Bueno ante todo gracias por la ayuda. Aca tengo los resultados:
Aca esta el reporte del malwarebyte´s:
Cita:
Malwarebytes' Anti-Malware 1.28
Versión de la Base de Datos: 1134
Windows 5.1.2600 Service Pack 3
05/10/2008 03:57:59 p.m.
mbam-log-2008-10-05 (15-57-30).txt
Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 191412
Tiempo transcurrido: 2 hour(s), 3 minute(s), 0 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 9
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 2
Ficheros Infectados: 11
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\dwpinit_dlls (Spyware.Agent.H) -> No action taken.
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.
C:\Archivos de programa\Mjcore (Trojan.BHO) -> No action taken.
Ficheros Infectados:
C:\WINDOWS\system32\nvrsol32.dll (Spyware.Agent.H) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\SAV.cpl (Rogue.SystemAntivirus2008) -> No action taken.
C:\Archivos de programa\SAV\SAV.cpl (Rogue.SystemAntivirus) -> No action taken.
C:\Archivos de programa\SAV\sav0.dat (Rogue.SystemAntivirus) -> No action taken.
C:\Archivos de programa\SAV\sav1.dat (Rogue.SystemAntivirus) -> No action taken.
C:\Archivos de programa\SAV\sav.ooo (Rogue.SystemAntivirus) -> No action taken.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken.
C:\d.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Math\Escritorio\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> No action taken. |
Aca despues de eliminar con el malware. Aca no llegue a encontrar la opcion de mover a cuarentena y eliminar, simplemente analize y desinfecte sin pasos intermedios. Aca el reporte despues de haber desinfectado:
Cita:
Malwarebytes' Anti-Malware 1.28
Versión de la Base de Datos: 1134
Windows 5.1.2600 Service Pack 3
05/10/2008 03:58:46 p.m.
mbam-log-2008-10-05 (15-58-46).txt
Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 191412
Tiempo transcurrido: 2 hour(s), 3 minute(s), 0 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 9
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 2
Ficheros Infectados: 11
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\dwpinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
Ficheros Infectados:
C:\WINDOWS\system32\nvrsol32.dll (Spyware.Agent.H) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SAV.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Archivos de programa\SAV\SAV.cpl (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Archivos de programa\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Archivos de programa\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Archivos de programa\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Math\Escritorio\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully. |
Aca el reporte del panda scan 2.0:
Cita:
;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-10-05 20:25:29
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 3
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Eset NOD32 antivirus system 2.51 2.51 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No D:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No D:\Instaladores\SDFix\SDFix.exe[D:\Instaladores\SDFix\SDFix.exe][SDFix\apps\Process.exe]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@ad.yieldmanager[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@weborama[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Math\Cookies\math@go[1].txt
03009106 W32/Xor-encoded.A Virus No 0 Yes No D:\NOD32\infected\5LVGFJAA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No D:\NOD32\infected\3ENWH5CA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No D:\NOD32\infected\VO1UT2BA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No D:\NOD32\infected\SQQUJ0CA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No D:\NOD32\infected\NECFAVAA.NQF
03275716 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No D:\RECYCLER\S-1-5-21-839522115-261478967-1801674531-1003\Dd2\Star, pruebas\loader.zip[loader.exe]
03275716 Bck/Hupigon.AZG Virus/Trojan No 1 No No D:\RECYCLER\S-1-5-21-839522115-261478967-1801674531-1003\Dd2\Star, pruebas\SCBW_v111b.rar[SCBW_v111b.exe]
03275716 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No D:\RECYCLER\S-1-5-21-839522115-261478967-1801674531-1003\Dd2\Star, pruebas\SCBW_v111b\SCBW_v111b.exe
03491464 W32/Patched.D Virus Yes 0 Yes No C:\WINDOWS\system32\USER32.dll
03491464 W32/Patched.D Virus No 0 Yes No C:\WINDOWS\system32\dllcache\user32.dll
03548669 Adware/RogueAntimalware2008 Adware No 0 No No C:\Documents and Settings\Math\Configuración local\Temp\a.exe[C:\Documents and Settings\Math\Configuraci├│n local\Temp\a.exe][SAV.cpl]
03738576 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\Math\Configuración local\Temp\a.exe[C:\Documents and Settings\Math\Configuraci├│n local\Temp\a.exe][sav1.dat]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No D:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
03738686 Generic Malware Virus/Trojan No 0 No No D:\Instaladores\SDFix\SDFix.exe[D:\Instaladores\SDFix\SDFix.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No D:\Instaladores\SDFix\SDFix.exe[D:\Instaladores\SDFix\SDFix.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No D:\SDFix\catchme.exe
03764340 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No C:\Documents and Settings\All Users\Documentos\ukgspa.exe
03764340 W32/Sohanat.AS.worm Virus/Worm No 1 Yes No D:\Proyecto\ukgspa.exe
03790381 Generic Trojan Virus/Trojan No 0 Yes No C:\nleqgoa.exe
03790381 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Math\Configuración local\Archivos temporales de Internet\Content.IE5\UIJUWOA5\burrsstgu[1].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No C:\ccuylcp.exe
No C:\Documents and Settings\Math\Configuración local\Archivos temporales de Internet\Content.IE5\WA712559\cmijwkxllm[1].htm
No C:\WINDOWS\system32\paso.el
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ============================== |
Con el panda tuve algunos problemas, ya que al tratar de desinfectar los virus que me dijo que encontro, algunas veces se activo el AMON (o sea, el nod32 me dijo que prohibio un intento del firefox 3 de acceder al archivo), que es el modulo del nod32 para proteccion contra internet, pero creo que eran archivos propios del nod 32.
Fuera de este tema, el panda me dijo, al terminar la desinfeccion ( lo pongo con texto, ya que no hay un log propio de panda aparentemente):
Cita:
Peligrosidad media (2)
W32/Sohanat.AS... Virus Latente Desinfectado
Bck/Hupigon.AZ... Virus Latente No desinfectable
Peligrosidad baja (5)
Generic Malwar... Virus Latente No desinfectable
Generic Trojan Virus Latente Desinfectado
W32/Patched.D Virus Activo Desinfectado
Generic Trojan Virus Latente No desinfectable
W32/Xor-encode... Virus Latente Desinfectado
|
Y despues algunas cookies sospechosas y archivos sospechosos tambien