PDA

Ver la Versión Completa : trojan.startpage.GEN (No se como sacarlo)

Zuda
30/08/06, 16:05:44
Hola mi nombre es Zunilda, tengo un pequeño problema, cada vez que le hago una limpieza a la maquina con diferentes Spyware cuando llega el turno del Spyware doctor me salta el trojan.startpage.GEN y no lo puedo sacar, nose que daños casa, si hay que sacarlo o no, la maquina se me tilda muchas veces y por ahi es por eso, cualquiera que pueda ayudarme se lo agradeceria mucho. Tengo win xp nose que otros datos se necesitan....


Desde ya Muchas Gracias Zully:Bien:
Hardrive
30/08/06, 21:30:07
Hola y bienvenido al foro :Bien:
Pasa el Ewido On-Line (http://www.ewido.net/en/onlinescan/) y el Kaspersky On-Line (http://www.kaspersky.com/virusscanner) y nos pegas los 2 reportes juntos, en este mismo tema.

Salu2 :adios:
Zuda
30/08/06, 21:46:45
Muchas gracias por responder, pero ahora tengo otro problema, cuando quiero escanear via online,..... no tengo el control alctivex (O algo asi) instalado, lo tengo que instalar? ¿Que me trae eso? ¿Es necesario o se puede hacer de alguna otra manera?

Desde ya muchisimas Gracias Zully:Bien:
Hardrive
30/08/06, 21:50:10
No te preocupes, simplemente instalalos, hasta ahora no he conocido ningun caso al que le haya hecho problemas.

Salu2
Zuda
31/08/06, 10:04:40
Hola, hice los dos scan y ahi van los reportes, ahhh y ya que estamos, el NewDonet que aparece tampoco lo puedo sacar, y lo detecto con el Serch anda Destroit.



ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: Adware.Accoona
Path: HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\EMediaCodec.Chl
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Media-Codec.Chl
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Media-Codec.Chl\CLSID
Risk: Medium

Name: Adware.WebRebates
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\.DEFAULT\Software\New.net
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\S-1-5-21-1715567821-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-1715567821-813497703-725345543-1003\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-1715567821-813497703-725345543-1003_Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\S-1-5-18\Software\New.net
Risk: Medium

Name: Adware.Trymedia
Path: C:\Documents and Settings\Luisa\Escritorio\tradewindsam-dm.exe
Risk: Medium

Name: Adware.NewDotNet
Path: C:\WINDOWS\NDNuninstall7_22.exe
Risk: Medium

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024\ld169F.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024\ld1D78.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024\ld2806.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024\ld345.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024\ld508D.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\1024\ld61D4.tmp
Risk: High


--------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT
Thursday, August 31, 2006 11:00:07 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/08/2006
Kaspersky Anti-Virus database records: 206836


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 75654
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:09:43

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Zully\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Zully\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Zully\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Zully\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Zully\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Zully\Datos de programa\AVG7\Log\emc.log Object is locked skipped

C:\Documents and Settings\Zully\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Zully\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{048AED7E-0899-4186-856A-CF5CA2D2CDBB}\RP405\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{563C1B 14-842C-4FAC-8FD1-E7CFF46AEDFA}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CnxDslWz.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd1565.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped




Mmmmmm menos mal que hay gente que entiende estoooooooo GRACIAS!!!:Bien:
Zuda
09/09/06, 19:06:07
Necesitariiiiiaaaa porrrr favor que me respondan!!!!! necesito saber si hay algun problemay si lo puedo solucionar!!!!!!!!
Hardrive
09/09/06, 19:33:19
Holas otra vez. Sigue los siguientes pasos:
1. - Entra en Modo Seguro (http://www.forospyware.com/47-post4.html) (Modo a Prueba de Fallos).
2. - Borra los siguientes archivos:
C:\Documents and Settings\Luisa\Escritorio\tradewindsam-dm.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\system32\1024 ==> carpeta entera
3. - Anda a Inicio ==> Ejecutar... ==> regedit, se abrira una ventana similar al explorador de windows, donde debes eliminar estas carpetas:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364B627 6-C6C1-40B6-A6D7-6C48871FD707}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodec.Ch l
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Media-Codec.Chl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ins
HKEY_USER\.DEFAULT\Software\New.net
HKEY_USER\S-1-5-21-1715567821-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_USER\S-1-5-21-1715567821-813497703-725345543-1003\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}
HKEY_USER\S-1-5-21-1715567821-813497703-725345543-1003_Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}
HKEY_USER\S-1-5-18\Software\New.net

4. - Escanea con:

DelPSGuard (http://www.forospyware.com/attachments/forum16/459d1156893462-delpsguard.zip) (manual (http://www.forospyware.com/t43227.html))
FixNew.net (http://www.forospyware.com/redirect-to/?redirect=http%3A%2F%2Fsecurityresponse.symantec.c om%2Favcenter%2FFxNdotN.exe)
Spybot S&D 1.4 (http://www.infospyware.com/Anti-Spywares.htm) actualizado (opcion "Analizar problemas").
Ad-aware 1.06 SE Personal (http://www.infospyware.com/Anti-Spywares.htm) actualizado (Full Scan).
Arovax Antispyware (http://www.arovaxantispyware.com/) (opcion "scan selected folders" activada, y seleccionando los discos locales).

5. - No salgas del modo seguro. Has lo siguiente en cada cuenta de usuario:

Cierra todas las ventanas.
Pasa el CCleaner (http://download.ccleaner.com/ccsetup131.exe).
Limpia el registro con RegSeeker (http://www.infospyware.com/Herramientas.htm) (manual (http://www.forospyware.com/t713.html)).

6. - Inicia en Modo Normal.
7. - Pasa el LSP-fix (http://www.forospyware.com/t14.html) para reparar LSP's.
8. - Inmuniza con SpywareBlaster (http://www.infospyware.com/Anti-Spywares.htm) (manual (http://www.forospyware.com/t11.html)) y usa Firefox (http://www.forospyware.com/Firefox/Firefox.htm) como navegador :fireIE:
9. - Escanea con Ewido On-Line (http://www.ewido.net/en/onlinescan/) y nos pegas el reporte.

De preferencia imprime los pasos (http://www.forospyware.com/t49781-print.html) para que te sea mas facil.

No olvides contarnos resultados.

Salu2 ;)

© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware Security Blog