piolo
16/04/08, 19:10:29
Hola, otra vez con problemas; mi compu tiene este troyano Backdoor.Win32.Small.dlh esta alojado en una carpeta oculta en C: que no he podido borrar, le corri un analisis con kasperky online, y a razon de eso le instale la version gratuita de un mes y lo detecta, pero no lo elimina, me gustaria que me ayudaran para poder borrarlo manualmente, les pego el log.
gracias chicos :Bien:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 4:34:17 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702086
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 69289
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 02:20:26
Infected Object Name / Virus Name / Last Action
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe Infected: Backdoor.Win32.Small.dlh skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\ZLT021cb.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT021ce.TMP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\REYES-2TZ1L9NCQ.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3A63B9 80-29B9-4C69-9179-67ADFBFEEA80}.bin Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Reyes\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Historial\History.IE5\MSHist0120080413200804 14\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \XUL.mfl Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Reyes\Mis documentos\Mi música\Top of Charts - 2004.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Reyes\Escritorio\Fernando\Z - PROGRAMAS\Programas Descargados\Nero-8.3.2.1_esl_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Reyes\Escritorio\Fernando\Z - PROGRAMAS\Programas Descargados\Nero-8.3.2.1_esl_trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Reyes\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \history.dat Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \cert8.db Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \key3.db Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \search.sqlite Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \parent.lock Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \formhistory.dat Object is locked skipped
C:\Documents and Settings\Reyes\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{05DADB88-F69B-4D9C-84AC-1469A52249B9}\RP139\change.log Object is locked skipped
Scan process completed.
gracias chicos :Bien:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 4:34:17 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702086
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 69289
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 02:20:26
Infected Object Name / Virus Name / Last Action
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe Infected: Backdoor.Win32.Small.dlh skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\ZLT021cb.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT021ce.TMP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\REYES-2TZ1L9NCQ.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3A63B9 80-29B9-4C69-9179-67ADFBFEEA80}.bin Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Reyes\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Historial\History.IE5\MSHist0120080413200804 14\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \XUL.mfl Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Reyes\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Reyes\Mis documentos\Mi música\Top of Charts - 2004.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Reyes\Escritorio\Fernando\Z - PROGRAMAS\Programas Descargados\Nero-8.3.2.1_esl_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Reyes\Escritorio\Fernando\Z - PROGRAMAS\Programas Descargados\Nero-8.3.2.1_esl_trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Reyes\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \history.dat Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \cert8.db Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \key3.db Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \search.sqlite Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \parent.lock Object is locked skipped
C:\Documents and Settings\Reyes\Datos de programa\Mozilla\Firefox\Profiles\k1oizpw0.default \formhistory.dat Object is locked skipped
C:\Documents and Settings\Reyes\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{05DADB88-F69B-4D9C-84AC-1469A52249B9}\RP139\change.log Object is locked skipped
Scan process completed.