Blog Registrarse Manuales Programas Glosario

Regresar   Foro de InfoSpyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar Problemas con Troyano Win32/Rbot (Solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
Página 1 de 2 1 2
 
Enviar a: Herramientas
  post #1  
Antiguo 31/01/08, 17:29:36
Usuario
  
Registrado: ene 2008
Ubicación: México
Mensajes: 23
Problemas con Troyano Win32/Rbot (Solucionado)
Hola a todos! Espero que estén bien. Les escribo para comentarles sobre un nuevo problema que he tenido de virus... :S

Cuando inicio el sistema, al poco rato de entrar a Windows, mi NOD32 avisa de que se han encontrado infecciones en las siguientes rutas...

c:/windows/system32/msmsgs.exe
c:/windows/rundll32.exe

En ambos casos me dice que probablemente sea una variante modificada de (Troyano) Win32/Rbot

¿Cómo puedo deshacerme de estos virus? Ya que el NOD32 los detecta pero no los cura... De igua forma, me gustaría saber cómo puedo activar el firewall de windows (no me aparece el ícono en el inicio) o de qué manera proteger mejor mi computadora, para que no salgan virus cómo estos... ya que el NOD32 los detecta pero (al igual que el Norton) parece no curar todo.

Muchas gracias de antemano.

Saludos!
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 31/01/08, 17:39:24
Avatar de Sikartus
Colaborador
  
Registrado: jun 2007
Ubicación: Lima-Perú
Mensajes: 3.900
Re: Problemas con Troyano Win32/Rbot
Hola realiza lo siguiente:

Descarga SDFix.

Inicias en modo a prueba de fallos .

Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio(si no es asi buscas dicha carpeta en la unidad c:), entra en la nueva carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el scan, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega el reporte que te genero la utilidad.

Reinicias en modo normal y realizas un escaneo con los siguientes antivirus online:

- Ewido (no olvides darle en la opción REMOVE INFECTIONS) dudas sobre este te lees el manual de ewido

- Kaspersky Online Scanner cualquier duda sobre este último lees su manual y pegas el reporte que te da de resultado.
Si utilizas Firefox necesitas para pasar los antivirus online la extensión
IE TAB

Nos cuentas como te fue y no olvides pegar los reportes.

Saludos.
Responder Con Cita
  post #3  
Antiguo 03/02/08, 22:09:35
Usuario
  
Registrado: ene 2008
Ubicación: México
Mensajes: 23
Re: Problemas con Troyano Win32/Rbot
Hola!

He pasado los antivirus en IE y estos son los resultados. Me preocupan sobre todo los "skipped" del Kaspersky. ¿Qué puedo hacer?

Muchas gracias de antemano.

Saludos!


Va primero el SDFix... en posts siguientes pondré los otros antivirus...


SDFix: Version 1.135

Run by Fly By Night on Sun 02/03/2008 at 01:20 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HKCU HomePage

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\MSV.EXE - Deleted
C:\lo.exe - Deleted
C:\WINDOWS\rundll32.exe - Deleted
C:\WINDOWS\system32\a.exe - Deleted
C:\WINDOWS\system32\msmsgs.exe - Deleted





Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 13:28:28
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\BITS]
"StateIndex"=dword:00000000

scanning hidden files ...

C:\WINDOWS\system32\wbem\Performance\WmiApRpl_new. ini 924 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 11 Aug 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Mon 11 Aug 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Mon 11 Aug 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Mon 11 Aug 2003 233,553 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0091ab29 9e899a5920ad91739ad99c67\BIT122.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\021bbe9f 2a0e31da1414f03ea6d62389\BITEA.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6 461c8001578e5e4cd4bb024b\BIT5A.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b4 9e4a15c0b9a45c0426de5360\BITFE.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93 c24da62cf8f31668d6ba9060\BIT54.tmp"
Wed 30 Jan 2008 487,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\15c0ab26 0081ce840e2b252751d01b80\BIT51.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1e0d5826 a4592cc6d08a9c51de1deab1\BIT116.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d780972 0343ee9223ce4d88d99bf3c2\BIT13C.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32cc7772 51e695000c46eaf909a80b37\BIT10B.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33dda7a9 fdd16ad3949443f62d248f25\BIT15D.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3becf780 26ee8bb0c18f61c3d3645cb6\BITED.tmp"
Sun 3 Feb 2008 490,736 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1d a652794a86c37dbd177bef9d\BIT1FB.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cc8107f de988bba1481bb736cc96c29\BIT53.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52b72a83 54f3c8a72b1aee0b2a11d368\BIT130.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55b5c397 ff94db07e8c1c336efaf0a7b\BIT206.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5652d934 eec8bfa4dc68c4e256a23d5e\BITDC.tmp"
Wed 30 Jan 2008 2,367,240 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\587d85e7 82ae94381c309d8add64e1a0\BIT44.tmp"
Sun 3 Feb 2008 1,025,808 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\63be32ba cbd73459f1f4fbd657823ecc\BIT4E.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\65cd5bd5 4188e653414d6e2035b6edfb\BIT50.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f0fd10f c234123bcdf54ebca4b84cbd\BIT214.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\791153f2 4e30cff9e2b19e146f3029a9\BIT127.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\962449ea ea2a809dd7a3a95c81a023bd\BITE4.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a099dfb7 d5d88247579330743c8014f3\BIT143.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4eec311 89780c76a955690dc00fbe64\BIT103.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\adc42e4e 6905251cac80b18a8dccd42a\BIT20E.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3ba2a04 0ecf3ac2cd2da399851bda00\BIT10F.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b945911f 54e4095cfe742ac0d024d810\BIT52.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c23140ab 2b4cffaee396a230df8b1229\BIT21A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ccaf1415 8dd167fe34055e2bcf5a04e7\BIT58.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc176 5c1d2a8e6c26cf77036ce48f\BIT59.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c31219 82c8a4d0c1605cfbcb9bb7c8\BIT56.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f934b30a 3337b488590ef3c1f3bbfd68\BIT150.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f941c900 a413f153861a4032214a1aec\BIT11C.tmp"
Sun 3 Feb 2008 611,592 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa53e640 686f7f15b5ee3f532304b804\BIT4D.tmp"
Mon 11 Aug 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12304924 12c0d92c55a03b0de671f167\download\BIT6B1.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1fb659e2 5c21839251d560da33cbcfad\download\BITDF6.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c 52f47d7b2df4baa21f58d3da\download\BIT7AB.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364 da67a7850c38a7a4e067a1ed\download\BIT6D9.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4596f4b9 d8a4b5253ee760a58a45bcfb\download\BIT4A.tmp"
Wed 30 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\512e19b3 77bd5d52a1e190ecbd7a83eb\download\BIT5AB.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d0bad9 6d671744fec5c77caa4cdf4d\download\BIT452.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\694301db fd149d8645046cbc0b1067e8\download\BIT6D8.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b94d041 c29d0b8d724c97ae0005e71b\download\BIT724.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\837a8691 e43011f909e4b3e192fe1437\download\BITBAE.tmp"
Sat 2 Feb 2008 101,774 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aebb83db 003f77a45671fd2c1557da38\download\BIT1E3.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd 49200c55d94bb81819c80f2b\download\BIT8E2.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d037d9bb bbdf880e477c3840b38c3180\download\BIT1B9.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f6 55073b64c82b6f4f138d5f7e\download\BIT49.tmp"
Thu 31 Jan 2008 3,049,009 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638e e8e6f6c7eff37e755cd6f449\download\BIT763.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edc9e523 d8678897d85b5ee0ef1bbf7a\download\BIT1FB.tmp"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a 7788e207ef67f26bf9f0471f\download\BITD94.tmp"

Finished!
Responder Con Cita
  post #4  
Antiguo 03/02/08, 22:10:44
Usuario
  
Registrado: ene 2008
Ubicación: México
Mensajes: 23
Re: Problemas con Troyano Win32/Rbot
Va el Ewido...


__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Serguei\Cookies\serguei@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\Serguei\Cookies\serguei@auto.search.msn[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Serguei\Cookies\serguei@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Serguei\Cookies\serguei@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\Serguei\Cookies\serguei@m.webtrends[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\Serguei\Cookies\serguei@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Serguei\Cookies\serguei@microsoftwlmessen germkt.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Serguei\Cookies\serguei@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Skype
Path: C:\Documents and Settings\Serguei\Cookies\serguei@site.skype[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Serguei\Cookies\serguei@ssl-hints.netflame[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Serguei\Cookies\serguei@tribalfusion[2].txt
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-3864848408-3737982256-1635457840-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.32:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.33:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.36:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.40:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.41:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.42:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.43:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.44:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.65:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.66:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.67:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.68:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.69:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.70:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.71:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.96:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.97:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.98:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.99:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.100:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.103:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.104:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.126:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: :mozilla.135:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.159:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.160:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.161:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.162:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.163:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.164:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.165:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.166:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.167:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.168:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.169:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.170:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.171:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.172:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.173:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.174:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.175:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.176:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.177:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.178:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.179:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.180:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.181:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.182:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.183:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.184:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.185:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.186:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.187:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.188:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.189:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.190:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.191:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.192:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.193:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.194:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.195:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.196:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.202:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.203:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.204:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.205:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.206:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.207:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.208:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.256:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.263:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.307:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.355:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.382:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.434:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.435:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.436:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.500:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.501:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.502:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.517:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Valueclick
Path: :mozilla.622:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.632:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.633:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.634:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.635:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.688:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.698:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.700:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.701:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.702:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.703:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.704:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.705:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.706:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.707:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.708:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.709:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.710:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.711:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.712:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.713:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.714:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.715:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.716:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.717:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.718:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.719:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.720:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.721:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.733:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.742:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.743:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.744:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.745:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.746:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.747:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.748:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.751:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.774:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.787:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.837:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.856:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.857:C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\coo kies.txt
Risk: Medium

Name: Backdoor.IRCBot.bak
Path: C:\SDFix\backups\backups.zip/backups/a.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\SDFix\backups\backups.zip/backups/lo.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\SDFix\backups\backups.zip/backups/msmsgs.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\SDFix\backups\backups.zip/backups/rundll32.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0061306.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0062301.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0062347.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0062355.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0063353.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0063359.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0063371.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0063377.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064371.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064382.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064394.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064402.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064411.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064421.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064429.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0064435.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065437.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065477.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065501.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065505.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065514.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065530.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0065534.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0066530.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0067530.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0067537.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0067545.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0067546.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0067570.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0067582.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0068580.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0068631.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0068646.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0068661.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP11\A0068675.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0068706.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0068718.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0069715.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0069727.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0069739.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0070739.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0070752.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0070764.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0070771.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0070783.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0070803.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072798.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072799.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072800.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072801.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072808.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072809.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072810.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\A0072812.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0009497.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0009502.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0009503.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0009600.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0010595.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0010606.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0010639.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0010656.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0014665.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP2\A0014675.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0014682.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0018699.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0020699.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0020708.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0021710.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0021711.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0022710.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0022722.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0022723.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0022735.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP4\A0030778.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP4\A0030802.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP4\A0032830.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP4\A0032837.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP5\A0033837.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP6\A0036837.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP6\A0036843.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP6\A0037840.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP6\A0039839.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP6\A0039845.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0039943.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0039951.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0039957.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0040963.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0041966.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0043985.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0043986.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0044979.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0045989.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0046989.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0047001.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0048014.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0048019.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0049012.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0050019.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0052012.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0053012.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0053043.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0054043.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0054086.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0054101.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0054114.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0054121.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0054127.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0055121.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0055133.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0055150.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0056143.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0056144.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0057144.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0057162.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0057169.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0058169.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0058194.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0058202.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0058208.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059202.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059208.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059222.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059233.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059245.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059260.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059293.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0059301.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP8\A0060301.exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2MGD9GLY\mmdmm[1].exe
Risk: High

Name: Backdoor.IRCBot.bak
Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\arr[1].jpeg
Risk: High
Responder Con Cita
  post #5  
Antiguo 03/02/08, 22:11:20
Usuario
  
Registrado: ene 2008
Ubicación: México
Mensajes: 23
Re: Problemas con Troyano Win32/Rbot
Kaspersky!...



KASPERSKY ONLINE SCANNER REPORT
Sunday, February 03, 2008 7:58:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546472
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 51707
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 02:29:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\cer t8.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\his tory.dat Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\key 3.db Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\par ent.lock Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\sea rch.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\url classifier2.sqlite Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Mozilla\Firefox\Profiles\eieghfck.default\Cac he\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\MSHist012008020320080 204\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH19E1.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temp\IH24D.tmp Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\0RG1NIVI\bind[1].com&t=1 Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\0RG1NIVI\generic[1].swf Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\U7YXKD63\bind[1].com&t=1 Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\JH3SANBA.NQF Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mmdmm[1].exe Infected: Trojan.Win32.Agent.dth skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\mixit[1].exe Infected: Backdoor.Win32.IRCBot.bcs skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.



Muchísimas gracias de antemano.

Saludos!
Responder Con Cita
  post #6  
Antiguo 04/02/08, 00:19:37
Avatar de Sikartus
Colaborador
  
Registrado: jun 2007
Ubicación: Lima-Perú
Mensajes: 3.900
Re: Problemas con Troyano Win32/Rbot
HOLA realiza lo siguiente:


Ve a C:\Program Files\ESET\infected, elimina todo lo que este dentro de esa carpeta.

Inicias en modo seguro.

Ejecuta ATF-Cleaner
  • Dale doble clic a ATF-Cleaner
  • Marca la Casilla de "Select All."
  • Para eliminar da clic en "Empty Selected"
  • Por último, dale clic a Exit

Reinicias en modo normal y realizas un nuevo escaneo con Kaspersky online, regresas con su reporte.

Saludos
Responder Con Cita
  post #7  
Antiguo 04/02/08, 16:01:50
Usuario
  
Registrado: ene 2008
Ubicación: México
Mensajes: 23
Re: Problemas con Troyano Win32/Rbot
Hola! Aquí te pego el nuevo reporte de Karspersky. Ahora lo hizo en sustancialmente menos tiempo (la mitad) pero siguen apareciendo un trío de virus :S...

Muchas gracias de nuevo

Saludos!




KASPERSKY ONLINE SCANNER REPORT
Monday, February 04, 2008 1:47:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 547209
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 46024
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 01:05:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\MSHist012008020420080 205\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\JH3SANBA.NQF Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mmdmm[1].exe Infected: Trojan.Win32.Agent.dth skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\mixit[1].exe Infected: Backdoor.Win32.IRCBot.bcs skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Responder Con Cita
  post #8  
Antiguo 04/02/08, 23:36:02
Avatar de Sikartus
Colaborador
  
Registrado: jun 2007
Ubicación: Lima-Perú
Mensajes: 3.900
Re: Problemas con Troyano Win32/Rbot
Hola realiza los pasos de aquí y realizas un nuevo escaneo online con Kaspersky.

Saludos
Última edición por Sikartus fecha: 04/02/08 a las 23:38:05.
Responder Con Cita
  post #9  
Antiguo 06/02/08, 15:42:14
Usuario
  
Registrado: ene 2008
Ubicación: México
Mensajes: 23
Re: Problemas con Troyano Win32/Rbot
Hola! Pego el último reporte de Kaspersky, después de seguir los pasos del MSN y CC. Siguen apareciendo los mismos virus (aunque el tiempo de análisis sigue siendo menor) Empiezo a preocuparme en serio. Ojalá se pueda hacer algo.

Como siempre, muchísimas gracias por la ayuda.

Saludos




KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 06, 2008 12:25:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 550947
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 46225
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:43:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\History\History.IE5\MSHist012008020620080 207\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serguei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serguei\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\JH3SANBA.NQF Infected: Backdoor.Win32.IRCBot.bap skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP14\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3KE3LEBK\mmdmm[1].exe Infected: Trojan.Win32.Agent.dth skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\mixit[1].exe Infected: Backdoor.Win32.IRCBot.bcs skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Responder Con Cita
  post #10  
Antiguo 06/02/08, 15:51:37
Avatar de Sikartus
Colaborador
  
Registrado: jun 2007
Ubicación: Lima-Perú
Mensajes: 3.900
Re: Problemas con Troyano Win32/Rbot
Hola los elementos infectados estan en los archivos temporales de internet y otro esta en cuarentena de tu antivirus

¿Has vaciado los elementos en cuarentena como te indique?

Has realizado estos pasos:

Cita:
Originalmente publicado por Sikartus Ver Mensaje
HOLA realiza lo siguiente:


Ve a C:\Program Files\ESET\infected, elimina todo lo que este dentro de esa carpeta.

Inicias en modo seguro.

Ejecuta ATF-Cleaner
  • Dale doble clic a ATF-Cleaner
  • Marca la Casilla de "Select All."
  • Para eliminar da clic en "Empty Selected"
  • Por último, dale clic a Exit

Reinicias en modo normal y realizas un nuevo escaneo con Kaspersky online, regresas con su reporte.

Saludos

Si tienes varias sesiones de usuario ejecuta ATF-Cleaner en cada sesión de usuario, no lo olvides.

Luego realizas un nuevo escaneo con Kaspersky online y regresas.

Saludos
Responder Con Cita
Respuesta
Página 1 de 2 1 2

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
problemas con troyano win32.dialer.ri (Solucionado) COMETIN Temas Solucionados 7 19/12/06 19:12:23
Problemas con spywares y troyano llamado Parker (Solucionado) Phantom206 Temas Solucionados 9 21/01/06 16:14:43
Publicidad no deseada!! (Solucionado) anonimo14001 Temas Solucionados 6 21/12/05 22:20:17
Nescesito de sus sabios consejos Miharu_Endoh Foro de Virus y Spywares 3 19/12/05 20:07:37
ya tengo mi "log" please ayudenme jdr Foro Oficial de HijackThis en español 10 21/11/05 14:34:29




Todas las horas son GMT -4. La hora es 09:46:16.

Sobre Nosotros - Contáctanos - Privacidad - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2005 - 2010,, ForoSpyware.com
© Copyright 2004 - 2010 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31