Vundo y otros: no los elimino con malwarebytes

Buscar

		Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Foro Oficial de HijackThis en español
Vundo y otros: no los elimino con malwarebytes

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog

Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis.

Página 1 de 2

Enviar a:

Herramientas

post #1

31/10/08, 10:17:05

luis-hito

Usuario

Registrado: oct 2008

Ubicación: Valencia

Mensajes: 6

Vundo y otros: no los elimino con malwarebytes

Hola, Malwarebytes me detecta 54 infecciones que no consigue eliminar. NOD32,
superantispyware free, spybot SD y vundofix NO detectan nada (todos actualizados). Ocasionalmente se abren nuevas pestañas en Mozilla Firefox de una web antivirus (que no ejecuto), afortunadamente hace dias que no aparece pero malwarebytes insiste en las 54 infecciones; el resto de PC funciona bien.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:36, on 31/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6498 bytes

InfoSpyware

post #2

01/11/08, 12:25:10

NeoByte

Moderador Gral.

Registrado: ene 2005

Ubicación: España

Mensajes: 8.585

Re: Vundo y otros: no los elimino con malwarebytes

Hola luis-hito,Bienvenido a Infospyware.com.

Descarga,Instala y/o actualiza estos programas en el escritorio,pero no los ejecutes aun.

Paso 1-

ATF-Cleaner
SUPERAntiSpyware Lo actualizas.
MalwareByte's Antimalware Lo actualizas.
CCleaner

Paso 2-

Reinicia eh inicia en "Modo a prueba de fallos" (modo seguro)

Ves a Inicio > Ejecutar,y escribes: %TEMP% - cuando se te abra la carpeta, borra todos los archivos que aparezcan en ella, pero NO borres la carpeta TEMP sólo su contenido.

Ejecuta a continuación el ATF-Cleaner en las pestañas superiores eliges tú navegador, marcas la opción "Select All" y a continuación, pulsa sobre el botón "Empty Selected".

Paso 3-

Con todos los programas cerrados, ejecuta HijackThis y dale

a las siguientes entradas:

O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

Paso 4-

Ejecuta estas herramientas, de a una y por este orden:

SUPERAntiSpyware
Malwarebytes' Anti-Malware

a) En la pestaña Escáner,marcas Realizar un Exámen Completo.
b) Con la opción de "quitar lo encontrado" lo mandas todo a la cuarentena y reinicia.
c) En la pestaña "Logs" o "Registros" en español,encontrarás el reporte del MBAM, lo copias y lo pones aquí para analizarlo.

Paso 5-

Pasa el CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Paso 6-

Reinicia y en modo normal y nos dejas los reportes de:

HijackThis
Malwarebytes' Anti-Malware

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

post #3

02/11/08, 09:35:04

luis-hito

Usuario

Registrado: oct 2008

Ubicación: Valencia

Mensajes: 6

Re: Vundo y otros: no los elimino con malwarebytes

NO está solucionado. Te envio los informes en modo seguro (sin conexion a red) que dicen que se ha eliminado. Pero al volver al modo normal, MBAM informa de las mismas 54 infecciones.

MODO SEGURO: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5822 bytes

MODO SEGURO:Malwarebytes' Anti-Malware 1.30
Versión de la Base de Datos: 1355
Windows 6.0.6001 Service Pack 1

02/11/2008 12:43:11
mbam-log-2008-11-02 (12-43-11).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 118031
Tiempo transcurrido: 22 minute(s), 14 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Avenger\beifpber.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

---------------y ahora los informes tras la limpieza--------------

MODO NORMAL:Malwarebytes' Anti-Malware 1.30
Versión de la Base de Datos: 1355
Windows 6.0.6001 Service Pack 1

02/11/2008 13:03:57
mbam-log-2008-11-02 (13-03-57).txt

Tipo de examen : Examen Rápido
Objetos examinados: 39811
Tiempo transcurrido: 2 minute(s), 25 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 53

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\da92b38d (Trojan.Vundo) -> Delete on reboot.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot.
C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> Delete on reboot.

MODO NORMAL: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5822 bytes

post #4

02/11/08, 12:11:39

NeoByte

Moderador Gral.

Registrado: ene 2005

Ubicación: España

Mensajes: 8.585

Re: Vundo y otros: no los elimino con malwarebytes

Hola luis-hito

Que no cunda la desesperación...

Cita:

MODO NORMAL: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

El reporte del hjk. esta en modo seguro,hay que reiniciar y pasarlo después.

Y el MBAM ya hizo su trabajo al reiniciar.

Limpia el registro con el Ccleaner y pasa el Combo en Modo Normal.

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Cita:

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje,y nos cuentas como te va.

post #5

02/11/08, 13:19:32

luis-hito

Usuario

Registrado: oct 2008

Ubicación: Valencia

Mensajes: 6

Re: Vundo y otros: no los elimino con malwarebytes

Hola de nuevo, he vuelto a aplicar todos los pasos desde el principio, corrigiendo mis errores. Ah! gracias.
Aqui va el combo:
ComboFix 08-11-01.06 - lg 2008-11-02 17:56:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.3082.18.1376 [GMT 1:00]
Se ejecuta desde: C:\Users\lg\Desktop\ComboFix.exe
.

(((((((((((((((((( Archivos creados desde 2008-10-02 - 2008-11-02 )))))))))))))))))))))))))))))))))
.

2008-10-31 23:42 . 2008-10-31 23:42 0 --ah----- C:\ntuser.dat.LOG2
2008-10-31 23:42 . 2008-10-31 23:42 0 --ah----- C:\ntuser.dat.LOG1
2008-10-31 23:42 . 2008-10-31 23:42 0 --a------ C:\ntuser.dat
2008-10-31 11:38 . 2008-10-31 11:38 <DIR> d-------- C:\Users\lg\AppData\Roaming\SUPERAntiSpyware.com
2008-10-31 11:38 . 2008-10-31 11:38 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-31 11:38 . 2008-10-31 11:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-31 11:38 . 2008-10-31 11:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-31 11:09 . 2008-10-31 11:09 <DIR> d-------- C:\VundoFix Backups
2008-10-29 17:37 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-29 17:37 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-29 17:37 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-29 17:37 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-29 17:37 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-28 19:03 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 19:03 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 19:03 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-27 17:00 . 2008-10-27 17:00 <DIR> d-------- C:\Users\lg\AppData\Roaming\Malwarebytes
2008-10-27 17:00 . 2008-10-27 17:00 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-27 17:00 . 2008-10-28 18:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 17:00 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-27 17:00 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-25 13:55 . 2008-10-25 13:55 <DIR> d-------- C:\Users\lg\AppData\Roaming\OpenOffice.org
2008-10-25 13:39 . 2008-10-25 13:39 <DIR> d-------- C:\Program Files\OpenOffice.org 3
2008-10-25 13:39 . 2008-10-25 13:39 <DIR> d-------- C:\Program Files\JRE
2008-10-23 21:43 . 2008-10-31 22:52 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-23 21:43 . 2008-10-23 21:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-23 17:58 . 2008-10-23 17:59 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-23 16:51 . 2008-10-23 16:51 <DIR> d-------- C:\Users\lg\AppData\Roaming\URSoft
2008-10-23 16:51 . 2008-11-02 11:23 <DIR> d-a------ C:\ProgramData\TEMP
2008-10-23 16:51 . 2008-10-23 16:52 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-10-23 16:48 . 2008-10-31 16:31 <DIR> d-------- C:\Users\lg\AppData\Roaming\XnView
2008-10-23 16:47 . 2008-10-23 16:47 <DIR> d-------- C:\Program Files\XnView_captura pantallas
2008-10-22 20:18 . 2008-10-22 20:19 69 --a------ C:\Windows\NeroDigital.ini
2008-10-22 20:15 . 2008-10-22 20:16 <DIR> d-------- C:\Program Files\VirtualDub-1.8.6
2008-10-22 17:30 . 2008-10-22 19:30 <DIR> d-------- C:\Program Files\AviSplit classic
2008-10-21 21:58 . 2008-10-21 21:58 <DIR> d-------- C:\Windows\WinAVI Video Converter 9.0
2008-10-21 21:58 . 2008-10-21 21:58 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-10-21 21:44 . 2008-10-21 21:44 <DIR> d-------- C:\Users\lg\AppData\Roaming\FastStone
2008-10-19 07:57 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-19 07:57 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-19 07:57 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-19 07:57 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-19 07:57 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-19 07:57 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 16:32 . 2008-10-14 16:32 <DIR> d-------- C:\My Music
2008-10-14 16:32 . 2008-10-14 16:32 24,576 --a------ C:\Windows\System32\prefscpl.cpl
2008-10-14 16:31 . 2008-10-14 16:31 <DIR> d-------- C:\Windows\aim95
2008-10-14 16:31 . 2008-10-14 16:31 <DIR> d-------- C:\Program Files\Netscape
2008-10-14 16:31 . 2001-06-25 04:55 634,090 --a------ C:\Windows\cd32.exe
2008-10-14 16:31 . 2001-05-16 16:09 493,589 --a------ C:\Windows\patches.hsb
2008-10-14 16:31 . 2006-11-02 10:46 66,560 --a------ C:\Windows\System32\mapi32bak.dll
2008-10-14 16:31 . 2001-06-25 01:23 61,952 --a------ C:\Windows\System32\nabapi32.dll
2008-10-14 16:30 . 1997-04-08 19:08 299,520 --a------ C:\Windows\uninst.exe
2008-10-14 16:29 . 2008-10-14 16:29 <DIR> d-------- C:\Program Files\Endocrinology_Principles and Practice
2008-10-14 16:29 . 2008-10-14 16:28 286,720 --a------ C:\Windows\iun502.exe
2008-10-07 20:54 . 2008-10-07 20:54 <DIR> d-------- C:\Program Files\Foxit Software
2008-10-04 15:51 . 2008-10-04 15:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-04 09:39 . 2008-10-04 09:39 <DIR> d-------- C:\ProgramData\NOS
2008-10-04 09:39 . 2008-10-04 09:39 <DIR> d-------- C:\Program Files\NOS
2008-10-04 08:49 . 2008-10-04 08:49 <DIR> d-------- C:\Users\lg\AppData\Roaming\PDFCreator
2008-10-03 08:45 . 2008-10-03 08:45 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-10-03 08:45 . 2008-10-03 08:45 253,116 --a------ C:\Windows\PDFCreator_Toolbar_Uninstaller_6583.exe
2008-10-03 08:44 . 2008-10-03 08:45 <DIR> d-------- C:\Program Files\PDFCreator
2008-10-03 08:44 . 2004-03-08 23:00 662,288 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-10-03 08:44 . 2005-10-15 11:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
2008-10-03 08:44 . 1998-06-23 23:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
2008-10-03 08:44 . 1998-07-05 23:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-10-25 12:38 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-10-25 12:31 --------- d-----w C:\Users\lg\AppData\Roaming\OpenOffice.org2
2008-10-22 20:55 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-21 19:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-19 09:24 --------- d-----w C:\Program Files\Windows Mail
2008-10-14 15:32 --------- d-----w C:\Program Files\Common Files\Real
2008-10-12 17:54 --------- d-----w C:\Users\lg\AppData\Roaming\Skype
2008-10-12 16:59 --------- d-----w C:\Users\lg\AppData\Roaming\skypePM
2008-09-20 07:16 --------- d-----w C:\Program Files\CCleaner
2008-09-19 13:40 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-09-19 13:37 --------- d-----w C:\ProgramData\Skype
2008-09-19 13:37 --------- d-----w C:\Program Files\Skype
2008-09-19 13:37 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-19 08:47 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-09-18 16:19 174 --sha-w C:\Program Files\desktop.ini
2008-09-18 16:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-18 16:09 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-18 16:09 --------- d-----w C:\Program Files\Windows Journal
2008-09-18 16:09 --------- d-----w C:\Program Files\Windows Defender
2008-09-18 16:09 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-18 16:09 --------- d-----w C:\Program Files\Windows Calendar
2008-09-18 14:55 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-18 14:55 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-17 17:49 --------- d-----w C:\Users\lg\AppData\Roaming\vlc
2008-09-17 17:48 --------- d-----w C:\Program Files\VideoLAN
2008-09-14 18:43 --------- d-----w C:\Program Files\Nero
2008-09-13 16:01 --------- d-----w C:\Users\lg\AppData\Roaming\Nero
2008-09-13 15:31 --------- d-----w C:\ProgramData\Nero
2008-09-13 15:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-13 13:18 --------- d-----w C:\Program Files\Java
2008-09-13 13:14 --------- d-----w C:\Program Files\readmes
2008-09-13 13:14 --------- d-----w C:\Program Files\licenses
2008-09-11 15:20 --------- d-----w C:\Users\lg\AppData\Roaming\ESET
2008-09-11 15:18 --------- d-----w C:\ProgramData\ESET
2008-09-11 15:18 --------- d-----w C:\Program Files\ESET
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-17 07:40 27,050 ----a-w C:\Users\lg\AppData\Roaming\nvModes.dat
2008-05-29 20:56 37,375 ----a-w C:\Program Files\openoffice.org-xsltfilter.cab
2008-05-29 20:56 207,388 ----a-w C:\Program Files\openoffice.org-testtool.cab
2008-05-29 20:56 2,616,788 ----a-w C:\Program Files\openoffice.org-writer.cab
2008-05-29 20:56 2,504,975 ----a-w C:\Program Files\openoffice.org-pyuno.cab
2008-05-29 20:55 86,870 ----a-w C:\Program Files\openoffice.org-graphicfilter.cab
2008-05-29 20:55 52,112 ----a-w C:\Program Files\openoffice.org-onlineupdate.cab
2008-05-29 20:55 4,121,645 ----a-w C:\Program Files\openoffice.org-core07.cab
2008-05-29 20:55 305,076 ----a-w C:\Program Files\openoffice.org-core08.cab
2008-05-29 20:55 28,873,096 ----a-w C:\Program Files\openoffice.org-core06.cab
2008-05-29 20:55 2,769 ----a-w C:\Program Files\openoffice.org-emailmerge.cab
2008-05-29 20:55 2,031,954 ----a-w C:\Program Files\openoffice.org-core09.cab
2008-05-29 20:55 118,910 ----a-w C:\Program Files\openoffice.org-javafilter.cab
2008-05-29 20:55 1,349,587 ----a-w C:\Program Files\openoffice.org-impress.cab
2008-05-29 20:55 1,168,056 ----a-w C:\Program Files\openoffice.org-math.cab
2008-05-29 20:55 1,004,509 ----a-w C:\Program Files\openoffice.org-draw.cab
2008-05-29 20:51 18,634,513 ----a-w C:\Program Files\openoffice.org-core05.cab
2008-05-29 20:50 16,503,595 ----a-w C:\Program Files\openoffice.org-core04.cab
2008-05-29 20:49 9,117,929 ----a-w C:\Program Files\openoffice.org-core03.cab
2008-05-29 20:48 4,825,351 ----a-w C:\Program Files\openoffice.org-calc.cab
2008-05-29 20:48 3,861,032 ----a-w C:\Program Files\openoffice.org-core02.cab
2008-05-29 20:48 15,103,386 ----a-w C:\Program Files\openoffice.org-core01.cab
2008-05-29 20:47 43,005 ----a-w C:\Program Files\openoffice.org-activex.cab
2008-05-29 20:47 4,376,576 ----a-w C:\Program Files\openofficeorg24.msi
2008-05-29 20:47 217 ----a-w C:\Program Files\setup.ini
2008-05-29 20:47 1,881,464 ----a-w C:\Program Files\openoffice.org-base.cab
2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\giljabistart.exe" [2008-06-21 247088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"MGSysCtrl"="C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-07-06 565248]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 227840]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-29 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 C:\Windows\RtHDVCpl.exe]

C:\Users\lg\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-16 12:24 167368 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-18 05:01 8466432 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-07-18 05:01 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-07-18 05:01 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-10-14 16:32 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 16:13 21741864 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-06-15 08:45 1826816 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{01BE52F7-B5A0-4E49-831C-58A4D999D46B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{971DAAEB-B313-4BB6-AFC9-63691BD738CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0A756F26-EF01-4268-A90D-880837D3C16F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:uTorrent
"{7D6170B5-1B67-4657-A881-29112EF6991F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:uTorrent
"{F66BED22-F7C6-4A01-91D7-B2E29412C7D2}"= UDP:15919:torrent
"TCP Query User{940A4EA2-DEB4-434C-83BE-BB3345EAD9AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{4E478FCE-C801-4862-A97C-4A09DE0B4B2A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{B5021DC5-5D86-44EC-9A37-70B929C07897}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{1E97B377-0794-40B1-93B6-3A4712BFE267}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{3ECB4558-E52C-4DCC-9907-DC53A78D642B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EEC14E04-69B0-4BD6-A9FF-18B5EA4C3413}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4454BB57-498B-424C-880E-3C990688994D}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2medi a.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.s ys [2007-04-02 35712]
R2 NishService;Evil Driver Daemon;C:\Program Files\LG Software\System Control Manager\edd.exe [2006-03-02 40960]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHw Ctrl.sys [2006-07-03 9088]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6f5d7ecc-46bd-11dd-b0ce-00030d000001}]
\shell\AutoRun\command - E:\autorun_PES2008.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - HUÉRFANOS ELIMINADOS - - - -

HKCU-Run-Power2GoExpress - (no file)
MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

.
------- Análisis Suplementario -------
.
FireFox -: Profile - C:\Users\lg\AppData\Roaming\Mozilla\Firefox\Profil es\pzivud0f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.elpais.com/|http://www.google.es/ig
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npaudi o.dll
FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npavi3 2.dll
FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npbeat nk.dll
FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npnul3 2.dll
FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\nppl32 60.dll
FF -: plugin - C:\Program Files\Netscape\Communicator\Program\Plugins\npswf3 2.dll
FF -: plugin - C:\Users\lg\AppData\Roaming\Mozilla\Firefox\Profil es\pzivud0f.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 17:59:04
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-11-02 18:00:13
ComboFix-quarantined-files.txt 2008-11-02 17:00:06

Pre-Run: 132.899.778.560 bytes libres
Post-Run: 132,864,528,384 bytes libres

267 --- E O F --- 2008-10-30 19:11:55

post #6

03/11/08, 10:11:55

NeoByte

Moderador Gral.

Registrado: ene 2005

Ubicación: España

Mensajes: 8.585

Re: Vundo y otros: no los elimino con malwarebytes

Hola luis-hito

En el reporte no se ve nada sospecho,pero dinos como va el pc. para dar por terminado el tema.

post #7

03/11/08, 14:35:11

luis-hito

Usuario

Registrado: oct 2008

Ubicación: Valencia

Mensajes: 6

Re: Vundo y otros: no los elimino con malwarebytes

Hola, ahora el PC funciona bien (no aparecen pestañas no solicitadas en el navegador, mozilla firefox), pero Malwarebytes' Anti-Malware sigue informando de 54 infecciones (vundo y otras), informa siempre igual. Y en hijackthis sigue apareciendo una entrada que se debía haber borrado pero ahí sigue (O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b). ¿Estoy infectado o es un falso diagnostico de infeccion por Vundo?. Saludos y gracias de nuevo. Te envio los dos informes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:43, on 03/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6222 bytes

**********************************

Malwarebytes' Anti-Malware 1.30
Versión de la Base de Datos: 1355
Windows 6.0.6001 Service Pack 1

03/11/2008 18:54:33
mbam-log-2008-11-03 (18-54-33).txt

Tipo de examen : Examen Rápido
Objetos examinados: 39966
Tiempo transcurrido: 2 minute(s), 40 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 53

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\da92b38d (Trojan.Vundo) -> Delete on reboot.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.

post #8

09/11/08, 04:47:27

NeoByte

Moderador Gral.

Registrado: ene 2005

Ubicación: España

Mensajes: 8.585

Re: Vundo y otros: no los elimino con malwarebytes

Hola

Descarga,Instala y/o actualiza estos programas en el escritorio,pero no los ejecutes aun.

Dr. Web Cure

Reinicia eh inicia en "Modo a prueba de fallos" (modo seguro)

Con todos los programas cerrados, ejecuta HijackThis y dale

a las siguientes entradas:

O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b

Ejecuta ahora el Dr. Web Cure

Reinicias,nos cuentas como te va y pon un nuevo reporte del hjk.

post #9

09/11/08, 13:09:05

luis-hito

Usuario

Registrado: oct 2008

Ubicación: Valencia

Mensajes: 6

Re: Vundo y otros: no los elimino con malwarebytes

Hola, no se ha borrado la entrada. Los informes de hjk y las infecciones mbam siguen igual. Estoy pensando en formatear, pero ¿borraré el trojano vundo o se quedará en el disco de arranque?, ¿como formatear para eliminarlo por completo?.
Aqui van los 2 informes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:36, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [da92b38d] rundll32.exe "C:\Users\lg\AppData\Local\Temp\beifpber.dll", b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6691 bytes

***************************

Malwarebytes' Anti-Malware 1.30
Versión de la Base de Datos: 1376
Windows 6.0.6001 Service Pack 1

09/11/2008 16:02:22
mbam-log-2008-11-09 (16-02-22).txt

Tipo de examen : Examen Rápido
Objetos examinados: 40350
Tiempo transcurrido: 3 minute(s), 26 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 56

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\da92b38d (Trojan.Vundo) -> Delete on reboot.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.
C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Secret.fold (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.
C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> Delete on reboot.
C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot.
C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\procgdwh32.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\procgdsj32.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> Delete on reboot.
C:\Users\Default\Application Data\srcss.exe (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Application Data\shellex.dll (Rogue.SpyProtector) -> Delete on reboot.
C:\Users\Default\Application Data\install.exe (Rogue.SpyProtector) -> Delete on reboot.

post #10

09/11/08, 16:31:33

NeoByte

Moderador Gral.

Registrado: ene 2005

Ubicación: España

Mensajes: 8.585

Re: Vundo y otros: no los elimino con malwarebytes

Hola luis-hito

Limpia el registro con el Ccleaner y pasa el Combo en Modo Normal.

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Cita:

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje,y nos cuentas como te va.

Pasas a continuación el Kaspersky Online para dejarnos su reporte.

Página 1 de 2

« Tema Anterior | Próximo Tema »

Herramientas
Mostrar Versión Imprimible Enviar por Correo

Reglas del foro
No puedes crear nuevos temas No puedes responder temas No puedes subir adjuntos No puedes editar tus mensajes BB code is activado Las caritas están activado Código [IMG] está activado Código HTML está desactivado Trackbacks are desactivado Pingbacks are activado Refbacks are activado Políticas del foro

Temas Similares

Tema	Autor	Foro	Respuestas	Último mensaje
Windows Vista en mi opinion	-:Marthe:-	Windows Vista	138	08/07/09 13:15:03
No se q pasa con mi PC	nicoduran	Ayuda General	48	24/08/08 21:37:24
Problemas con Vundo y otros	jocoso69	Foro Oficial de HijackThis en español	4	24/02/08 22:36:20
tenco un problema con la bara de tarea (solucionado)	mohadip	Temas Solucionados	9	04/12/05 21:02:32
Hola les agradecere me brinden su ayuda	valfrev	Foro Oficial de HijackThis en español	20	17/08/05 14:14:06

Todas las horas son GMT -4. La hora es 21:36:49.

InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus