Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola! Soy un distraído. Se me había pasado eliminar el contenido de la carpeta infectada de ESET. Ya lo he hecho y ahora solo detecta los dos archivos temporales infectados. ¿Debería eliminarlos a mano, o qué mas se puede hacer?

Como siempre, muchísimas gracias por la ayuda.

Saludos!




KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 06, 2008 3:58:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 552453
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 46366
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:53:25

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH44.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mmdmm[1].exe Infected: Trojan.Win32.Agent.dth skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\mixit[1].exe Infected: Backdoor.Win32.IRCBot.bcs skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Hola, veo que hubo problemas en el foro. Arriba te anexé el último reporte de Kaspersky. Muchísimas gracias como siempre.

Saludos!

Hola, en modo seguro ejecuta la siguiente herramienta:

- Ejecuta Ccleaner en sus opciones de limpiador y registro este último pásalo hasta que no te salga nada, cualquier duda lees su manual(no olvides hacer una copia de seguridad).

- Ejecuta Diskcleaner.

Luego reinicias en modo normal y realizas un nuevo escaneo con Kaspersky online y regresas con su nuevo reporte.

Saludos

Nota: Lee atentamente y sigue los pasos al pie de la letra.

Hola! Seguí los pasos que me especificaste en el post anterior y aquí está el nuevo reporte de Kaspersky. Me preocupa ya que ahora se detectan 2 virus pero en 4 archivos :S.

Muchísimas gracias de antemano por la ayuda y la paciencia.

Saludos!




KASPERSKY ONLINE SCANNER REPORT
Saturday, February 09, 2008 2:48:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/02/2008
Kaspersky Anti-Virus database records: 555870
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 47648
Number of viruses found 2
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 01:33:40

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\cer t8.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\his tory.dat Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\key 3.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\par ent.lock Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\sea rch.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\url classifier2.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\472C4CA7d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\8693B7B3d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\FEB62F14d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH15C.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH175.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH1BC.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH21A.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH21F.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH22B.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH249.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH24A.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH24D.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH24E.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH44.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH6D.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\UVSHAV2L\kos11yh2[1].jpeg Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Microsoft Office\Plantillas\Normal.dot Object is locked skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP30\A0074444.exe Infected: Trojan.Win32.Agent.fcw skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP30\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mixit[1].exe Infected: Trojan.Win32.Agent.fcw skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mmdmm[1].exe Infected: Trojan.Win32.Agent.dth skipped
C:\WINDOWS\system32\FxsTmp\fxs410.tmp Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdm.exe Infected: Trojan.Win32.Agent.fcw skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Hola Fly By Night esos elementos infectados estan dentro de los archivos temporales de internet.

Tras ejecutar las ultimas herramientas debieron ser eliminados, pero veo que no fue asi.

Tienes que ejecutar dichas herramientas no solo en tu sesion de usuario Serguei Si no en todas las sesiones de usuario que tengas en tu pc.

También Apaga Restaurar sistema.

Busca y elimina lo marcado en rojo:C:\WINDOWS\system32\mdm.exe, luego de eliminarlo manualmente reinicias tu pc y realizas un nuevo escaneo con Kaspersky, regresas con su nuevo reporte.

Si se resiste dicho elemento usa FileASSASSIN

Regresas con el reporte de Kaspersky online.

Saludos

Hola. Te pongo el último reporte de Kaspersky. Pude eliminar el mdm.exe, pero aún me aparecen dos archivos infectados (temporales de Internet) ¿Los podría eliminar de la misma manera?

Muchísimas gracias de antemano por la ayuda y la paciencia.

Saludos!!!

KASPERSKY ONLINE SCANNER REPORT
Monday, February 11, 2008 7:53:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/02/2008
Kaspersky Anti-Virus database records: 558107
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 42993
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 03:00:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\cer t8.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\his tory.dat Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\key 3.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\par ent.lock Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\sea rch.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\url classifier2.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\1E0A21BCd01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\2ABBD17Bd01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\3117FB89d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\472C4CA7d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\877F3381d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\945EC72Cd01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\AFD81261d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\ECAA1D3Ad01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\F48578CFd01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\MSHist012008021120080 212\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH10E.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH14E.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH164.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH16A.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH185.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH1A7.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH1B4.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2BF.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2C2.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2C3.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2C5.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2C7.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2C9.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2CB.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2D2.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH2FA.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH302.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IHC6.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IHE4.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Microsoft Office\Plantillas\Normal.dot Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mixit[1].exe Infected: Trojan.Win32.Agent.fcw skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mmdmm[1].exe Infected: Trojan.Win32.Agent.dth skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Hola Fly By Night sobre tu pregunta si los puedes eliminar de la misma manera.

Pero en caso no funcione realiza lo siguiente:

Descargate OTMoveIt lo guardas en el Escritorio.

• Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
• Asegurate que este marcado "Unregister Dll's and Ocx's".
• Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste List of Filas / Folders to be moved.

• Haz clic en MoveIt! Para lanzar la supresión.
• Cuando el resultado aparece en el marco Results, haz clic enExit.
• Reinicia el PC (Este paso es muy importante)

Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles\********_******.txt (Donde sale "********_******" es el "date_time")

Luego realiza un nuevo escaneo con Kaspersky online, regresas nos comentas y si todo esta bien y el reporte sale limpio nos avisas para dar por cerrado tu tema.

Saludos

Hola. No fue necesario ejecutar la última herramienta. Con el FileAssasin pude eliminar los otros dos archivos problemáticos, y finalmente se ha dado un reporte limpio con Kaspersky.

Muchísimas gracias por la ayuda y la paciencia. Aquí dejo el reporte final y, ahora si, puede darse el tema por cerrado.

Saludos!


KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 12, 2008 3:57:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/02/2008
Kaspersky Anti-Virus database records: 560167
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 43272
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:59:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\cer t8.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\his tory.dat Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\key 3.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\par ent.lock Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\sea rch.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\url classifier2.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\D759F3F4d01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\DDD1255Fd01 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\hsperfdata_Serguei\1700 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH107.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH14A.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH886.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

HOLA que bueno que todo este bien.

Será hasta otra oportunidad.

Saludos.