PDA

Ver la Versión Completa : Trojan-Downloader.Win32.Agent.avz

helenycarol
10/12/06, 10:56:36
tengo el bitdefender,pero ya creo que no funciona muy bien,pues no me detecta virus y troyanos que con el kaspery online que teneis aqui ,me han salido.
os cuento que el pc a momentos,se me queda pillado,me va muy lento o se me cierran los programas.
yo tengo un foro de diseño grafico y me descargo al cabo del dia,muchisimas imagenes de miles de paginas,todos los dias limpio 2 veces los archivos temporales.que me recomendariais para tener mi pc totalmente protegido y que no me quite mucha memoria??
bueno,no me enrollo mas.
aqui os dejo lo que me ponia en el kaspery,a ver si me podeis ayudar para limpiarlo.gracias
helenycarol
10/12/06, 11:18:27
<td height='15'>Number of viruses found</td>
<td>1</td>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>16 / 0</td>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>0</td>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>01:10:54</td>

<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='200'><b>Virus Name</b></td>
<td width='100'><b>Last Action</b></td>
</tr>
<tr height='20'>
<td height='20'>C:\Archivos de programa\eMule\Temp\002.part
</td>
<td>Object is locked </td>
<td>skipped </td>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Archivos de programa\eMule\Temp\004.part</td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Archivos de programa\eMule\Temp\005.part </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Archivos de programa\eMule\Temp\006.part
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Archivos de programa\ESET\logs\virlog.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Archivos de programa\ESET\logs\warnlog.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Archivos de programa\Softwin\BitDefender9\asdict.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\ID3CPKFY\popup[1].htm
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\ID3CPKFY\popup[2].htm
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\NR1VBPCK\popup[1].htm
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\OPYB8HE3\popup[1].htm
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Historial\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Configuración local\Historial\History.IE5\MSHist0120061210200612 11\index.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\Cookies\index.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\ntuser.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\elena\NTUSER.DAT.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
<td>Object is locked </td>
<td>skipped </td>
<tdheight='20'>C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\LocalService\Cookies\index.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\LocalService\NTUSER.DAT
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\LocalService\ntuser.dat.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\MountPointManagerRemoteDatabase
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP152\change.log </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP40\A0008499.exe/WISE0052.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP40\A0008499.exe/WISE0053.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP40\A0008499.exe </td>
<td>WiseSFX: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP40\A0008499.exe </td>
<td>WiseSFX Dropper: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP48\A0014744.exe/WISE0052.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP48\A0014744.exe/WISE0053.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP48\A0014744.exe </td>
<td>WiseSFX: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP48\A0014744.exe </td>
<td>WiseSFX Dropper: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0022514.exe/WISE0052.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0022514.exe/WISE0053.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0022514.exe </td>
<td>WiseSFX: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0022514.exe </td>
<td>WiseSFX Dropper: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0027924.exe/WISE0052.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0027924.exe/WISE0053.BIN
<td>Infected: Trojan-Downloader.Win32.Agent.avz
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0027924.exe </td>
<td>WiseSFX: infected - 2 </td>
<td>skipped </td>
<td height='20'>C:\System Volume Information\_restore{DDC3ED74-74A9-4B8B-87A4-370D55337F14}\RP53\A0027924.exe </td>
<td>WiseSFX Dropper: infected - 2 </td>
<td>skipped </td>
>C:\WINDOWS\Debug\PASSWD.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\SchedLgU.Txt </td>
<td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\SoftwareDistribution\DataStore\DataStor e.edb
<td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log
<td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb
td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\SoftwareDistribution\EventCache\{1CD97B 10-85FF-4596-9550-CA58B39807C4}.bin </td>
<td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\SoftwareDistribution\EventCache\{29AB7D 99-A179-435D-A896-384F742383A9}.bin </td>
<td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\Sti_Trace.log </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt
td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\default
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\default.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\SAM
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\SAM.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\SECURITY
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\software
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\software.LOG
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\system
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\config\system.LOG <td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR <td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP <td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER <td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP <td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\Temp\tmp0000623c\tmp00000000 <td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\wiadebug.log </td>
<td>Object is locked </td>
<td>skipped </td>
<td height='20'>C:\WINDOWS\wiaservc.log </td>
<td>Object is locked </td>
<td>skipped </td>
>C:\WINDOWS\WindowsUpdate.log </td>
<td>Object is locked </td>
<td>skipped </td>
<¡D3vIL!>
10/12/06, 11:20:38
Hola helenycarol

Realizá los siguientes pasos, sin saltarte ninguno por favor:

<---Paso 1--->


Visita Windows Update (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=es) para que descargues las últimas actualizaciones criticas de seguridad, y Aquí (http://www.microsoft.com/windows/ie_intl/es/download/default.mspx) para el internet explorer.


<---Paso 2--->


Apaga Restaurar Sistema (http://www.forospyware.com/45-post2.html)


<---Paso 3--->


Elimina todas las cuarentenas que tengas y vacia la papelera tambien.


<---Paso 4--->


Pasa 2 antvivirus online el Ewido Scanner Online (http://www.forospyware.com/t42048.html) y Kaspersky Online Scanner (http://www.forospyware.com/t55793.html).si hay algo que no te eliminen lo pones aquí con su ruta completa.


<---Paso 5--->


pasa el RegSeeker (http://www.forospyware.com/t713.html) para Limpiar el registro pásalo hasta q no quede nada para eliminar.


De preferencia, imprime las indicaciones para que se te haga más fácil seguirlas.



salu2 http://img455.imageshack.us/img455/7932/icontwistedrp4.gif
Recuerda volver y contarnos los resultados
helenycarol
10/12/06, 11:25:31
se me olvida,tengo el nod32,y para instalar el Spybot Search & Destroy,y el
Spywareblaster.
helenycarol
10/12/06, 12:56:13
e seguido todos los pasos pero como tengo el ccleaner,le e utilizado para limpiar los registros.
muchisimas gracias de verdad.
aqui lo que me pone el kaspery :

Scan Statistics:
Total number of scanned objects: 33596
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:40:59

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked skipped
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked skipped
C:\Archivos de programa\Softwin\BitDefender9\asdict.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\ID3CPKFY\popup[1].htm Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\ID3CPKFY\popup[2].htm Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\NR1VBPCK\popup[1].htm Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Archivos temporales de Internet\Content.IE5\OPYB8HE3\popup[1].htm Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Historial\History.IE5\MSHist0120061210200612 11\index.dat Object is locked skipped
C:\Documents and Settings\elena\Configuración local\Temp\Perflib_Perfdata_1694.dat Object is locked skipped
C:\Documents and Settings\elena\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\elena\ntuser.dat Object is locked skipped
C:\Documents and Settings\elena\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5ECE3A DD-851A-4447-8D26-FC5FD097EC1E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp0000623c\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
SpRiTeR
10/12/06, 13:22:36
Vuelve a pasar el CCleaner.


El reporte esta limpio (Salvo el popup.html que lo puedes resolver con el CCleaner).



Hlg
helenycarol
10/12/06, 14:18:30
al pasarle el ccleaner menos mal que me e creado una copia(o como se diga),porque me e pasado quitando registros y no podia abrir el mesenger. asi que ahora si lo vuelvo a pasar,cual no deberia de quitar??
decirte que el spybot lo e desintalado porque era pirata y no me dejaba actualizarlo y analizar,y el bitdefender tambien lo e desintaladohttp://i56.photobucket.com/albums/g185/helenycarol/Imagen1-2.gif

gracias
punkitaso
10/12/06, 15:47:04
Hola...

Bueno en lo personal, te recomiendo el uso del RegSeeker (http://www.forospyware.com/t713.html), para limpiar el registro de tu sistema (Paso 9 del manual), pasalo varias veces hasta que ya no te salga nada.

Nos comentas.

Saludos.:Bien:

© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware Security Blog