• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    Troyano Win32/TrojanProxy.Agent.NDG ...(Solucionado)

    Resumen del tema: Troyano Win32/TrojanProxy.Agent.NDG ...(Solucionado) - Hola quisiera que alguien pudiera ayudarme en un problema que vengo teniendo con este virus el Win32/TrojanProxy.Agent.NDG . Si mal no estoy este virus fue adquirido por medio del messenger, el cual se presenta como ...

      
    1. #1
      Usuario Avatar de Sedapin
      Registrado
      dic 2006
      Ubicación
      Colombia
      Mensajes
      31

      Malware Troyano Win32/TrojanProxy.Agent.NDG ...(Solucionado)

      Hola quisiera que alguien pudiera ayudarme en un problema que vengo teniendo con este virus el Win32/TrojanProxy.Agent.NDG. Si mal no estoy este virus fue adquirido por medio del messenger, el cual se presenta como un mensaje para engañar a la persona y este va acompañado de un archivo zip. Esta clase de propagacion ya es conocida por muchas personas. Asi que agradeceria quien pudiera ayudarme. Gracias
      Última edición por Astareth fecha: 19/01/08 a las 16:06:35 Razón: No abuses del tamaño de la fuente

    2. #2
      Ex-Colaborador Avatar de Sikartus
      Registrado
      jun 2007
      Ubicación
      Lima-Perú
      Mensajes
      3.890

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola bienvenido al foro realiza lo siguiente:

      Descarga SDFix @ AndyManchesta.

      -Inicias en modo seguro.

      - Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio, entra en la nueva carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el scan, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega el reporte que te genero la utilidad.

      Ejecuta Ccleaner en sus opciones de limpiador y registro este último pásalo hasta que no te salga nada, cualquier duda lees su manual(no olvides hacer una copia de seguridad).

      Reinicias en modo normal y realiza un escaneo con:

      -Panda online dudas sobre este lees su manual y pegas su reporte.

      Regresas y nos comentas.

      Saludos

    3. #3
      Usuario Avatar de Sedapin
      Registrado
      dic 2006
      Ubicación
      Colombia
      Mensajes
      31

      Sonrisa Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      [COLOR="RoyalBlue"]Hola Sikartus gracias por su colaboracion.
      Los siguientes son los reportes:

      1. SDFix AndyManchesta:

      SDFix: Version 1.127

      Run by Administrador on 17/01/2008 at 01:17 a.m.

      Microsoft Windows XP [Versi¢n 5.1.2600]

      Running From: C:\SDFix

      Safe Mode:
      Checking Services:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting...


      Normal Mode:
      Checking Files:

      No Trojan Files Found





      Removing Temp Files...

      ADS Check:

      C:\WINDOWS
      No streams found.

      C:\WINDOWS\system32
      No streams found.

      C:\WINDOWS\system32\svchost.exe
      No streams found.

      C:\WINDOWS\system32\ntoskrnl.exe
      No streams found.



      Final Check:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-17 01:26:39
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...


      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 1


      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Archivos de programa\\Messenger\\msmsgs.exe"="C:\\Archivos de programa\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Archivos de programa\\Ares\\Ares.exe"="C:\\Archivos de programa\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      Remaining Files:
      ---------------


      Files with Hidden Attributes:

      Sat 5 Aug 2006 16,384 A..H. --- "C:\Archivos de programa\Winks Instalador\e.exe"
      Sat 5 Aug 2006 24,578 A..H. --- "C:\Archivos de programa\Winks Instalador\ig.exe"

      Finished!


      2. Ccleaner:

      2.1 Limpiador:

      LIMPIEZA COMPLETA - (7.192 segs)
      ------------------------------------------------------------------------------------------
      137,9MB borrados.
      ------------------------------------------------------------------------------------------

      Detalles de los archivos borrados
      ------------------------------------------------------------------------------------------
      Archivos temporales de IE (2338 archivos) 137,5MB
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 273 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 96 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 293 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 69 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@cgi-bin[2].txt 213 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 65 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@windowsmarketplace[2].txt 262 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@realmadri[1].txt 111 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@msn[1].txt 429 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@live[1].txt 508 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 372 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 70 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 106 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@google[1].txt 131 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@pro-market[2].txt 237 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 331 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@zune[2].txt 234 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 244 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@terra[2].txt 73 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 299 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@mahou[1].txt 96 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@od2[1].txt 102 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 131 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@forospyware[1].txt 346 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@youtube[1].txt 355 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 231 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 467 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@tradedoubler[1].txt 93 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 690 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@hitbox[2].txt 154 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@facebook[2].txt 398 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@abmr[2].txt 259 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 198 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@realmadrid[2].txt 191 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 297 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 690 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@evolnetmedia[1].txt 86 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@doubleclick[1].txt 83 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 610 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][2].txt 802 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@weborama[2].txt 177 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@2o7[1].txt 247 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 82 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@go[1].txt 465 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon jairo@infospyware[1].txt 344 bytes
      C:\Documents and Settings\Jhon Jairo\Cookies\jhon [email protected][1].txt 119 bytes
      Marcado para borrar: C:\Documents and Settings\Jhon Jairo\Cookies\index.dat
      C:\WINDOWS\system32\wbem\Logs\FrameWork.log 610 bytes
      C:\WINDOWS\system32\wbem\Logs\wbemess.log 46,35KB
      C:\WINDOWS\system32\wbem\Logs\wmiprov.log 603 bytes
      C:\WINDOWS\0.log 0 bytes
      C:\WINDOWS\setupapi.log 5,53KB
      C:\WINDOWS\Sti_Trace.log 0 bytes
      C:\WINDOWS\ntbtlog.txt 0,37MB
      C:\WINDOWS\Debug\UserMode\userenv.log 9,67KB
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\#SharedObjects\7A596FG2\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion7_cv.swf\fspSettings.sol 55 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\#SharedObjects\7A596FG2\www.youtube.com\soundData.sol 58 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\#SharedObjects\7A596FG2\www.youtube.com\timeDisplayConfig.sol 81 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\#SharedObjects\7A596FG2\www.youtube.com\videostats.sol 161 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\#SharedObjects\7A596FG2\youtube.com\soundData.sol 58 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\#SharedObjects\7A596FG2\youtube.com\videostats.sol 199 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.espn.go.com\settings.sol 88 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol 81 bytes
      C:\Documents and Settings\Jhon Jairo\Datos de programa\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 475 bytes
      ------------------------------------------------------------------------------------------

      2.2 Registro:

      Windows Registry Editor Version 5.00


      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj\OpenWithList]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MessengerPlus3"="\"C:\\Archivos de programa\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
      "C:\\WINDOWS\\system32\\msnserv.exe"="msnserv"


      Y en cuanto a Panda Online me sale lo siguiente:

      [/COLError descargando ActiveScanSe ha producido un error en la descarga de Panda ActiveScan. Repita de nuevo el proceso. Si se produce de nuevo el error, reinicie su equipo e inténtelo de nuevoPosibles causas de este error son:

      No haber permitido la instalación del control ActiveX de la aplicación.

      Problemas en la conexión a Internet.

      Puede deberse a un error en la descarga o un error en la instalación por falta de espacio en su disco duro, privilegios,... Reintentar

      OR]


      Gracias por tu ayuda y espero una pronta respuesta.

      Saludos

    4. #4
      Ex-Colaborador Avatar de Sikartus
      Registrado
      jun 2007
      Ubicación
      Lima-Perú
      Mensajes
      3.890

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola entonces realiza un escaneo con:

      - Kaspersky Online Scanner cualquier duda sobre este último lees su manual y pegas el reporte que te da de resultado.

      Saludos

    5. #5
      Usuario Avatar de Sedapin
      Registrado
      dic 2006
      Ubicación
      Colombia
      Mensajes
      31

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola el reporte es el siguiente:

      -------------------------------------------------------------------------------
      KASPERSKY ONLINE SCANNER REPORT
      Friday, January 18, 2008 6:45:14 AM
      Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
      Kaspersky Online Scanner version: 5.0.98.0
      Kaspersky Anti-Virus database last update: 18/01/2008
      Kaspersky Anti-Virus database records: 519124
      -------------------------------------------------------------------------------

      Scan Settings:
      Scan using the following antivirus database: extended
      Scan Archives: true
      Scan Mail Bases: true

      Scan Target - My Computer:
      A:\
      C:\
      D:\
      E:\
      F:\

      Scan Statistics:
      Total number of scanned objects: 69581
      Number of viruses found: 9
      Number of infected objects: 19
      Number of suspicious objects: 0
      Duration of the scan process: 02:14:31

      Infected Object Name / Virus Name / Last Action
      C:\Archivos de programa\Eset\cache\CACHE.NDB Object is locked skipped
      C:\Archivos de programa\Eset\infected\RFZAK3DA.NQF Infected: Trojan.Win32.Agent.aec skipped
      C:\Archivos de programa\Eset\logs\virlog.dat Object is locked skipped
      C:\Archivos de programa\Eset\logs\warnlog.dat Object is locked skipped
      C:\Archivos de programa\Messenger Detect\MDServ.exe Infected: not-a-virus:Monitor.Win32.MSNDetect.205 skipped
      C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped
      C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
      C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Archivos temporales de Internet\Content.IE5\E3EXMHBE\get_video[1].com Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Historial\History.IE5\MSHist012008011820080119\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Temp\fla4A9F.tmp Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Temp\IH4A9E.tmp Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP1\A0000090.EXE Infected: Trojan-Downloader.Win32.IstBar.qr skipped
      C:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\EventCache\{59F8C7B8-2DD8-4AFE-9E3B-46625D1190B7}.bin Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\default Object is locked skipped
      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SAM Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\software Object is locked skipped
      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\system Object is locked skipped
      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped
      D:\Instaladores\Fake Webcam\Fake_Webcam_3.9.zip.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.fnr skipped
      D:\Instaladores\Fake Webcam\Fake_Webcam_3.9.zip.exe ZIP: infected - 1 skipped
      D:\Instaladores\TRA\installer-58836-4-MessenPass-Spanish-Castellano.exe Infected: Backdoor.Win32.Agent.duj skipped
      D:\Instaladores\TRA\Messenger Detect.exe/data0009 Infected: not-a-virus:Monitor.Win32.MSNDetect.205 skipped
      D:\Instaladores\TRA\Messenger Detect.exe NSIS: infected - 1 skipped
      D:\Instaladores\TRA\MessenPass\mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.g skipped
      D:\Instaladores\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
      D:\Instaladores\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
      D:\Instaladores\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
      D:\Instaladores\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
      D:\jjjj\iem\inetcorp_iem.adm Object is locked skipped
      D:\jjjj\iem\inetcorp_iem.adm.lcg Object is locked skipped
      D:\jjjj\update\eula.rtf Object is locked skipped
      D:\jjjj\update\idndl.exe Object is locked skipped
      D:\jjjj\update\ie7.cat Object is locked skipped
      D:\jjjj\update\iecustom.dll Object is locked skipped
      D:\jjjj\update\iereseticons.exe Object is locked skipped
      D:\jjjj\update\iesetup.exe Object is locked skipped
      D:\jjjj\update\legitlibm.dll Object is locked skipped
      D:\jjjj\update\nlsdl.exe Object is locked skipped
      D:\jjjj\update\update.exe Object is locked skipped
      D:\jjjj\update\update.exe.manifest Object is locked skipped
      D:\jjjj\update\update.inf Object is locked skipped
      D:\jjjj\update\update.ver Object is locked skipped
      D:\jjjj\update\updspapi.dll Object is locked skipped
      D:\jjjj\update\xmllitesetup.exe Object is locked skipped
      D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\change.log Object is locked skipped
      D:\vv\LimeWire\nspack [fastest wyzo download].zip/Wyzo Browser Setup.exe/data0005 Infected: Trojan.Win32.Obfuscated.en skipped
      D:\vv\LimeWire\nspack [fastest wyzo download].zip/Wyzo Browser Setup.exe Infected: Trojan.Win32.Obfuscated.en skipped
      D:\vv\LimeWire\nspack [fastest wyzo download].zip ZIP: infected - 2 skipped
      D:\vv\LimeWire\private ip_Web_Hottest_Videos_Player.zip/Web_Hottest_Videos_Player.exe/WISE0013.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
      D:\vv\LimeWire\private ip_Web_Hottest_Videos_Player.zip/Web_Hottest_Videos_Player.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
      D:\vv\LimeWire\private ip_Web_Hottest_Videos_Player.zip ZIP: infected - 2 skipped

      Scan process completed.


      Gracias por su ayuda

      Saludos

    6. #6
      Ex-Colaborador Avatar de Sikartus
      Registrado
      jun 2007
      Ubicación
      Lima-Perú
      Mensajes
      3.890

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola Sedapin realiza lo siguiente:

      Activas ver archivos ocultos.

      Inicias en modo a prueba de fallos buscas y eliminas:

      C:\Archivos de programa\Messenger Detect\MDServ.exe
      D:\Instaladores\Fake Webcam\Fake_Webcam_3.9.zip.exe
      D:\Instaladores\TRA\installer-58836-4-MessenPass-Spanish-Castellano.exe
      D:\Instaladores\TRA\Messenger Detect.exe
      D:\Instaladores\TRA\MessenPass\mspass.exe
      D:\Instaladores\Vista Transformation Pack 6.0.exe
      D:\vv\LimeWire\nspack [fastest wyzo download].zip
      D:\vv\LimeWire\private ip_Web_Hottest_Videos_Player.zip

      Eliminas lo marcado en rojo y si no puedes usa FileASSASSIN

      Tambien elimina los elementos en cuarentena ve a:

      C:\Archivos de programa\Eset\infected, elimina todo lo que este dentro de la carpeta(infected) pero no la carpeta.

      Reinicias en modo normal y realizas un nuevo escaneo con Kaspersky para comprobar los resultados, regresas con su reporte.


      Saludos

    7. #7
      Usuario Avatar de Sedapin
      Registrado
      dic 2006
      Ubicación
      Colombia
      Mensajes
      31

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola Sikartus el reporte es el siguiente:

      -------------------------------------------------------------------------------
      KASPERSKY ONLINE SCANNER REPORT
      Friday, January 18, 2008 8:06:30 PM
      Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
      Kaspersky Online Scanner version: 5.0.98.0
      Kaspersky Anti-Virus database last update: 18/01/2008
      Kaspersky Anti-Virus database records: 522812
      -------------------------------------------------------------------------------

      Scan Settings:
      Scan using the following antivirus database: extended
      Scan Archives: true
      Scan Mail Bases: true

      Scan Target - My Computer:
      A:\
      C:\
      D:\
      E:\
      F:\

      Scan Statistics:
      Total number of scanned objects: 71514
      Number of viruses found: 6
      Number of infected objects: 12
      Number of suspicious objects: 0
      Duration of the scan process: 02:54:55

      Infected Object Name / Virus Name / Last Action
      C:\Archivos de programa\Eset\cache\CACHE.NDB Object is locked skipped
      C:\Archivos de programa\Eset\logs\virlog.dat Object is locked skipped
      C:\Archivos de programa\Eset\logs\warnlog.dat Object is locked skipped
      C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped
      C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
      C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Historial\History.IE5\MSHist012008011820080119\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP1\A0000090.EXE Infected: Trojan-Downloader.Win32.IstBar.qr skipped
      C:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000459.exe Infected: not-a-virus:Monitor.Win32.MSNDetect.205 skipped
      C:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\default Object is locked skipped
      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SAM Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\software Object is locked skipped
      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\system Object is locked skipped
      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped
      D:\jjjj\iem\inetcorp_iem.adm Object is locked skipped
      D:\jjjj\iem\inetcorp_iem.adm.lcg Object is locked skipped
      D:\jjjj\update\eula.rtf Object is locked skipped
      D:\jjjj\update\idndl.exe Object is locked skipped
      D:\jjjj\update\ie7.cat Object is locked skipped
      D:\jjjj\update\iecustom.dll Object is locked skipped
      D:\jjjj\update\iereseticons.exe Object is locked skipped
      D:\jjjj\update\iesetup.exe Object is locked skipped
      D:\jjjj\update\legitlibm.dll Object is locked skipped
      D:\jjjj\update\nlsdl.exe Object is locked skipped
      D:\jjjj\update\update.exe Object is locked skipped
      D:\jjjj\update\update.exe.manifest Object is locked skipped
      D:\jjjj\update\update.inf Object is locked skipped
      D:\jjjj\update\update.ver Object is locked skipped
      D:\jjjj\update\updspapi.dll Object is locked skipped
      D:\jjjj\update\xmllitesetup.exe Object is locked skipped
      D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000460.exe Infected: Backdoor.Win32.Agent.duj skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000461.exe/data0009 Infected: not-a-virus:Monitor.Win32.MSNDetect.205 skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000461.exe NSIS: infected - 1 skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000462.exe Infected: not-a-virus:PSWTool.Win32.Messen.g skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000463.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000463.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000463.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000463.exe WiseSFX: infected - 3 skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000469.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.fnr skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\A0000469.exe ZIP: infected - 1 skipped
      D:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP3\change.log Object is locked skipped

      Scan process completed.


      Gracias

    8. #8
      Ex-Colaborador Avatar de Sikartus
      Registrado
      jun 2007
      Ubicación
      Lima-Perú
      Mensajes
      3.890

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola amigo realiza lo siguiente:

      - Apaga Restaurar sistema en todas las unidades.
      - Reinicias tu pc.
      - Activas la restauración.
      - Reinicias nuevamente y realizas un nuevo escaneo con Kaspersky online para comprobar los resultados y regresas con su nuevo reporte.

      Si todo esta bien despues de estos pasos y el reporte de Kaspersky sale limpio. regresas y nos avisas para dar el tema por cerrado.

      Saludos

    9. #9
      Usuario Avatar de Sedapin
      Registrado
      dic 2006
      Ubicación
      Colombia
      Mensajes
      31

      Sonrisa Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      Hola Sikartus el reporte es el siguiente:

      -------------------------------------------------------------------------------
      KASPERSKY ONLINE SCANNER REPORT
      Saturday, January 19, 2008 3:11:08 AM
      Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
      Kaspersky Online Scanner version: 5.0.98.0
      Kaspersky Anti-Virus database last update: 19/01/2008
      Kaspersky Anti-Virus database records: 523184
      -------------------------------------------------------------------------------

      Scan Settings:
      Scan using the following antivirus database: extended
      Scan Archives: true
      Scan Mail Bases: true

      Scan Target - My Computer:
      A:\
      C:\
      D:\
      E:\
      F:\

      Scan Statistics:
      Total number of scanned objects: 72715
      Number of viruses found: 0
      Number of infected objects: 0
      Number of suspicious objects: 0
      Duration of the scan process: 01:50:26

      Infected Object Name / Virus Name / Last Action
      C:\Archivos de programa\Eset\cache\CACHE.NDB Object is locked skipped
      C:\Archivos de programa\Eset\logs\virlog.dat Object is locked skipped
      C:\Archivos de programa\Eset\logs\warnlog.dat Object is locked skipped
      C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped
      C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
      C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Configuración local\Historial\History.IE5\MSHist012008011920080120\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\Jhon Jairo\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
      C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
      C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
      C:\System Volume Information\_restore{9A797A93-E927-4907-8C08-2829C32F0CB7}\RP1\change.log Object is locked skipped
      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
      C:\WINDOWS\SchedLgU.Txt Object is locked skipped
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\default Object is locked skipped
      C:\WINDOWS\system32\config\default.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SAM Object is locked skipped
      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY Object is locked skipped
      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
      C:\WINDOWS\system32\config\software Object is locked skipped
      C:\WINDOWS\system32\config\software.LOG Object is locked skipped
      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
      C:\WINDOWS\system32\config\system Object is locked skipped
      C:\WINDOWS\system32\config\system.LOG Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
      C:\WINDOWS\WindowsUpdate.log Object is locked skipped
      D:\jjjj\iem\inetcorp_iem.adm Object is locked skipped
      D:\jjjj\iem\inetcorp_iem.adm.lcg Object is locked skipped
      D:\jjjj\update\eula.rtf Object is locked skipped
      D:\jjjj\update\idndl.exe Object is locked skipped
      D:\jjjj\update\ie7.cat Object is locked skipped
      D:\jjjj\update\iecustom.dll Object is locked skipped
      D:\jjjj\update\iereseticons.exe Object is locked skipped
      D:\jjjj\update\iesetup.exe Object is locked skipped
      D:\jjjj\update\legitlibm.dll Object is locked skipped
      D:\jjjj\update\nlsdl.exe Object is locked skipped
      D:\jjjj\update\update.exe Object is locked skipped
      D:\jjjj\update\update.exe.manifest Object is locked skipped
      D:\jjjj\update\update.inf Object is locked skipped
      D:\jjjj\update\update.ver Object is locked skipped
      D:\jjjj\update\updspapi.dll Object is locked skipped
      D:\jjjj\update\xmllitesetup.exe Object is locked skipped
      D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

      Scan process completed.


      Gracias por su gran ayuda, el sistema ya aparece limpio y no aparece ya el mensaje del NOD32 del supuesto virus al inicio del arranque de los programas que inician con windows, asi como tambien los mensajes que se envian solos que contienen el archivo .zip (virus) del messenger. De no haber sido por usted aun continuara con ese molesto virus y en cuanto al tema lo podemos dar ya como terminado e igualmente como solucionado.

      Saludos

    10. #10
      Ex-Colaborador Avatar de Sikartus
      Registrado
      jun 2007
      Ubicación
      Lima-Perú
      Mensajes
      3.890

      Re: Troyano Win32/TrojanProxy.Agent.NDG ¿Como puedo eliminarlo completamente de la Pc

      HOLA de nada amigo Sedapin entonces será hasta otra oportunidad, que bueno que todo ya este bien.

      El tema queda cerrado y solucionado.

      Saludos.

      TEMA SOLUCIONADO