevas indicaciones.

Saludos
Mike 10000
27/02/08, 14:03:24
Wednesday, February 27, 2008 12:02:05 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/02/2008
Kaspersky Anti-Virus database records: 582431


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 148836
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 04:51:49

Infected Object Name Virus Name Last Action
C:\boot\bcd Object is locked skipped

C:\boot\BCD.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped

C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped

C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped

C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped

C:\ProgramData\Symantec\Common Client\{208042E1-FEE4-41F6-9A65-5DE8B434C15C}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{40BF3167-C4D2-4F69-924D-709A938EB2D8}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{40BF3167-C4D2-4F69-924D-709A938EB2D8}.DAT Object is locked skipped

C:\ProgramData\Symantec\Common Client\{7C5F83FB-EAB6-4CF0-8264-DB23739085C3}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{8ECDEA29-80BB-4F20-ADF6-337D3111197C}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{8ECDEA29-80BB-4F20-ADF6-337D3111197C}.DAT Object is locked skipped

C:\ProgramData\Symantec\Common Client\{90120614-529B-46B8-B7A6-A00B423C9B85}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{A420D1EA-D62C-4CF5-BB53-FBAB9BF73351}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{A4CCF4FF-8AF3-4259-9848-55BE79F82F24}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{A4CCF4FF-8AF3-4259-9848-55BE79F82F24}.DAT Object is locked skipped

C:\ProgramData\Symantec\Common Client\{BFB53FF5-03B5-4824-BDA1-639F4D6499DE}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{C319CA62-313F-4C6D-BC86-7DAB2154EEBB}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{D99943D6-AB3E-4F34-B10A-EF3DFFC386CE}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{F03C7AAA-5481-4776-A22C-8861C42FFA5D}.BAK Object is locked skipped

C:\ProgramData\Symantec\Common Client\{F03C7AAA-5481-4776-A22C-8861C42FFA5D}.DAT Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2008-02-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\Shl_{CDE66F24-94BB-465D-AE00-136A6B328233}.ldb Object is locked skipped

C:\ProgramData\Symantec\SPBBC\Shl_{CDE66F24-94BB-465D-AE00-136A6B328233}.sds Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\System.sav\util\App.Evt Object is locked skipped

C:\System.sav\util\CMa.Evt Object is locked skipped

C:\System.sav\util\Sec.Evt Object is locked skipped

C:\System.sav\util\Sys.Evt Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Hist ory\History.IE5\index.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Hist ory\History.IE5\MSHist012008022620080227\index.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Hist ory\Low\History.IE5\index.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5\index.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\UsrC lass.dat Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\UsrC lass.dat.LOG1 Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\UsrC lass.dat.LOG2 Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\UsrC lass.dat{485c09b0-adfa-11dc-849e-001a6bf79467}.TM.blf Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\UsrC lass.dat{485c09b0-adfa-11dc-849e-001a6bf79467}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\UsrC lass.dat{485c09b0-adfa-11dc-849e-001a6bf79467}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows\Wind owsUpdate.log Object is locked skipped

C:\Users\mike\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\mike\AppData\Local\Temp\ehmsas.txt Object is locked skipped

C:\Users\mike\AppData\Local\Temp\sqlite_bbrdPIv388 vmlFt Object is locked skipped

C:\Users\mike\AppData\Roaming\Microsoft\Windows\Co okies\index.dat Object is locked skipped

C:\Users\mike\AppData\Roaming\Microsoft\Windows\Co okies\Low\index.dat Object is locked skipped

C:\Users\mike\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped

C:\Users\mike\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped

C:\Users\mike\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped

C:\Users\mike\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped

C:\Users\mike\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped

C:\Users\mike\AppData\Roaming\SUPERAntiSpyware.com \SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Users\mike\AppData\Roaming\Symantec\NPMDataStor e\CIMStore.xml Object is locked skipped

C:\Users\mike\NTUSER.DAT Object is locked skipped

C:\Users\mike\ntuser.dat.LOG1 Object is locked skipped

C:\Users\mike\ntuser.dat.LOG2 Object is locked skipped

C:\Users\mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Users\mike\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Users\Public\StarzEntertainment\Vongo\Data\vong o.dat Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\Installer\MSI270C.tmp Object is locked skipped

C:\Windows\Installer\MSI2822.tmp Object is locked skipped

C:\Windows\Logs\CBS\CBS.log Object is locked skipped

C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped

C:\Windows\Logs\DPX\setupact.log Object is locked skipped

C:\Windows\Logs\DPX\setuperr.log Object is locked skipped

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped

C:\Windows\panther\diagerr.xml Object is locked skipped

C:\Windows\panther\diagwrn.xml Object is locked skipped

C:\Windows\panther\setupact.log Object is locked skipped

C:\Windows\panther\setuperr.log Object is locked skipped

C:\Windows\panther\UnattendGC\diagerr.xml Object is locked skipped

C:\Windows\panther\UnattendGC\diagwrn.xml Object is locked skipped

C:\Windows\panther\UnattendGC\setupact.log Object is locked skipped

C:\Windows\panther\UnattendGC\setuperr.log Object is locked skipped

C:\Windows\security\database\secedit.sdb Object is locked skipped

C:\Windows\SoftwareDistribution\DataStore\DataStor e.edb Object is locked skipped

C:\Windows\SoftwareDistribution\DataStore\Logs\edb .log Object is locked skipped

C:\Windows\SoftwareDistribution\DataStore\Logs\tmp .edb Object is locked skipped

C:\Windows\SoftwareDistribution\EventCache\{DBFD17 A4-2AB2-4890-906B-C963258DF946}.bin Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regt rans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regt rans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped

C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped

C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\3460B7617E042 9A960E481B197F238A3.mof Object is locked skipped

C:\Windows\System32\wbem\AutoRecover\E478A5DB75C97 21E744C05D78DBACFD3.mof Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evt x Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\Temp\JET8803.tmp Object is locked skipped

C:\Windows\Temp\sqlite_wmcxo7gon9RtLFI Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.
Sikartus
27/02/08, 18:00:04
Hola el reporte de Kaspersky online está limpio pero el de Panda muestra algunos elementos indeseables asi que realiza lo siguiente:

:1: Ve a Inicio-Panel de control -Agregar y quitar programas y desinstala si es que lo ves ese tal KillApp.B.

:2: Si no es asi entonces activas ver archivos ocultos (http://www.forospyware.com/292282-post3.html) e inicias en modo a prueba de fallos (http://www.forospyware.com/292284-post4.html) y elimina:

C:\Users\mike\Downloads\MSNDescifraContrase%F1as.z ip

C:\HP\BIN\EndProcess.exe

Si no se dejan usa FileASSASSIN (http://www.forospyware.com/298547-post10.html)

:3: Luego realiza un nuevo escaneo con Panda Total Scan y regresas con su nuevo reporte.

Nos comentas.

Saludos
Mike 10000
28/02/08, 01:32:58
;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-02-27 23:31:52
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Norton Internet Security 15.0.0.60 Yes No
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\mike\AppData\Roaming\Microsoft\Windows\Co okies\mike@atdmt[1].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Location
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
Sikartus
28/02/08, 01:40:17
HOLA el reporte solo muestra una cookie que es normal(para mayor información lee aquí (http://www.iec.csic.es/CRIPTonOMICon/cookies/queson.html)) si quieres eliminarlo usa Ccleaner como ya lo sabes hacer.

Si todo esta bien me avisas para dar por cerrado y solucionado este tema.

Saludos:Bien:
Mike 10000
28/02/08, 01:48:03
Hola Sikartus pero sigo con el problema de la ventana y se sigue cambiando el primer resultado de todas las busquedas aunque ya corri de nuevo SuperAntispyware DELPSGUARD ROGUEREMOVER y panda total scan todos dicen que mi computadora esta limpia
Sikartus
28/02/08, 02:23:00
Hola realiza lo siguiente:

:1: Inicias en modo a prueba de fallos (http://www.forospyware.com/292284-post4.html).

:2: Ejecuta SmitfraudFix.exe (http://siri.urz.free.fr/Fix/SmitfraudFix_En.php)

• Selecciona la opción "#2 - Clean" pulsando la tecla 2 y presiona ENTER.
• Espera a que la herramienta lleve a cabo el proceso de desinfección. El fondo de Escritorio desaparecerá. Esto es normal.
• Se abrirá una ventanita con la siguiente pregunta: Registry cleaning - Do you want to clean the registry?" (¿Desea limpiar el registro?)...Pulsa sobre la tecla "Y" (Yes) para confirmar que sí y pulsa ENTER.
• El ordenador se reiniciará para teminar el proceso de limpieza. Si no se reiniciara automáticamente, reinícialo manualmente.
• Después de reiniciar, se generará un archivo "rapport.txt", normalmente en el directorio raíz C:\, que te informará de los archivos y claves del registro relacionados con SmitFraud y variantes que han sido eliminados (Pega el reporte).

:3: Reinicias en modo normal verificas los resultados y realizas un nuevo escaneo online con ESET ONLINE SCANNER (http://www.forospyware.com/t133936.html)(regresas con su reporte).

Nota: Si al descargar SmitFraudfix ves que tienes conflicto con tu antivirus desinstala o desactiva temporalmente tu antivirus para poder ejecutar Smitfraudfix y posteriormente lo vuelves a instalar.

Regresas con los reportes y no olvides comentar como sigue tu pc.

Saludos:Bien:
Mike 10000
28/02/08, 17:17:06
Con Fixwareout no se pudo iniciar ya que dice q no es compatible con el sistema Windows Vista

Analisis con Smitfraud

SmitFraudFix v2.298

Scan done at 15:00:00.31, 28/02/2008
Run from C:\Users\mike\Downloads\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\Windows\msvidc32.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0904E5AE-DF43-48FE-B1F4-D314C3E56707}: DhcpNameServer=10.3.1.100 10.3.1.110
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0904E5AE-DF43-48FE-B1F4-D314C3E56707}: DhcpNameServer=10.3.1.100 10.3.1.110
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0904E5AE-DF43-48FE-B1F4-D314C3E56707}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.3.1.100 10.3.1.110
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.3.1.100 10.3.1.110


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Mike 10000
28/02/08, 20:58:45
El reporte de Eset Online

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2909 (20080228)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=31fb28b6048e914c805e7ffdf631751d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-02-29 12:26:36
# local_time=2008-02-28 06:26:36 (-0600, Central Standard Time (Mexico))
# country="Mexico"
# osver=6.0.6000 NT
# scanned=832757
# found=0
# scan_time=10488
Sikartus
28/02/08, 22:16:13
Hola la herramienta a hecho su trabajo.

Comentanos como esta tu pc y si todo está bien nos avisas para dar por cerrado y solucionado este tema.:afirmar:

Saludos:aplausos:
Mike 10000
28/02/08, 22:47:44
Hola sikartus parece ser que ya esta solucionado el problema muchisimas gracias solo una cosa reestablesco el reestablecer la compu o la dejo asi sin mas por el momento solo darte las gracias de nuevo

Gracias!!!!!!
Sikartus
28/02/08, 22:59:00
Hola que bueno y si restablece o activa la restauración.:aplausos:

Será hasta otra oportunidad.:aplausos:

Saludos.

:aplausos::aplausos::aplausos:TEMA SOLUCIONADO:aplausos::aplausos::aplausos:

© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware Security Blog