Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola, necesito ayuda para eliminar este virus "yayyarrq.dll". Tengo instalados nod32 y sin espias, ninguno de ellos detecta nada. Hice analisis con el Panda on line y dice q se trata de un Virtumonde, pero no me da la opcion para eliminarlo. Leyendo diversos foros, llegue a correr el programa "VundoFix" el cual me detecto 7 virus, pero solo pudo eliminar 6, cuando llega a el "yayyarrq.dll" me aparece el siguiente mje:

C:\windows\system32\yayyarrq.dll could not be deleted Vundo Fix will load on reboot to attempt renoval. Please click remove Vundo once your machine has rebooted

Luego la maquina se reinicia y antes de cargar el escritorio, el Vundo Fix intenta eliminarlo, no puede, aparece de nuevo el mismo mje y vuelve a reiniciar.

Cada Vez q reinicio la pc el programa "Sin espias" libera el siguiente mje:

Sin Espias permitio q la aplicacion (Explorer.exe) registre yayyarrq.dll como ActiveX

Por favor, al q me pueda ayudar, estare muy agradecida.

Saludos

Hola loresol26, Bienvenid@

• Consejos para antes de publicar un nuevo mensaje
• Politicas de InfoSpyware

A.-Descarga y actualiza Super antispyware<Leer_manual>

B.-Descarga y actualiza Malwarebytes' Anti-Malware<Leer_manual>

C.-Descarga VundoFIX + Manual

1.-Desactiva restaurar sistema
2.-Entra en modo seguro

Nota: Ejecuta en ese orden y reinicia el PC despues de ejecutar la ultima herramienta no antes

• Ejecuta Vundo fix como indica su manual:
  • .-Haga doble clic sobre el archivo VundoFix.exe para ejecutarlo
  • .-Cuando VundoFix se ejecute, presione el botón Scan for Vundo.
  • .-Cuando VundoFix haya finalizado el análisis mostrará las infecciones encontradas
  • .-Haga clic en Fix Vundo para comenzar la desinfección.
  • .-Pulsa aceptar para culminar, No reinicies el sistema ahun.
  • .-Despues del reinicio diríjase a C:\vundofix.txt. y dejame ese reporte

• Ejecuta Malwarebytes' Anti-Malware de la siguiente manera:
  • Realiza un examen completo
  • Elimina lo que consiga con la opcion de quitar todo lo seleccionado,
  • Si te pide reiniciar No lo hagas ahun
  • Despues del reinicio abre el programa y ubica el reporte en la pestaña "Registros" ("Logs" en ingles) abrelo y pegalo aqui

• Ejecuta Super_AnitSpyware luego Reinicia en modo normal

Descarga y ejecuta esta herramienta de Microsoft windows-kb890830-v2.0 descargala deacuerdo al idioma de tu sistema

Dejame los reporte e indicame como esta tu PC porfavor

hola anleg_30, antes q nada muchisimas gracias por la velocidad de tu respuesta. estuve haciendo lo q me dijiste y creo que obtube buenos resultados

Reporte de Vundo Fix


VundoFix V7.0.6

Scan started at 15:47:00 19/07/2008

Listing files found while scanning....

C:\Windows\system32\arauxf.dll
C:\Windows\system32\bfclogtk.dll
C:\Windows\system32\dpwqiecq.dll
C:\Windows\system32\fcccbYpQ.dll
C:\Windows\system32\heflqoxy.dll
C:\Windows\system32\mmochobf.dll
C:\Windows\system32\QpYbcccf.ini
C:\Windows\system32\QpYbcccf.ini2
C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yxoqlfeh.ini

Beginning removal...

Attempting to delete C:\Windows\system32\arauxf.dll
C:\Windows\system32\arauxf.dll Has been deleted!

Attempting to delete C:\Windows\system32\bfclogtk.dll
C:\Windows\system32\bfclogtk.dll Has been deleted!

Attempting to delete C:\Windows\system32\dpwqiecq.dll
C:\Windows\system32\dpwqiecq.dll Has been deleted!

Attempting to delete C:\Windows\system32\fcccbYpQ.dll
C:\Windows\system32\fcccbYpQ.dll Has been deleted!

Attempting to delete C:\Windows\system32\heflqoxy.dll
C:\Windows\system32\heflqoxy.dll Has been deleted!

Attempting to delete C:\Windows\system32\mmochobf.dll
C:\Windows\system32\mmochobf.dll Has been deleted!

Attempting to delete C:\Windows\system32\QpYbcccf.ini
C:\Windows\system32\QpYbcccf.ini Has been deleted!

Attempting to delete C:\Windows\system32\QpYbcccf.ini2
C:\Windows\system32\QpYbcccf.ini2 Has been deleted!

Attempting to delete C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yayyArrq.dll Could not be deleted.

Attempting to delete C:\Windows\system32\yxoqlfeh.ini
C:\Windows\system32\yxoqlfeh.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yayyArrq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 16:00:40 19/07/2008

Listing files found while scanning....

C:\Windows\system32\yayyArrq.dll

Beginning removal...

Attempting to delete C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yayyArrq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yayyArrq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 16:17:02 19/07/2008

Listing files found while scanning....


VundoFix V7.0.6

Scan started at 17:36:30 19/07/2008

Listing files found while scanning....

C:\Windows\system32\iifcbAss.dll
C:\Windows\system32\qaoqvbbl.dll
C:\Windows\system32\qecrioum.dll
C:\Windows\system32\ssAbcfii.ini
C:\Windows\system32\ssAbcfii.ini2
C:\Windows\system32\xvirnlmh.dll
C:\Windows\system32\yayyArrq.dll

Beginning removal...

Attempting to delete C:\Windows\system32\iifcbAss.dll
C:\Windows\system32\iifcbAss.dll Has been deleted!

Attempting to delete C:\Windows\system32\qaoqvbbl.dll
C:\Windows\system32\qaoqvbbl.dll Has been deleted!

Attempting to delete C:\Windows\system32\qecrioum.dll
C:\Windows\system32\qecrioum.dll Has been deleted!

Attempting to delete C:\Windows\system32\ssAbcfii.ini
C:\Windows\system32\ssAbcfii.ini Has been deleted!

Attempting to delete C:\Windows\system32\ssAbcfii.ini2
C:\Windows\system32\ssAbcfii.ini2 Has been deleted!

Attempting to delete C:\Windows\system32\xvirnlmh.dll
C:\Windows\system32\xvirnlmh.dll Has been deleted!

Attempting to delete C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yayyArrq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\Windows\system32\yayyArrq.dll
C:\Windows\system32\yayyArrq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 17:53:37 19/07/2008

Listing files found while scanning....

C:\Windows\system32\yayyArrq.dll

Beginning removal...

VundoFix V7.0.6

Scan started at 20:18:51 19/07/2008

Listing files found while scanning....

No infected files were found.


Reporte Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.21
Versión de la Base de Datos: 966
Windows 5.1.2600 Service Pack 2

20:01:13 19/07/2008
mbam-log-7-19-2008 (20-01-13).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 115071
Tiempo transcurrido: 1 hour(s), 52 minute(s), 7 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 22
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 3
Carpetas Infectadas: 0
Ficheros Infectados: 10

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\yayyArrq.dll (Trojan.Vundo) -> Unloaded module successfully.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5158622e-4780-4164-be90-700f5fb902cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5158622e-4780-4164-be90-700f5fb902cc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3713f9ee-c059-4540-b697-987ef263a088} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3713f9ee-c059-4540-b697-987ef263a088} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{3713f9ee-c059-4540-b697-987ef263a088} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Inte rnet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\system32\arauxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyArrq.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\DJ70ZJBQ\3x0gj[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\DJ70ZJBQ\AV2009Install_770522 01[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Mis documentos\AV2009Install_77052201.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Mis documentos\Softaware Importante\nero vision express 3 0 1 18+esp+serial\Nero Vision Express 3.0.1.18\Ahead.NeroVision.Express.v3.0.1.18.Incl.K eygen-ORiON\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\VundoFix Backups\qecrioum.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\xvirnlmh.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM83a3787f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM83a3787f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


Creo q todo volvio a la normalidad! Muchisimas gracias.

saludos

Bién loresol26,

Al final se eliminaron todos los archivos encontrados, dime si tienes otra duda o se puede dar por solucionado el tema..¿?

Con respecto al virus virtumonde, lo damos por solucionado.
Pero te hago una consulta de pasada, el scaneo en Panda on line, me da q tengo 29 "vulnerabilidades" y por cada una, me da la opcion de bajar una actualizacion, supuestamente. Me conbiene o no, bajarme todos esos achivos?

La vulnerabilidaes que detecta el panda son simplemente actualizaciones que le faltan a tu sistema, siempre es convenuiente tener el sistema con todas sus actualizaciones, también las puede descargar desde la pagina de micrsoft update

ahh ok... muchas gracias!!

Saludos