Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Bueno, primero que todo quiero saludar a todos los del foro ya que me ha sido de muchísima ayuda en varias ocasiones y por eso les doy las gracias.. ^^

Bueno a lo que vine.. xD
Ayer, me saltó el ya conocido "antivirus XP 2008" y todo lo que este conlleva.
Bueno resulta que me puse a buscar alguna solución en el foro y me encontré este tema: Antivirus XP 2008 y Warning...(Terminado)
Bueno leí y seguí las indicaciones de maco1128 las cuales me parecieron geniales porque cuando reinicié no encontré nada en mi compu.

Entonces, para estar seguro de que todo anda bien, decidí pegar en este post los reportes generados por los programas ejecutados. Como yo no sé mucho de este tema, esperaba que alguien que si sepa me los revise y me diga si esta todo bien o no. Y si fuera que no, darme indicaciones de qué hacer.

Agradezco de antemano y espero su respuesta... A ver si me tranquilizo

Acá los reportes:

Primero el de DelPSGuard:

DelPSGuard v 4.9.8
by www.ForoSpyware.com
Reporte Creado: 0:42:44,48, 16/08/2008
SO: Microsoft Windows XP [Versi¢n 5.1.2600]
Modo de Inicio: Seguro
_________________________________________


»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

C:\WINDOWS\system32 \ntimage.gif Eliminado Malware.Bagle

»»»»»»»»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»»»»»»



»»»»»»»»»»»»»»»»»»» FIN »»»»»»»»»»»»»»»»»»»

Luego el de Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.24
Versión de la Base de Datos: 1056
Windows 5.1.2600 Service Pack 2

01:19:41 a.m. 16/08/2008
mbam-log-8-16-2008 (01-19-41).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 268045
Tiempo transcurrido: 29 minute(s), 43 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 10
Valores del Registro Infectados: 5
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 12
Ficheros Infectados: 21

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\battle.net (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\rhccnlj0erc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccnlj0erc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smrhccnlj0erc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\lphc9nlj0erc7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\Archivos de programa\rhccnlj0erc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun\HKCU\RunO nce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun\HKLM\RunO nce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun\StartMenu AllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Autorun\StartMenu CurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\rhccnlj0erc7\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\bnetunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\rhccnlj0erc7.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\rhccnlj0erc7.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhccnlj0erc7\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\jfvkcsy.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc9nlj0erc7.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc9nlj0erc7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc9nlj0erc7.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc9nlj0erc7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Escritorio\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Configuración local\Temp\CmdLineExt03.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Configuración local\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Configuración local\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Archivos de programa\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully.


Y de último el de Panda ActiveScan 2.0:

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-08-16 19:59:12
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
avast! antivirus 4.8.1229 [VPS 080816-0] 4.8.1229 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\usuario\Cookies\usuario@ad.yieldmanager[2].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\usuario\Escritorio\Spyware\Flash_Disinfec tor.exe[C:\Documents and Settings\usuario\Escritorio\Spyware\Flash_Disinfec tor.exe][nircmd.exe]
02334952 Bck/Iroffer.BR Virus/Trojan No 1 Yes No C:\Documents and Settings\usuario\Escritorio\Roberto\Videos\Alejo y Valentina\Otros\Terraco-v08.exe
02906328 Adware/Zango Adware No 0 Yes No C:\Documents and Settings\usuario\Escritorio\Roberto\Programas\Setu pblahblah.exe
02911437 W32/Lineage.IAP.worm Virus/Worm No 1 Yes No C:\xyw9tmdj.com
02912490 W32/Lineage.IBZ Virus No 1 Yes No C:\t.com
02912496 W32/Lineage.IBZ Virus No 1 Yes No C:\pa39xth.cmd
03205018 Generic Trojan Virus/Trojan No 0 Yes No C:\Archivos de programa\DelPSGuard\IED.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location -D
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description -D
;================================================= ================================================== ================================================== ==============================
184380 MEDIUM MS08-002 -D
184379 MEDIUM MS08-001 -D
182048 HIGH MS07-069 -D
182046 HIGH MS07-067 -D
182043 HIGH MS07-064 -D
179553 HIGH MS07-061 -D
170911 HIGH MS07-050 -D
157261 HIGH MS07-021 -D
150247 HIGH MS07-011 -D
145501 HIGH MS07-004 -D
133387 MEDIUM MS06-065 -D
129976 MEDIUM MS06-052 -D
123421 HIGH MS06-036 -D
120825 MEDIUM MS06-032 -D
120815 HIGH MS06-022 -D
108743 MEDIUM MS06-007 -D
;================================================= ================================================== ================================================== ==============================




Listo gracias de antemano....

Hola.

Haz esto:

• Descargate OTMoveIt2 by OldTimer lo guardas en el Escritorio.
  • Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
  • Asegurate que este marcado "Unregister Dll's and Ocx's".
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste Standar List of Files / Folders to be moved.
  Código HTML:

  C:\Documents and Settings\usuario\Escritorio\Roberto\Videos\Alejo y Valentina\Otros\Terraco-v08.exe
  C:\Documents and Settings\usuario\Escritorio\Roberto\Programas\Setupblahblah.exe
  C:\xyw9tmdj.com
  C:\t.com
  C:\pa39xth.cmd
  

  • Haz clic en MoveIt! Para lanzar la supresión.
  • Cuando el resultado aparece en el marco Results, haz clic en Exit.
  • Reinicia el PC (Este paso es muy importante)
  • Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles.
  Nota: Al terminar guarda el reporte de otmoveit, borra C:\_OtMoveIt y vacia la papelera de reciclaje.

- Pega el reporte de OtMoveIt y nos dices si se solucionó el problema.

PD; Recuerda dar por terminado este tema que aun tienes abierto: No puedo abrir discos duros ni mostrar archivos ocultos!!! T_T

Saludos.

Saludos y perdón por la demora...

Acá pego el reporte de OTMoveIt2....

C:\Documents and Settings\usuario\Escritorio\Roberto\Videos\Alejo y Valentina\Otros\Terraco-v08.exe moved successfully.
C:\Documents and Settings\usuario\Escritorio\Roberto\Programas\Setu pblahblah.exe moved successfully.
C:\xyw9tmdj.com moved successfully.
C:\t.com moved successfully.
C:\pa39xth.cmd moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09112008_202915


Y bueno a mi parecer se solucionó mi problema con el "Antivirus XP 2008"

Muchisisisismas gracias por la ayuda y de nuevo me disculpo por el atraso ^^

Pueden Cerrar el tema y ponerlo como "solucionado"

Gracias de nuevo...